Warning: Permanently added '[localhost]:8592' (ECDSA) to the list of known hosts. 2025/08/29 10:45:01 fuzzer started 2025/08/29 10:45:01 dialing manager at localhost:43077 syzkaller login: [ 51.335828] cgroup: Unknown subsys name 'net' [ 51.399287] cgroup: Unknown subsys name 'cpuset' [ 51.418729] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:45:11 syscalls: 2214 2025/08/29 10:45:11 code coverage: enabled 2025/08/29 10:45:11 comparison tracing: enabled 2025/08/29 10:45:11 extra coverage: enabled 2025/08/29 10:45:11 setuid sandbox: enabled 2025/08/29 10:45:11 namespace sandbox: enabled 2025/08/29 10:45:11 Android sandbox: enabled 2025/08/29 10:45:11 fault injection: enabled 2025/08/29 10:45:11 leak checking: enabled 2025/08/29 10:45:11 net packet injection: enabled 2025/08/29 10:45:11 net device setup: enabled 2025/08/29 10:45:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:45:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:45:11 USB emulation: enabled 2025/08/29 10:45:11 hci packet injection: enabled 2025/08/29 10:45:11 wifi device emulation: enabled 2025/08/29 10:45:11 802.15.4 emulation: enabled 2025/08/29 10:45:11 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:45:11 fetching corpus: 50, signal 16727/20341 (executing program) 2025/08/29 10:45:12 fetching corpus: 100, signal 37574/42286 (executing program) 2025/08/29 10:45:12 fetching corpus: 150, signal 42244/48278 (executing program) 2025/08/29 10:45:12 fetching corpus: 200, signal 50785/57793 (executing program) 2025/08/29 10:45:12 fetching corpus: 250, signal 56005/64115 (executing program) 2025/08/29 10:45:12 fetching corpus: 300, signal 59416/68607 (executing program) 2025/08/29 10:45:12 fetching corpus: 350, signal 64101/74272 (executing program) 2025/08/29 10:45:12 fetching corpus: 400, signal 67726/78754 (executing program) 2025/08/29 10:45:12 fetching corpus: 450, signal 72476/84243 (executing program) 2025/08/29 10:45:12 fetching corpus: 500, signal 76118/88657 (executing program) 2025/08/29 10:45:12 fetching corpus: 550, signal 79215/92496 (executing program) 2025/08/29 10:45:13 fetching corpus: 600, signal 82092/96100 (executing program) 2025/08/29 10:45:13 fetching corpus: 650, signal 84751/99390 (executing program) 2025/08/29 10:45:13 fetching corpus: 700, signal 87561/102742 (executing program) 2025/08/29 10:45:13 fetching corpus: 750, signal 89781/105559 (executing program) 2025/08/29 10:45:13 fetching corpus: 800, signal 91380/107838 (executing program) 2025/08/29 10:45:13 fetching corpus: 850, signal 92985/110086 (executing program) 2025/08/29 10:45:13 fetching corpus: 900, signal 96201/113667 (executing program) 2025/08/29 10:45:13 fetching corpus: 950, signal 97286/115423 (executing program) 2025/08/29 10:45:13 fetching corpus: 1000, signal 99086/117766 (executing program) 2025/08/29 10:45:14 fetching corpus: 1050, signal 101414/120385 (executing program) 2025/08/29 10:45:14 fetching corpus: 1100, signal 102095/121782 (executing program) 2025/08/29 10:45:14 fetching corpus: 1150, signal 103988/124035 (executing program) 2025/08/29 10:45:14 fetching corpus: 1200, signal 106143/126430 (executing program) 2025/08/29 10:45:14 fetching corpus: 1250, signal 107307/128072 (executing program) 2025/08/29 10:45:14 fetching corpus: 1300, signal 108393/129581 (executing program) 2025/08/29 10:45:14 fetching corpus: 1350, signal 109613/131237 (executing program) 2025/08/29 10:45:14 fetching corpus: 1400, signal 111522/133325 (executing program) 2025/08/29 10:45:14 fetching corpus: 1450, signal 113183/135104 (executing program) 2025/08/29 10:45:14 fetching corpus: 1500, signal 113764/136194 (executing program) 2025/08/29 10:45:14 fetching corpus: 1550, signal 114695/137542 (executing program) 2025/08/29 10:45:14 fetching corpus: 1600, signal 115911/139012 (executing program) 2025/08/29 10:45:15 fetching corpus: 1650, signal 116977/140400 (executing program) 2025/08/29 10:45:15 fetching corpus: 1700, signal 118173/141812 (executing program) 2025/08/29 10:45:15 fetching corpus: 1750, signal 119018/142974 (executing program) 2025/08/29 10:45:15 fetching corpus: 1800, signal 119993/144203 (executing program) 2025/08/29 10:45:15 fetching corpus: 1850, signal 120986/145413 (executing program) 2025/08/29 10:45:15 fetching corpus: 1900, signal 122058/146694 (executing program) 2025/08/29 10:45:15 fetching corpus: 1950, signal 122605/147645 (executing program) 2025/08/29 10:45:15 fetching corpus: 2000, signal 123457/148732 (executing program) 2025/08/29 10:45:15 fetching corpus: 2050, signal 124726/150041 (executing program) 2025/08/29 10:45:15 fetching corpus: 2100, signal 125593/151075 (executing program) 2025/08/29 10:45:16 fetching corpus: 2150, signal 126356/152084 (executing program) 2025/08/29 10:45:16 fetching corpus: 2200, signal 126862/152928 (executing program) 2025/08/29 10:45:16 fetching corpus: 2250, signal 127476/153814 (executing program) 2025/08/29 10:45:16 fetching corpus: 2300, signal 128306/154802 (executing program) 2025/08/29 10:45:16 fetching corpus: 2350, signal 129167/155742 (executing program) 2025/08/29 10:45:16 fetching corpus: 2400, signal 130029/156683 (executing program) 2025/08/29 10:45:16 fetching corpus: 2450, signal 131031/157689 (executing program) 2025/08/29 10:45:16 fetching corpus: 2500, signal 131984/158615 (executing program) 2025/08/29 10:45:16 fetching corpus: 2550, signal 132768/159431 (executing program) 2025/08/29 10:45:16 fetching corpus: 2600, signal 133313/160169 (executing program) 2025/08/29 10:45:16 fetching corpus: 2650, signal 134167/161008 (executing program) 2025/08/29 10:45:17 fetching corpus: 2700, signal 135697/162053 (executing program) 2025/08/29 10:45:17 fetching corpus: 2750, signal 136478/162855 (executing program) 2025/08/29 10:45:17 fetching corpus: 2800, signal 137058/163557 (executing program) 2025/08/29 10:45:17 fetching corpus: 2850, signal 138001/164350 (executing program) 2025/08/29 10:45:17 fetching corpus: 2900, signal 138831/165082 (executing program) 2025/08/29 10:45:17 fetching corpus: 2950, signal 139837/165919 (executing program) 2025/08/29 10:45:17 fetching corpus: 3000, signal 140398/166523 (executing program) 2025/08/29 10:45:17 fetching corpus: 3050, signal 141217/167191 (executing program) 2025/08/29 10:45:17 fetching corpus: 3100, signal 142053/167884 (executing program) 2025/08/29 10:45:17 fetching corpus: 3150, signal 142610/168451 (executing program) 2025/08/29 10:45:18 fetching corpus: 3200, signal 143216/169011 (executing program) 2025/08/29 10:45:18 fetching corpus: 3250, signal 143797/169533 (executing program) 2025/08/29 10:45:18 fetching corpus: 3300, signal 144371/170089 (executing program) 2025/08/29 10:45:18 fetching corpus: 3350, signal 144886/170604 (executing program) 2025/08/29 10:45:18 fetching corpus: 3400, signal 145717/171171 (executing program) 2025/08/29 10:45:18 fetching corpus: 3450, signal 146371/171632 (executing program) 2025/08/29 10:45:18 fetching corpus: 3500, signal 146781/172120 (executing program) 2025/08/29 10:45:18 fetching corpus: 3550, signal 147316/172602 (executing program) 2025/08/29 10:45:18 fetching corpus: 3600, signal 147954/173104 (executing program) 2025/08/29 10:45:18 fetching corpus: 3650, signal 148845/173656 (executing program) 2025/08/29 10:45:19 fetching corpus: 3700, signal 149375/174072 (executing program) 2025/08/29 10:45:19 fetching corpus: 3750, signal 149743/174448 (executing program) 2025/08/29 10:45:19 fetching corpus: 3800, signal 