Warning: Permanently added '[localhost]:54351' (ECDSA) to the list of known hosts.
2025/08/29 08:41:36 fuzzer started
2025/08/29 08:41:37 dialing manager at localhost:43077
syzkaller login: [ 50.849505] cgroup: Unknown subsys name 'net'
[ 50.893588] cgroup: Unknown subsys name 'cpuset'
[ 50.917633] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:41:46 syscalls: 2214
2025/08/29 08:41:46 code coverage: enabled
2025/08/29 08:41:46 comparison tracing: enabled
2025/08/29 08:41:46 extra coverage: enabled
2025/08/29 08:41:46 setuid sandbox: enabled
2025/08/29 08:41:46 namespace sandbox: enabled
2025/08/29 08:41:46 Android sandbox: enabled
2025/08/29 08:41:46 fault injection: enabled
2025/08/29 08:41:46 leak checking: enabled
2025/08/29 08:41:46 net packet injection: enabled
2025/08/29 08:41:46 net device setup: enabled
2025/08/29 08:41:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:41:46 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:41:46 USB emulation: enabled
2025/08/29 08:41:46 hci packet injection: enabled
2025/08/29 08:41:46 wifi device emulation: enabled
2025/08/29 08:41:46 802.15.4 emulation: enabled
2025/08/29 08:41:46 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:41:46 fetching corpus: 50, signal 24961/28128 (executing program)
2025/08/29 08:41:46 fetching corpus: 100, signal 35058/39216 (executing program)
2025/08/29 08:41:47 fetching corpus: 150, signal 42499/47476 (executing program)
2025/08/29 08:41:47 fetching corpus: 200, signal 50035/55643 (executing program)
2025/08/29 08:41:47 fetching corpus: 250, signal 54974/61143 (executing program)
2025/08/29 08:41:47 fetching corpus: 300, signal 59599/66248 (executing program)
2025/08/29 08:41:47 fetching corpus: 350, signal 64967/71871 (executing program)
2025/08/29 08:41:47 fetching corpus: 400, signal 67438/74826 (executing program)
2025/08/29 08:41:47 fetching corpus: 450, signal 75864/82583 (executing program)
2025/08/29 08:41:47 fetching corpus: 500, signal 77931/84902 (executing program)
2025/08/29 08:41:48 fetching corpus: 550, signal 80105/87291 (executing program)
2025/08/29 08:41:48 fetching corpus: 600, signal 82649/89873 (executing program)
2025/08/29 08:41:48 fetching corpus: 650, signal 84455/91789 (executing program)
2025/08/29 08:41:48 fetching corpus: 700, signal 87227/94379 (executing program)
2025/08/29 08:41:48 fetching corpus: 750, signal 90837/97649 (executing program)
2025/08/29 08:41:48 fetching corpus: 800, signal 92909/99513 (executing program)
2025/08/29 08:41:48 fetching corpus: 850, signal 94018/100688 (executing program)
2025/08/29 08:41:49 fetching corpus: 900, signal 96777/102914 (executing program)
2025/08/29 08:41:49 fetching corpus: 950, signal 98023/104066 (executing program)
2025/08/29 08:41:49 fetching corpus: 1000, signal 99255/105146 (executing program)
2025/08/29 08:41:49 fetching corpus: 1050, signal 100682/106340 (executing program)
2025/08/29 08:41:49 fetching corpus: 1099, signal 101910/107457 (executing program)
2025/08/29 08:41:49 fetching corpus: 1148, signal 102904/108265 (executing program)
2025/08/29 08:41:49 fetching corpus: 1198, signal 104258/109257 (executing program)
2025/08/29 08:41:49 fetching corpus: 1248, signal 105882/110381 (executing program)
2025/08/29 08:41:50 fetching corpus: 1298, signal 107045/111158 (executing program)
2025/08/29 08:41:50 fetching corpus: 1348, signal 108588/112092 (executing program)
2025/08/29 08:41:50 fetching corpus: 1398, signal 110397/113346 (executing program)
2025/08/29 08:41:50 fetching corpus: 1448, signal 111553/113955 (executing program)
2025/08/29 08:41:50 fetching corpus: 1498, signal 112638/114554 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115165 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115210 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115255 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115292 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115320 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115358 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115396 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115433 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115472 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115519 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115562 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115616 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115656 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115691 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115747 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115788 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115840 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115879 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115918 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115960 (executing program)
2025/08/29 08:41:50 fetching corpus: 1548, signal 113894/115998 (executing program)
2025/08/29 08:41:51 fetching corpus: 1548, signal 113894/116026 (executing program)
2025/08/29 08:41:51 fetching corpus: 1548, signal 113894/116061 (executing program)
2025/08/29 08:41:51 fetching corpus: 1548, signal 113894/116101 (executing program)
2025/08/29 08:41:51 fetching corpus: 1548, signal 113894/116131 (executing program)
2025/08/29 08:41:51 fetching corpus: 1548, signal 113894/116131 (executing program)
2025/08/29 08:41:52 starting 8 fuzzer processes
08:41:52 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
r1 = io_uring_setup(0x1ff, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000140)=[r0], 0x1)
dup2(r1, r0)
io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0)
08:41:52 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
08:41:52 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736698fa1b00080801000240004000f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100010e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200010e770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200010e770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200010e770325132510000e7703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100010e770325132510000e77032510300000000002e2e202020202020202020100010e770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200010e770325132510000e770325104001a040000", 0x80, 0x6000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xa000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xe000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x16000}], 0x0, &(0x7f0000010d00))