150103/174804 (executing program) 2025/08/29 10:45:19 fetching corpus: 3850, signal 150576/175191 (executing program) 2025/08/29 10:45:19 fetching corpus: 3900, signal 150951/175531 (executing program) 2025/08/29 10:45:19 fetching corpus: 3950, signal 151399/175917 (executing program) 2025/08/29 10:45:19 fetching corpus: 4000, signal 151813/176269 (executing program) 2025/08/29 10:45:19 fetching corpus: 4050, signal 152341/176605 (executing program) 2025/08/29 10:45:19 fetching corpus: 4100, signal 153035/176949 (executing program) 2025/08/29 10:45:19 fetching corpus: 4150, signal 153563/177280 (executing program) 2025/08/29 10:45:19 fetching corpus: 4200, signal 153828/177569 (executing program) 2025/08/29 10:45:20 fetching corpus: 4250, signal 154438/177882 (executing program) 2025/08/29 10:45:20 fetching corpus: 4300, signal 155052/177986 (executing program) 2025/08/29 10:45:20 fetching corpus: 4350, signal 155765/178111 (executing program) 2025/08/29 10:45:20 fetching corpus: 4400, signal 156178/178134 (executing program) 2025/08/29 10:45:20 fetching corpus: 4450, signal 156518/178155 (executing program) 2025/08/29 10:45:20 fetching corpus: 4500, signal 156903/178156 (executing program) 2025/08/29 10:45:20 fetching corpus: 4550, signal 157381/178308 (executing program) 2025/08/29 10:45:20 fetching corpus: 4600, signal 157829/178308 (executing program) 2025/08/29 10:45:20 fetching corpus: 4650, signal 158203/178348 (executing program) 2025/08/29 10:45:20 fetching corpus: 4700, signal 158750/178399 (executing program) 2025/08/29 10:45:20 fetching corpus: 4750, signal 159135/178400 (executing program) 2025/08/29 10:45:21 fetching corpus: 4800, signal 159524/178403 (executing program) 2025/08/29 10:45:21 fetching corpus: 4850, signal 159963/178411 (executing program) 2025/08/29 10:45:21 fetching corpus: 4900, signal 160894/178415 (executing program) 2025/08/29 10:45:21 fetching corpus: 4950, signal 161211/178437 (executing program) 2025/08/29 10:45:21 fetching corpus: 5000, signal 161578/178438 (executing program) 2025/08/29 10:45:21 fetching corpus: 5050, signal 161979/178444 (executing program) 2025/08/29 10:45:21 fetching corpus: 5100, signal 162355/178448 (executing program) 2025/08/29 10:45:21 fetching corpus: 5150, signal 162782/178453 (executing program) 2025/08/29 10:45:21 fetching corpus: 5200, signal 163321/178466 (executing program) 2025/08/29 10:45:21 fetching corpus: 5250, signal 163694/178466 (executing program) 2025/08/29 10:45:21 fetching corpus: 5300, signal 164031/178468 (executing program) 2025/08/29 10:45:22 fetching corpus: 5350, signal 164368/178475 (executing program) 2025/08/29 10:45:22 fetching corpus: 5400, signal 164754/178484 (executing program) 2025/08/29 10:45:22 fetching corpus: 5450, signal 165149/178487 (executing program) 2025/08/29 10:45:22 fetching corpus: 5500, signal 165428/178494 (executing program) 2025/08/29 10:45:22 fetching corpus: 5550, signal 165880/178548 (executing program) 2025/08/29 10:45:22 fetching corpus: 5600, signal 166289/178553 (executing program) 2025/08/29 10:45:22 fetching corpus: 5650, signal 166580/178558 (executing program) 2025/08/29 10:45:22 fetching corpus: 5700, signal 167021/178560 (executing program) 2025/08/29 10:45:22 fetching corpus: 5750, signal 167450/178572 (executing program) 2025/08/29 10:45:22 fetching corpus: 5800, signal 167741/178594 (executing program) 2025/08/29 10:45:22 fetching corpus: 5850, signal 168067/178607 (executing program) 2025/08/29 10:45:23 fetching corpus: 5900, signal 168549/178629 (executing program) 2025/08/29 10:45:23 fetching corpus: 5950, signal 168974/178658 (executing program) 2025/08/29 10:45:23 fetching corpus: 6000, signal 169177/178674 (executing program) 2025/08/29 10:45:23 fetching corpus: 6050, signal 169801/178675 (executing program) 2025/08/29 10:45:23 fetching corpus: 6100, signal 170196/178684 (executing program) 2025/08/29 10:45:23 fetching corpus: 6150, signal 170459/178685 (executing program) 2025/08/29 10:45:23 fetching corpus: 6200, signal 170950/178698 (executing program) 2025/08/29 10:45:23 fetching corpus: 6250, signal 171346/178704 (executing program) 2025/08/29 10:45:23 fetching corpus: 6300, signal 171951/178706 (executing program) 2025/08/29 10:45:23 fetching corpus: 6350, signal 172221/178706 (executing program) 2025/08/29 10:45:23 fetching corpus: 6400, signal 172672/178725 (executing program) 2025/08/29 10:45:24 fetching corpus: 6450, signal 173026/178729 (executing program) 2025/08/29 10:45:24 fetching corpus: 6500, signal 173353/178744 (executing program) 2025/08/29 10:45:24 fetching corpus: 6550, signal 173716/178746 (executing program) 2025/08/29 10:45:24 fetching corpus: 6600, signal 174007/178757 (executing program) 2025/08/29 10:45:24 fetching corpus: 6650, signal 174333/178761 (executing program) 2025/08/29 10:45:24 fetching corpus: 6700, signal 175713/178766 (executing program) 2025/08/29 10:45:24 fetching corpus: 6750, signal 176023/178768 (executing program) 2025/08/29 10:45:24 fetching corpus: 6750, signal 176023/178768 (executing program) 2025/08/29 10:45:26 starting 8 fuzzer processes 10:45:26 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001e80)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r0, 0x2, 0x1) 10:45:26 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 10:45:26 executing program 1: r0 = socket$inet(0x2, 0x3, 0x26) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCGSTAMP(r0, 0x80108906, &(0x7f0000000080)) 10:45:26 executing program 2: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0xf, 0x0, 0x0) 10:45:26 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/protocols\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) 10:45:26 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x50, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5}, {0x5}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x50}}, 0x0) 10:45:26 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000080)="f9de6c8a", 0x5b4}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000005700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010220, 0x0) [ 75.890074] audit: type=1400 audit(1756464326.299:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:45:26 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) [ 77.164223] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.166367] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.168390] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.173417] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.177317] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.181505] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.184180] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.189111] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.195251] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.198617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.201095] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.202463] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.204115] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.213091] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.215570] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.216766] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.217934] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.219311] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.221285] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.223293] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.226909] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.228403] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.233521] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.237867] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.240524] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.242816] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.244499] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.245599] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.250169] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.251446] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.253579] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.258948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.261507] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.264504] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.266160] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.282545] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.313418] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.319685] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.321682] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.333208] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.255551] Bluetooth: hci1: command tx timeout [ 79.319377] Bluetooth: hci5: command tx timeout [ 79.319639] Bluetooth: hci4: command tx timeout [ 79.319956] Bluetooth: hci3: command tx timeout [ 79.321048] Bluetooth: hci0: command tx timeout [ 79.383260] Bluetooth: hci6: command tx timeout [ 79.384232] Bluetooth: hci7: command tx timeout [ 79.385806] Bluetooth: hci2: command tx timeout [ 81.303113] Bluetooth: hci1: command tx timeout [ 81.367279] Bluetooth: hci4: command tx timeout [ 81.367702] Bluetooth: hci0: command tx timeout [ 81.367773] Bluetooth: hci5: command tx timeout [ 81.369023] Bluetooth: hci3: command tx timeout [ 81.431066] Bluetooth: hci7: command tx timeout [ 81.431467] Bluetooth: hci6: command tx timeout [ 81.431848] Bluetooth: hci2: command tx timeout [ 83.352053] Bluetooth: hci1: command tx timeout [ 83.415185] Bluetooth: hci5: command tx timeout [ 83.416182] Bluetooth: hci0: command tx timeout [ 83.416865] Bluetooth: hci4: command tx timeout [ 83.416870] Bluetooth: hci3: command tx timeout [ 83.480037] Bluetooth: hci2: command tx timeout [ 83.480434] Bluetooth: hci6: command tx timeout [ 83.480813] Bluetooth: hci7: command tx timeout [ 85.399172] Bluetooth: hci1: command tx timeout [ 85.463418] Bluetooth: hci4: command tx timeout [ 85.463820] Bluetooth: hci0: command tx timeout [ 85.465048] Bluetooth: hci5: command tx timeout [ 85.465434] Bluetooth: hci3: command tx timeout [ 85.527303] Bluetooth: hci7: command tx timeout [ 85.527318] Bluetooth: hci6: command tx timeout [ 85.527747] Bluetooth: hci2: command tx timeout [ 112.228110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.228783] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.433755] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.434404] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.766463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.767572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.855395] audit: type=1400 audit(1756464363.261:8): avc: denied { open } for pid=3844 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.863075] audit: type=1400 audit(1756464363.261:9): avc: denied { kernel } for pid=3844 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.895595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.896246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:03 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) 10:46:03 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) [ 113.224848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.225481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:03 executing program 1: r0 = socket$inet(0x2, 0x3, 0x26) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCGSTAMP(r0, 0x80108906, &(0x7f0000000080)) 10:46:03 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) 10:46:03 executing program 1: r0 = socket$inet(0x2, 0x3, 0x26) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCGSTAMP(r0, 0x80108906, &(0x7f0000000080)) 10:46:03 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) [ 113.319083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.319780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:03 executing program 1: r0 = socket$inet(0x2, 0x3, 0x26) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCGSTAMP(r0, 0x80108906, &(0x7f0000000080)) [ 113.359068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.359645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:03 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) [ 113.388222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.388782] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.437515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.438112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.490684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.492059] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.527684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.528502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.562647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.563266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.589585] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.590365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.659539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.660312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.742623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.743259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.835877] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.836604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:04 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 10:46:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x50, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5}, {0x5}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x50}}, 0x0) 10:46:04 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/protocols\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) 10:46:04 executing program 2: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0xf, 0x0, 0x0) 10:46:04 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000080)="f9de6c8a", 0x5b4}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000005700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010220, 0x0) 10:46:04 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001e80)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r0, 0x2, 0x1) 10:46:04 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) 10:46:04 executing program 2: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0xf, 0x0, 0x0) 10:46:04 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 10:46:04 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/protocols\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) 10:46:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x50, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5}, {0x5}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x50}}, 0x0) 10:46:04 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000080)="f9de6c8a", 0x5b4}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000005700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010220, 0x0) 10:46:04 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001e80)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r0, 