08:41:52 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0xa, &(0x7f0000000000), 0x4)
08:41:52 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000240)="1e", 0x1}], 0x1, 0x0, 0x0, 0x90)
08:41:52 executing program 3:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
[ 66.657378] audit: type=1400 audit(1756456913.003:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:41:53 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0))
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
08:41:53 executing program 5:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
[ 67.798158] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.800403] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.803224] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.805006] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.807263] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.808016] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.812546] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.815057] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.822653] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.829155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.856485] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.861507] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.863168] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.867737] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.870999] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.981506] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.985980] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.987651] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 68.013330] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 68.015466] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 68.017584] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 68.020130] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 68.022317] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 68.025260] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 68.026586] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 68.026624] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 68.029134] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 68.030667] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 68.033183] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 68.045183] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 68.046800] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 68.047064] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 68.054459] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 68.060033] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 68.068289] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 68.070032] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 68.082346] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 68.088105] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 68.107933] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 68.135999] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 69.883254] Bluetooth: hci0: command tx timeout
[ 69.883261] Bluetooth: hci2: command tx timeout
[ 69.883368] Bluetooth: hci1: command tx timeout
[ 70.074907] Bluetooth: hci3: command tx timeout
[ 70.138892] Bluetooth: hci6: command tx timeout
[ 70.139564] Bluetooth: hci7: command tx timeout
[ 70.203796] Bluetooth: hci4: command tx timeout
[ 70.267751] Bluetooth: hci5: command tx timeout
[ 71.931837] Bluetooth: hci1: command tx timeout
[ 71.932648] Bluetooth: hci0: command tx timeout
[ 71.932670] Bluetooth: hci2: command tx timeout
[ 72.122914] Bluetooth: hci3: command tx timeout
[ 72.187739] Bluetooth: hci6: command tx timeout
[ 72.187764] Bluetooth: hci7: command tx timeout
[ 72.251243] Bluetooth: hci4: command tx timeout
[ 72.314769] Bluetooth: hci5: command tx timeout
[ 73.978833] Bluetooth: hci2: command tx timeout
[ 73.980374] Bluetooth: hci0: command tx timeout
[ 73.980397] Bluetooth: hci1: command tx timeout
[ 74.172751] Bluetooth: hci3: command tx timeout
[ 74.234783] Bluetooth: hci7: command tx timeout
[ 74.235751] Bluetooth: hci6: command tx timeout
[ 74.298823] Bluetooth: hci4: command tx timeout
[ 74.362778] Bluetooth: hci5: command tx timeout
[ 76.027783] Bluetooth: hci0: command tx timeout
[ 76.027814] Bluetooth: hci2: command tx timeout
[ 76.028245] Bluetooth: hci1: command tx timeout
[ 76.218753] Bluetooth: hci3: command tx timeout
[ 76.283912] Bluetooth: hci6: command tx timeout
[ 76.284343] Bluetooth: hci7: command tx timeout
[ 76.349722] Bluetooth: hci4: command tx timeout
[ 76.410806] Bluetooth: hci5: command tx timeout
[ 107.826106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.827300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.016528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.017175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.212834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.213453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.378574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.379210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.503106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.503902] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.626399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.627118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.689293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.689948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:42:35 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0))
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
[ 108.777029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.777643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.826419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.827046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.917959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.918591] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.962383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.963017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.009382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.010032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.059933] loop6: detected capacity change from 0 to 352