0x2, 0x1) 10:46:04 executing program 2: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0xf, 0x0, 0x0) 10:46:04 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001e80)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r0, 0x2, 0x1) 10:46:04 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000080)="f9de6c8a", 0x5b4}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000005700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010220, 0x0) 10:46:04 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 10:46:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x50, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5}, {0x5}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x50}}, 0x0) 10:46:04 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/protocols\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) 10:46:04 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 3: syz_mount_image$ext4(&(0x7f0000002580)='ext3\x00', &(0x7f00000025c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={[{@journal_path={'journal_path', 0x3d, './file0'}}]}) 10:46:04 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/4\x00') 10:46:04 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:04 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x401) write$evdev(r0, &(0x7f0000000200)=[{{0x77359400}}], 0x18) [ 114.477812] journal_path: Non-blockdev passed as './file0' [ 114.478413] EXT4-fs: error: could not find journal device path [ 114.485338] journal_path: Non-blockdev passed as './file0' [ 114.485826] EXT4-fs: error: could not find journal device path 10:46:04 executing program 3: syz_mount_image$ext4(&(0x7f0000002580)='ext3\x00', &(0x7f00000025c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={[{@journal_path={'journal_path', 0x3d, './file0'}}]}) 10:46:04 executing program 6: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) [ 114.584775] journal_path: Non-blockdev passed as './file0' [ 114.585303] EXT4-fs: error: could not find journal device path 10:46:05 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:05 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:05 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:05 executing program 3: syz_mount_image$ext4(&(0x7f0000002580)='ext3\x00', &(0x7f00000025c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={[{@journal_path={'journal_path', 0x3d, './file0'}}]}) 10:46:05 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x401) write$evdev(r0, &(0x7f0000000200)=[{{0x77359400}}], 0x18) 10:46:05 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:05 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/4\x00') 10:46:05 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) 10:46:05 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_ACTIVATE(r0, 0x5608, 0x8) 10:46:05 executing program 6: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 10:46:05 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x0, 0x4, 0x3, 0x0, 0x6, 0x20, 0xe, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_bp, 0x2000, 0x2, 0x8e92, 0x3, 0x7, 0x19c4, 0x0, 0x0, 0x40, 0x0, 0x9}, r1, 0xffffffffffffffff, r0, 0xb) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r3 = dup(r2) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000140)=0x1, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x80, 0x7, 0x20, 0x0, 0x3, 0x1034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x9}, 0x0, 0x5, 0x81, 0x9, 0x3cc7, 0x1, 0x9, 0x0, 0x21}, 0xffffffffffffffff, 0x5, r3, 0x1) r4 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r4, 0x0) [ 114.862250] journal_path: Non-blockdev passed as './file0' [ 114.863259] EXT4-fs: error: could not find journal device path 10:46:05 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/4\x00') 10:46:05 executing program 3: syz_mount_image$ext4(&(0x7f0000002580)='ext3\x00', &(0x7f00000025c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={[{@journal_path={'journal_path', 0x3d, './file0'}}]}) 10:46:05 executing program 7: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 10:46:05 executing program 6: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 10:46:05 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_ACTIVATE(r0, 0x5608, 0x8) 10:46:05 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x401) write$evdev(r0, &(0x7f0000000200)=[{{0x77359400}}], 0x18) [ 115.036215] kmemleak: Found object by alias at 0x607f1a62ba88 [ 115.036251] CPU: 1 UID: 0 PID: 4004 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.036283] Tainted: [W]=WARN [ 115.036290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.036302] Call Trace: [ 115.036309] [ 115.036317] dump_stack_lvl+0xca/0x120 [ 115.036356] __lookup_object+0x94/0xb0 [ 115.036385] delete_object_full+0x27/0x70 [ 115.036414] free_percpu+0x30/0x1160 [ 115.036442] ? arch_uprobe_clear_state+0x16/0x140 [ 115.036477] futex_hash_free+0x38/0xc0 [ 115.036501] mmput+0x2d3/0x390 [ 115.036533] do_exit+0x79d/0x2970 [ 115.036557] ? signal_wake_up_state+0x85/0x120 [ 115.036585] ? zap_other_threads+0x2b9/0x3a0 [ 115.036613] ? __pfx_do_exit+0x10/0x10 [ 115.036636] ? do_group_exit+0x1c3/0x2a0 [ 115.036660] ? lock_release+0xc8/0x290 [ 115.036690] do_group_exit+0xd3/0x2a0 [ 115.036717] __x64_sys_exit_group+0x3e/0x50 [ 115.036742] x64_sys_call+0x18c5/0x18d0 [ 115.036769] do_syscall_64+0xbf/0x360 [ 115.036790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.036810] RIP: 0033:0x7f8a9a34fb19 [ 115.036825] Code: Unable to access opcode bytes at 0x7f8a9a34faef. [ 115.036835] RSP: 002b:00007fff61bb26d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 115.036855] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8a9a34fb19 [ 115.036868] RDX: 00007f8a9a30272b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 115.036881] RBP: 0000000000000000 R08: 0000001b2cc26234 R09: 0000000000000000 [ 115.036894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.036906] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff61bb27c0 [ 115.036934] [ 115.036940] kmemleak: Object (percpu) 0x607f1a62ba84 (size 8): [ 115.036952] kmemleak: comm "syz-executor.6", pid 4023, jiffies 4294781823 [ 115.036965] kmemleak: min_count = 1 [ 115.036972] kmemleak: count = 0 [ 115.036978] kmemleak: flags = 0x21 [ 115.036985] kmemleak: checksum = 0 [ 115.036992] kmemleak: backtrace: [ 115.036997] pcpu_alloc_noprof+0x87a/0x1170 [ 115.037024] alloc_vfsmnt+0x135/0x6e0 [ 115.037047] vfs_create_mount.part.0+0x40/0x440 [ 115.037073] __do_sys_fsmount+0x43e/0x950 [ 115.037092] do_syscall_64+0xbf/0x360 [ 115.037108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.038450] journal_path: Non-blockdev passed as './file0' [ 115.040217] ------------[ cut here ]------------ [ 115.040230] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#1: syz-executor.6/4021 [ 115.040274] Modules linked in: [ 115.040941] EXT4-fs: error: could not find journal device path [ 115.041548] [ 115.080640] CPU: 1 UID: 0 PID: 4021 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.085307] Tainted: [W]=WARN [ 115.087088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.088314] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 115.089017] Code: c7 a0 45 d1 85 e8 01 7c fa 02 49 8d 7d 40 5b 48 c7 c6 10 e2 be 81 5d 41 5c 41 5d 41 5e 41 5f e9 57 b3 9c ff e8 82 46 b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 74 46 b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 115.091702] RSP: 0018:ffff88801546fe20 EFLAGS: 00010293 [ 115.092513] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bf9de5 [ 115.093570] RDX: ffff888018dd5280 RSI: ffffffff81bfa0fe RDI: 0000000000000005 [ 115.094632] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 115.095718] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888018dd5b58 [ 115.096798] R13: ffff888044962000 R14: 0000000000000001 R15: ffff888044962040 [ 115.097866] FS: 0000555586ecd400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.099062] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.099915] CR2: 0000001b2d422000 CR3: 000000000c792000 CR4: 0000000000350ef0 [ 115.101006] Call Trace: [ 115.101393] [ 115.101737] task_work_run+0x172/0x280 [ 115.102371] ? __pfx_task_work_run+0x10/0x10 [ 115.103066] ? __pfx_fput_close_sync+0x10/0x10 [ 115.103749] ? do_raw_spin_unlock+0x53/0x220 [ 115.104439] exit_to_user_mode_loop+0xef/0x110 [ 115.105155] do_syscall_64+0x2f7/0x360 [ 115.105730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.106517] RIP: 0033:0x7fdbec37072b [ 115.107113] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 115.109753] RSP: 002b:00007ffc029db670 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 115.110877] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007fdbec37072b [ 115.111945] RDX: 00007fdbec4d52b8 RSI: 00007fdbec1355f0 RDI: 0000000000000004 [ 115.113017] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b2d421e1c [ 115.114089] R10: 0000000000000a85 R11: 0000000000000293 R12: 000000000001c0df [ 115.115167] R13: 00000000000003e8 R14: 00007fdbec4d0f60 R15: 000000000001c0d5 [ 115.116340] [ 115.116698] irq event stamp: 3277 [ 115.117224] hardirqs last enabled at (3287): [] __up_console_sem+0x78/0x80 [ 115.118488] hardirqs last disabled at (3296): [] __up_console_sem+0x5d/0x80 [ 115.119782] softirqs last enabled at (2876): [] handle_softirqs+0x50c/0x770 [ 115.121091] softirqs last disabled at (2871): [] __irq_exit_rcu+0xc4/0x100 [ 115.122396] ---[ end trace 0000000000000000 ]--- 10:46:05 executing program 7: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 10:46:05 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000240)="40008d004900a5bea1b7c5ca110b7021799de00ffb22856a66196c37e455236c89424ae3d9649d227f0a9af9b8365032cfe853c1ca103905d7b66d6e27cfb53bd4799d75ef2aea58c532e405000000ebe8d41e9f091eb1885b8ad83af93f5ef3a3f4d0f8dfa005a77442ac16396384a214a8f7a574e6ebd5ea02d96db3bc87f45049c1151fdfad4ae4bbbde7ba3f5893768472b8eefc59f2da01b619573201730a6e7c9b9459c05c5afe5c6f978e5e09f23948721f212f1c785a9174344feca299e5", 0xc57d4077604cc144) 10:46:05 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/4\x00') 10:46:05 executing program 0: epoll_create1(0x0) 10:46:05 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_ACTIVATE(r0, 0x5608, 0x8) 10:46:05 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b32, &(0x7f0000000140)) 10:46:05 executing program 6: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 10:46:05 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x401) write$evdev(r0, &(0x7f0000000200)=[{{0x77359400}}], 0x18) [ 115.268593] kmemleak: Found object by alias at 0x607f1a62ba88 [ 115.268613] CPU: 0 UID: 0 PID: 4035 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.268631] Tainted: [W]=WARN [ 115.268635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.268643] Call Trace: [ 115.268648] [ 115.268653] dump_stack_lvl+0xca/0x120 [ 115.268683] __lookup_object+0x94/0xb0 [ 115.268702] delete_object_full+0x27/0x70 [ 115.268718] free_percpu+0x30/0x1160 [ 115.268735] ? arch_uprobe_clear_state+0x16/0x140 [ 115.268756] futex_hash_free+0x38/0xc0 [ 115.268772] mmput+0x2d3/0x390 [ 115.268791] do_exit+0x79d/0x2970 [ 115.268805] ? lock_release+0xc8/0x290 [ 115.268822] ? __pfx_do_exit+0x10/0x10 [ 115.268836] ? find_held_lock+0x2b/0x80 [ 115.268853] ? get_signal+0x835/0x2340 [ 115.268873] do_group_exit+0xd3/0x2a0 [ 115.268888] get_signal+0x2315/0x2340 [ 115.268905] ? fd_install+0x1d8/0x660 [ 115.268916] ? putname.part.0+0x11b/0x160 [ 115.268936] ? __pfx_get_signal+0x10/0x10 [ 115.268956] ? do_futex+0x135/0x370 [ 115.268969] ? __pfx_do_futex+0x10/0x10 [ 115.268984] arch_do_signal_or_restart+0x80/0x790 [ 115.269002] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 115.269019] ? __x64_sys_futex+0x1c9/0x4d0 [ 115.269030] ? __x64_sys_futex+0x1d2/0x4d0 [ 115.269044] ? __x64_sys_openat+0x142/0x200 [ 115.269061] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.269073] ? selinux_file_ioctl+0xb9/0x280 [ 115.269094] exit_to_user_mode_loop+0x8b/0x110 [ 115.269107] do_syscall_64+0x2f7/0x360 [ 115.269119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.269132] RIP: 0033:0x7f8a9a34fb19 [ 115.269140] Code: Unable to access opcode bytes at 0x7f8a9a34faef. [ 115.269146] RSP: 002b:00007f8a978c5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.269157] RAX: 0000000000000000 RBX: 00007f8a9a462f68 RCX: 00007f8a9a34fb19 [ 115.269165] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8a9a462f68 [ 115.269172] RBP: 00007f8a9a462f60 R08: 0000000000000000 R09: 0000000000000000 [ 115.269179] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a9a462f6c [ 115.269186] R13: 00007fff61bb24af R14: 00007f8a978c5300 R15: 0000000000022000 [ 115.269202] [ 115.269206] kmemleak: Object (percpu) 0x607f1a62ba84 (size 8): [ 115.269212] kmemleak: comm "syz-executor.6", pid 4036, jiffies 4294782060 [ 115.269219] kmemleak: min_count = 1 [ 115.269223] kmemleak: count = 0 [ 115.269227] kmemleak: flags = 0x21 [ 115.269231] kmemleak: checksum = 0 [ 115.269235] kmemleak: backtrace: [ 115.269238] pcpu_alloc_noprof+0x87a/0x1170 [ 115.269253] alloc_vfsmnt+0x135/0x6e0 [ 115.269265] vfs_create_mount.part.0+0x40/0x440 [ 115.269280] __do_sys_fsmount+0x43e/0x950 [ 115.269291] do_syscall_64+0xbf/0x360 [ 115.269300] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:46:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x3}, 0x20) 10:46:05 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_ACTIVATE(r0, 0x5608, 0x8) 10:46:05 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b32, &(0x7f0000000140)) 10:46:05 executing program 7: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 10:46:05 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0) acct(&(0x7f0000000080)='./file0\x00') 10:46:05 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000240)="40008d004900a5bea1b7c5ca110b7021799de00ffb22856a66196c37e455236c89424ae3d9649d227f0a9af9b8365032cfe853c1ca103905d7b66d6e27cfb53bd4799d75ef2aea58c532e405000000ebe8d41e9f091eb1885b8ad83af93f5ef3a3f4d0f8dfa005a77442ac16396384a214a8f7a574e6ebd5ea02d96db3bc87f45049c1151fdfad4ae4bbbde7ba3f5893768472b8eefc59f2da01b619573201730a6e7c9b9459c05c5afe5c6f978e5e09f23948721f212f1c785a9174344feca299e5", 0xc57d4077604cc144) [ 115.487789] block device autoloading is deprecated and will be removed. 10:46:05 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x7, &(0x7f0000000080), 0x8) 10:46:05 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000000)) 10:46:05 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2275, &(0x7f0000002040)) 10:46:05 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00') pread64(r0, &(0x7f0000000040)=""/47, 0x2f, 0x8) 10:46:05 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b32, &(0x7f0000000140)) 10:46:05 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0) acct(&(0x7f0000000080)='./file0\x00') 10:46:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x3}, 0x20) 10:46:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000240)="40008d004900a5bea1b7c5ca110b7021799de00ffb22856a66196c37e455236c89424ae3d9649d227f0a9af9b8365032cfe853c1ca103905d7b66d6e27cfb53bd4799d75ef2aea58c532e405000000ebe8d41e9f091eb1885b8ad83af93f5ef3a3f4d0f8dfa005a77442ac16396384a214a8f7a574e6ebd5ea02d96db3bc87f45049c1151fdfad4ae4bbbde7ba3f5893768472b8eefc59f2da01b619573201730a6e7c9b9459c05c5afe5c6f978e5e09f23948721f212f1c785a9174344feca299e5", 0xc57d4077604cc144) 10:46:06 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0) acct(&(0x7f0000000080)='./file0\x00') 10:46:06 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2275, &(0x7f0000002040)) 10:46:06 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x7, &(0x7f0000000080), 0x8) 10:46:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x3}, 0x20) 10:46:06 executing program 6: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) 10:46:06 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00') pread64(r0, &(0x7f0000000040)=""/47, 0x2f, 0x8) 10:46:06 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b32, &(0x7f0000000140)) 10:46:06 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x7, &(0x7f0000000080), 0x8) 10:46:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000240)="40008d004900a5bea1b7c5ca110b7021799de00ffb22856a66196c37e455236c89424ae3d9649d227f0a9af9b8365032cfe853c1ca103905d7b66d6e27cfb53bd4799d75ef2aea58c532e405000000ebe8d41e9f091eb1885b8ad83af93f5ef3a3f4d0f8dfa005a77442ac16396384a214a8f7a574e6ebd5ea02d96db3bc87f45049c1151fdfad4ae4bbbde7ba3f5893768472b8eefc59f2da01b619573201730a6e7c9b9459c05c5afe5c6f978e5e09f23948721f212f1c785a9174344feca299e5", 0xc57d4077604cc144) 10:46:06 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00') pread64(r0, &(0x7f0000000040)=""/47, 0x2f, 0x8) 10:46:06 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2275, &(0x7f0000002040)) 10:46:06 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0) acct(&(0x7f0000000080)='./file0\x00') 10:46:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x3}, 0x20) 10:46:06 executing program 1: socket$packet(0x11, 0x2, 0x300) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') socket$packet(0x11, 0x3, 0x300) pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x33) [ 115.899743] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 115.901610] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.902839] CPU: 1 UID: 0 PID: 289 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.904559] Tainted: [W]=WARN [ 115.905015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.906187] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.906885] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.909507] RSP: 0018:ffff8880164f75c0 EFLAGS: 00010212 [ 115.910275] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.911308] RDX: ffff888019cc8000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.912335] RBP: ffff8880164f7830 R08: ffff88806cf31340 R09: ffffe8ffffd0e520 [ 115.913365] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.914394] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.915426] FS: 0000555568523400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.916586] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.917423] CR2: 000055556852cc58 CR3: 0000000042f5f000 CR4: 0000000000350ef0 [ 115.918468] Call Trace: [ 115.918859] [ 115.919211] ? __lock_acquire+0x694/0x1b70 [ 115.919829] ? __pfx_perf_tp_event+0x10/0x10 [ 115.920478] ? __lock_acquire+0x694/0x1b70 [ 115.921104] ? __lock_acquire+0x694/0x1b70 [ 115.921730] ? __lock_acquire+0x694/0x1b70 [ 115.922348] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.923089] perf_trace_run_bpf_submit+0xef/0x180 [ 115.923796] perf_trace_contention_begin+0x235/0x3e0 [ 115.924544] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 115.925359] ? lock_acquire+0x15e/0x2f0 [ 115.925942] ? lo_ioctl+0x289/0x1c70 [ 115.926510] trace_contention_begin+0xae/0x110 [ 115.927202] __mutex_lock+0x14b/0x1020 [ 115.927784] ? lo_ioctl+0x289/0x1c70 [ 115.928352] ? lo_ioctl+0x289/0x1c70 [ 115.928913] ? __pfx___mutex_lock+0x10/0x10 [ 115.929559] ? lock_acquire+0x15e/0x2f0 [ 115.930140] ? avc_has_extended_perms+0x107/0xf20 [ 115.930858] ? find_held_lock+0x2b/0x80 [ 115.931468] ? avc_has_extended_perms+0x23b/0xf20 [ 115.932189] ? lock_release+0xc8/0x290 [ 115.932760] lo_ioctl+0x289/0x1c70 [ 115.933293] ? __pfx_lo_ioctl+0x10/0x10 [ 115.933874] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 115.934639] ? lock_acquire+0x15e/0x2f0 [ 115.935234] ? __virt_addr_valid+0x1c6/0x5d0 [ 115.935890] ? find_held_lock+0x2b/0x80 [ 115.936478] ? __virt_addr_valid+0x2e8/0x5d0 [ 115.937130] ? lock_release+0xc8/0x290 [ 115.937698] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.938442] ? blkdev_common_ioctl+0x1cd/0x21d0 [ 115.939136] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 115.939850] ? kasan_quarantine_put+0x84/0x1e0 [ 115.940514] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.941251] ? do_vfs_ioctl+0x125/0x1470 [ 115.941846] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 115.942470] ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0 [ 115.943383] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 115.944263] ? __pfx_do_sys_openat2+0x10/0x10 [ 115.944920] ? __pfx_lo_ioctl+0x10/0x10 [ 115.945500] blkdev_ioctl+0x27c/0x6c0 [ 115.946062] ? __pfx_blkdev_ioctl+0x10/0x10 [ 115.946689] ? selinux_file_ioctl+0xb9/0x280 [ 115.947345] ? __pfx_blkdev_ioctl+0x10/0x10 [ 115.947980] __x64_sys_ioctl+0x18f/0x210 [ 115.948575] do_syscall_64+0xbf/0x360 [ 115.949125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.949859] RIP: 0033:0x7f22968a78d7 [ 115.950391] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.952955] RSP: 002b:00007fff50e01048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.954030] RAX: ffffffffffffffda RBX: 00007fff50e010d0 RCX: 00007f22968a78d7 [ 115.955055] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 115.956062] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fff50e00ee0 [ 115.957066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 115.958078] R13: 0000000000000000 R14: 0000000000000003 R15: 00007fff50e01110 [ 115.959105] [ 115.959444] Modules linked in: [ 115.960244] ---[ end trace 0000000000000000 ]--- [ 115.960924] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.961661] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.964251] RSP: 0018:ffff8880164f75c0 EFLAGS: 00010212 [ 115.965033] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.966071] RDX: ffff888019cc8000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.967127] RBP: ffff8880164f7830 R08: ffff88806cf31340 R09: ffffe8ffffd0e520 [ 115.968153] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.969187] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.970233] FS: 0000555568523400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.971400] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.972255] CR2: 000055556852cc58 CR3: 0000000042f5f000 CR4: 0000000000350ef0 [ 115.973292] note: syz-executor.0[289] exited with preempt_count 2 10:46:06 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x7, &(0x7f0000000080), 0x8) 10:46:06 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2275, &(0x7f0000002040)) 10:46:06 executing program 6: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) 10:46:06 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00') pread64(r0, &(0x7f0000000040)=""/47, 0x2f, 0x8) 10:46:06 executing program 1: socket$packet(0x11, 0x2, 0x300) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') socket$packet(0x11, 0x3, 0x300) pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x33) 10:46:06 executing program 3: socket$packet(0x11, 0x2, 0x300) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') socket$packet(0x11, 0x3, 0x300) pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x33) 10:46:06 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) copy_file_range(r0, 0x0, r0, 0x0, 0x0, 0x0) 10:46:06 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@delsa={0x28, 0x11, 0x101, 0x0, 0x0, {@in, 0x0, 0x0, 0x32}}, 0x28}}, 0x0) [ 116.131359] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 116.132297] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 116.132917] CPU: 0 UID: 0 PID: 4113 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.133897] Tainted: [D]=DIE, [W]=WARN [ 116.134208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.134882] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.135278] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.136724] RSP: 0018:ffff88801705f940 EFLAGS: 00010012 [ 116.137161] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000088e000 [ 116.137748] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 116.138312] RBP: ffff88801705fbb0 R08: ffff88806ce31340 R09: ffffe8ffffc0e520 [ 116.138887] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 116.139462] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 116.140039] FS: 00007f8a978c5700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.140686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.141158] CR2: 00007f8a9a463018 CR3: 000000000c68d000 CR4: 0000000000350ef0 [ 116.141735] Call Trace: [ 116.141946] [ 116.142134] ? __pfx_perf_tp_event+0x10/0x10 [ 116.142501] ? stack_depot_save_flags+0x2c/0xa20 [ 116.142905] ? __is_insn_slot_addr+0x140/0x290 [ 116.143292] ? kasan_save_stack+0x34/0x50 [ 116.143636] ? kasan_save_stack+0x24/0x50 [ 116.143971] ? kasan_save_track+0x14/0x30 [ 116.144310] ? __kasan_kmalloc+0x7f/0x90 [ 116.144644] ? __kmalloc_noprof+0x27e/0x6e0 [ 116.144999] ? security_sk_alloc+0x101/0x160 [ 116.145371] ? sk_prot_alloc+0x20b/0x280 [ 116.145707] ? sk_alloc+0x34/0xbd0 [ 116.146001] ? packet_create+0x121/0x8d0 [ 116.146343] ? __sock_create+0x369/0x810 [ 116.146676] ? __sys_socket+0x145/0x260 [ 116.147010] ? __x64_sys_socket+0x73/0xb0 [ 116.147348] ? do_syscall_64+0xbf/0x360 [ 116.147674] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.148109] ? __mutex_trylock_common+0xf9/0x260 [ 116.148505] ? __pfx___mutex_trylock_common+0x10/0x10 [ 116.148923] ? perf_trace_run_bpf_submit+0xef/0x180 [ 116.149329] perf_trace_run_bpf_submit+0xef/0x180 [ 116.149724] perf_trace_preemptirq_template+0x259/0x430 [ 116.150162] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 116.150583] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 116.151081] ? trace_kmalloc+0x1f/0xb0 [ 116.151406] ? __kmalloc_noprof+0x29d/0x6e0 [ 116.151758] ? __kasan_kmalloc+0x7f/0x90 [ 116.152090] ? _raw_spin_lock_irqsave+0x53/0x60 [ 116.152471] trace_irq_disable.constprop.0+0xa6/0x100 [ 116.152891] _raw_spin_lock_irqsave+0x53/0x60 [ 116.153261] pcpu_alloc_noprof+0x264/0x1170 [ 116.153623] ? cgroup_sk_alloc+0x194/0xa40 [ 116.153973] ? lock_release+0x1c7/0x290 [ 116.154300] packet_create+0x1f1/0x8d0 [ 116.154623] __sock_create+0x369/0x810 [ 116.154950] __sys_socket+0x145/0x260 [ 116.155267] ? __pfx___sys_socket+0x10/0x10 [ 116.155621] __x64_sys_socket+0x73/0xb0 [ 116.155942] do_syscall_64+0xbf/0x360 [ 116.156254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.156670] RIP: 0033:0x7f8a9a34fb19 [ 116.156973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.158436] RSP: 002b:00007f8a978c5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 116.159056] RAX: ffffffffffffffda RBX: 00007f8a9a462f60 RCX: 00007f8a9a34fb19 [ 116.159622] RDX: 0000000000000300 RSI: 0000000000000002 RDI: 0000000000000011 [ 116.160198] RBP: 00007f8a9a3a9f6d R08: 0000000000000000 R09: 0000000000000000 [ 116.160768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.161341] R13: 00007fff61bb24af R14: 00007f8a978c5300 R15: 0000000000022000 [ 116.161917] [ 116.162113] Modules linked in: [ 116.162381] ---[ end trace 0000000000000000 ]--- [ 116.162760] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.163153] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.164613] RSP: 0018:ffff8880164f75c0 EFLAGS: 00010212 [ 116.165040] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 116.165611] RDX: ffff888019cc8000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 116.166184] RBP: ffff8880164f7830 R08: ffff88806cf31340 R09: ffffe8ffffd0e520 [ 116.166760] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 116.167341] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000 [ 116.167916] FS: 00007f8a978c5700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.168562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.169030] CR2: 00007f8a9a463018 CR3: 000000000c68d000 CR4: 0000000000350ef0 [ 116.169605] note: syz-executor.1[4113] exited with irqs disabled [ 116.170161] note: syz-executor.1[4113] exited with preempt_count 1 10:46:06 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) copy_file_range(r0, 0x0, r0, 0x0, 0x0, 0x0) 10:46:06 executing program 0: timer_create(0x2, 0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, r0+60000000}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140)) 10:46:06 executing program 6: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) [ 116.228325] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#3] SMP KASAN NOPTI [ 116.229929] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 116.231008] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.232631] Tainted: [D]=DIE, [W]=WARN [ 116.233180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.234348] RIP: 0010:dst_dev_put+0x21/0x250 [ 116.234609] ================================================================== [ 116.234999] Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb e8 40 c6 a8 fd 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 01 00 00 48 8d 7b 3a 48 8b 2b 48 b8 00 00 00 [ 116.235612] BUG: KASAN: slab-use-after-free in __mutex_lock+0xc72/0x1020 [ 116.238118] RSP: 0018:ffff888009747bf0 EFLAGS: 00010256 [ 116.238650] Read of size 4 at addr ffff888018dd0034 by task syz-executor.3/4120 [ 116.238654] [ 116.238666] [ 116.239404] RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff84103977 [ 116.239996] CPU: 0 UID: 0 PID: 4120 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.240018] Tainted: [D]=DIE, [W]=WARN [ 116.240023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.240031] Call Trace: [ 116.240036] [ 116.240041] dump_stack_lvl+0xca/0x120 [ 116.240061] print_report+0xcb/0x610 [ 116.240079] ? __virt_addr_valid+0x100/0x5d0 [ 116.240099] ? __mutex_lock+0xc72/0x1020 [ 116.240116] ? __mutex_lock+0xc72/0x1020 [ 116.240132] kasan_report+0xca/0x100 [ 116.240148] ? __mutex_lock+0xc72/0x1020 [ 116.240166] __mutex_lock+0xc72/0x1020 [ 116.240183] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 116.240201] ? lock_release+0x1c7/0x290 [ 116.240216] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 116.240229] ? __pfx___mutex_lock+0x10/0x10 [ 116.240248] ? __kasan_kmalloc+0x7f/0x90 [ 116.240262] ? trace_kmalloc+0x1f/0xb0 [ 116.240277] ? __kmalloc_noprof+0x29d/0x6e0 [ 116.240292] ? __kasan_kmalloc+0x7f/0x90 [ 116.240306] ? lock_acquire+0x18c/0x2f0 [ 116.240321] pcpu_alloc_noprof+0xaa0/0x1170 [ 116.240339] ? cgroup_sk_alloc+0x194/0xa40 [ 116.240360] ? lock_release+0x1c7/0x290 [ 116.240375] packet_create+0x1f1/0x8d0 [ 116.240395] __sock_create+0x369/0x810 [ 116.240411] __sys_socket+0x145/0x260 [ 116.240424] ? __pfx___sys_socket+0x10/0x10 [ 116.240437] ? xfd_validate_state+0x55/0x180 [ 116.240458] __x64_sys_socket+0x73/0xb0 [ 116.240471] do_syscall_64+0xbf/0x360 [ 116.240483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.240496] RIP: 0033:0x7fe0d00d0b19 [ 116.240506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.240518] RSP: 002b:00007fe0cd625188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 116.240530] RAX: ffffffffffffffda RBX: 00007fe0d01e4020 RCX: 00007fe0d00d0b19 [ 116.240538] RDX: 0000000000000300 RSI: 0000000000000003 RDI: 0000000000000011 [ 116.240546] RBP: 00007fe0d012af6d R08: 0000000000000000 R09: 0000000000000000 [ 116.240553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.240561] R13: 00007ffc2e59413f R14: 00007fe0cd625300 R15: 0000000000022000 [ 116.240572] [ 116.240577] [ 116.241465] RDX: 0000000000000000 RSI: ffffffff83cb2140 RDI: 0000000000000002 [ 116.242413] Allocated by task 4109: [ 116.242954] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 116.243622] kasan_save_stack+0x24/0x50 [ 116.243983] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0b0a4ac [ 116.244167] kasan_save_track+0x14/0x30 [ 116.244699] R13: 0000607f1a631520 R14: 0000607f1a631520 R15: 0000000000000000 [ 116.244998] __kasan_slab_alloc+0x59/0x70 [ 116.245607] FS: 0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 116.245925] kmem_cache_alloc_node_noprof+0x21a/0x690 [ 116.246493] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.246783] copy_process+0x461/0x73c0 [ 116.247358] CR2: 00007fe0cd625718 CR3: 000000001ee1f000 CR4: 0000000000350ef0 [ 116.247663] kernel_clone+0xea/0x7f0 [ 116.248283] Call Trace: [ 116.248595] __do_sys_clone+0xce/0x120 [ 116.249320] [ 116.249665] do_syscall_64+0xbf/0x360 [ 116.250220] rt_fibinfo_free_cpus.part.0+0xdb/0x1a0 [ 116.250528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.251128] ? rcu_core+0x7c3/0x1800 [ 116.251444] [ 116.251449] Freed by task 275: [ 116.251990] fib_nh_common_release+0xa8/0x2c0 [ 116.252329] kasan_save_stack+0x24/0x50 [ 116.252908] ? rcu_core+0x7c3/0x1800 [ 116.253221] kasan_save_track+0x14/0x30 [ 116.253761] ? rcu_core+0x7c3/0x1800 [ 116.254068] __kasan_save_free_info+0x3a/0x60 [ 116.254594] fib6_info_destroy_rcu+0x18b/0x1f0 [ 116.254946] __kasan_slab_free+0x3f/0x50 [ 116.255556] ? rcu_core+0x7c3/0x1800 [ 116.255872] kmem_cache_free+0x2a1/0x540 [ 116.256391] rcu_core+0x7c8/0x1800 [ 116.256796] rcu_core+0x7c8/0x1800 [ 116.257315] ? __pfx_rcu_core+0x10/0x10 [ 116.258751] handle_softirqs+0x1b1/0x770 [ 116.259791] ? __pfx___schedule+0x10/0x10 [ 116.260360] __irq_exit_rcu+0xc4/0x100 [ 116.261334] ? trace_rcu_grace_period+0x2a/0x1a0 [ 116.261893] irq_exit_rcu+0x9/0x20 [ 116.262879] handle_softirqs+0x1b1/0x770 [ 116.263443] sysvec_apic_timer_interrupt+0x39/0x80 [ 116.263773] ? __pfx_run_ksoftirqd+0x10/0x10 [ 116.263910] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 116.264894] ? smpboot_thread_fn+0x371/0x9d0 [ 116.265196] [ 116.265201] Last potentially related work creation: [ 116.266171] run_ksoftirqd+0x2e/0x60 [ 116.266478] kasan_save_stack+0x24/0x50 [ 116.267454] smpboot_thread_fn+0x41d/0x9d0 [ 116.267766] kasan_record_aux_stack+0x89/0xa0 [ 116.268728] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 116.269044] __call_rcu_common.constprop.0+0x70/0x960 [ 116.270132] kthread+0x3c8/0x740 [ 116.270524] delayed_put_task_struct+0xde/0x260 [ 116.271319] ? __pfx_kthread+0x10/0x10 [ 116.271618] rcu_core+0x7c8/0x1800 [ 116.272578] ? ret_from_fork+0x23/0x430 [ 116.272864] handle_softirqs+0x1b1/0x770 [ 116.273222] ? lock_release+0xc8/0x290 [ 116.273520] __irq_exit_rcu+0xc4/0x100 [ 116.273833] ? __pfx_kthread+0x10/0x10 [ 116.274125] irq_exit_rcu+0x9/0x20 [ 116.274801] ret_from_fork+0x34b/0x430 [ 116.275201] sysvec_apic_timer_interrupt+0x70/0x80 [ 116.275707] ? __pfx_kthread+0x10/0x10 [ 116.275845] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 116.276287] ret_from_fork_asm+0x1a/0x30 [ 116.276633] [ 116.276638] Second to last potentially related work creation: [ 116.277177] [ 116.277456] kasan_save_stack+0x24/0x50 [ 116.277993] Modules linked in: [ 116.278283] kasan_record_aux_stack+0x89/0xa0 [ 116.278895] [ 116.279248] __call_rcu_common.constprop.0+0x70/0x960 [ 116.279860] ---[ end trace 0000000000000000 ]--- [ 116.280093] put_task_struct_rcu_user+0x75/0xc0 [ 116.280110] __schedule+0xe86/0x3590 [ 116.280663] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.280942] __cond_resched+0x4c/0x80 [ 116.281448] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.281736] scan_gray_list+0x22b/0x290 [ 116.282303] RSP: 0018:ffff8880164f75c0 EFLAGS: 00010212 [ 116.282606] kmemleak_scan+0x574/0xe00 [ 116.283161] [ 116.283511] kmemleak_scan_thread+0x78/0xc0 [ 116.284027] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 116.284315] kthread+0x3c8/0x740 [ 116.284995] RDX: ffff888019cc8000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 116.285325] ret_from_fork+0x34b/0x430 [ 116.286047] RBP: ffff8880164f7830 R08: ffff88806cf31340 R09: ffffe8ffffd0e520 [ 116.286377] ret_from_fork_asm+0x1a/0x30 [ 116.286627] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 116.287020] [ 116.287024] The buggy address belongs to the object at ffff888018dd0000 [ 116.287024] which belongs to the cache task_struct of size 6784 [ 116.287035] The buggy address is located 52 bytes inside of [ 116.287035] freed 6784-byte region [ffff888018dd0000, ffff888018dd1a80) [ 116.287535] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000 [ 116.287841] [ 116.287846] The buggy address belongs to the physical page: [ 116.288428] FS: 0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 116.288759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18dd0 [ 116.289423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.289797] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 116.290279] CR2: 00007fe0cd625718 CR3: 000000001ee1f000 CR4: 0000000000350ef0 [ 116.290624] memcg:ffff88800e02b601 [ 116.290631] anon flags: 0x100000000000040(head|node=0|zone=1) [ 116.291177] Kernel panic - not syncing: Fatal exception in interrupt [ 116.327037] Kernel Offset: disabled [ 116.327536] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:46:05 Registers: info registers vcpu 0 RAX=0000000000020005 RBX=ffff888016010000 RCX=0000000000000000 RDX=0000000000000005 RSI=0000000000000000 RDI=ffffffff85c1c760 RBP=ffff888016010a58 RSP=ffff88801673f710 R8 =0000000000000000 R9 =0000000000000005 R10=0000000000000001 R11=0000000000000000 R12=ffff888016010a58 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8151bad9 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f54b6e7e8c0 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555568f56c58 CR3=000000000b965000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffff00ffffffffffffff00 XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00007f54b700307570632f302f716d2f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000555bab047ca00000555bab073ed0 XMM06=000000000000000000000000ffffffff XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000020000000000000002000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801546f798 R8 =0000000000000000 R9 =ffffed1001650046 R10=0000000000000000 R11=0000000000000001 R12=000000000000000d R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555586ecd400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d422000 CR3=000000000c792000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000