[ 109.244829] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.245446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.283828] audit: type=1400 audit(1756456955.628:8): avc: denied { open } for pid=3883 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 109.287053] audit: type=1400 audit(1756456955.629:9): avc: denied { kernel } for pid=3883 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 109.330633] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.331441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.538833] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.539469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.580018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.580628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:42:36 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
08:42:36 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0))
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
08:42:36 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0xa, &(0x7f0000000000), 0x4)
08:42:36 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736698fa1b00080801000240004000f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100010e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200010e770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200010e770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200010e770325132510000e7703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100010e770325132510000e77032510300000000002e2e202020202020202020100010e770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200010e770325132510000e770325104001a040000", 0x80, 0x6000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xa000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xe000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x16000}], 0x0, &(0x7f0000010d00))
08:42:36 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
08:42:36 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000240)="1e", 0x1}], 0x1, 0x0, 0x0, 0x90)
08:42:36 executing program 5:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
08:42:36 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
r1 = io_uring_setup(0x1ff, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000140)=[r0], 0x1)
dup2(r1, r0)
io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0)
[ 109.786713] loop6: detected capacity change from 0 to 352
08:42:36 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0))
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
08:42:36 executing program 5:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
08:42:36 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
08:42:36 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736698fa1b00080801000240004000f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100010e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200010e770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200010e770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200010e770325132510000e7703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100010e770325132510000e77032510300000000002e2e202020202020202020100010e770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200010e770325132510000e770325104001a040000", 0x80, 0x6000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xa000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xe000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x16000}], 0x0, &(0x7f0000010d00))
08:42:36 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
08:42:36 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0xa, &(0x7f0000000000), 0x4)
[ 109.924494] loop6: detected capacity change from 0 to 352
08:42:36 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0xa, &(0x7f0000000000), 0x4)
08:42:36 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
r1 = io_uring_setup(0x1ff, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000140)=[r0], 0x1)
dup2(r1, r0)
io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0)
08:42:36 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
r1 = io_uring_setup(0x1ff, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000140)=[r0], 0x1)
dup2(r1, r0)
io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0)
08:42:36 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000240)="1e", 0x1}], 0x1, 0x0, 0x0, 0x90)
08:42:36 executing program 5:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
08:42:36 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736698fa1b00080801000240004000f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100010e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200010e770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200010e770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200010e770325132510000e7703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100010e770325132510000e77032510300000000002e2e202020202020202020100010e770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200010e770325132510000e770325104001a040000", 0x80, 0x6000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xa000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xe000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x16000}], 0x0, &(0x7f0000010d00))
08:42:36 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
08:42:36 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x19, 0x0, 0x8000000000000)
[ 110.008063] BUG: unable to handle page fault for address: ffffed10212c903e
[ 110.008662] #PF: supervisor read access in kernel mode
[ 110.009090] #PF: error_code(0x0000) - not-present page
[ 110.009508] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 110.010558] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[ 110.011575] CPU: 0 UID: 0 PID: 3938 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 110.013842] Tainted: [W]=WARN
[ 110.014809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.016481] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.017522] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.019235] RSP: 0018:ffff888044cdf800 EFLAGS: 00010212
[ 110.019660] RAX: 1ffff110212c903e RBX: ffff888109648000 RCX: ffffc90006e50000
[ 110.020234] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff8881096481f0
[ 110.020808] RBP: ffff888044cdfa70 R08: ffff88806ce31340 R09: ffffe8ffffc167f0
[ 110.021372] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.021939] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 110.022013] loop6: detected capacity change from 0 to 352
[ 110.022504] FS: 00007fef17717700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 110.023570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.024050] CR2: ffffed10212c903e CR3: 00000000436b8000 CR4: 0000000000350ef0
[ 110.024619] Call Trace:
[ 110.024833]
[ 110.025018] ? perf_swevent_event+0x63/0x3f0
[ 110.025386] ? __pfx_perf_tp_event+0x10/0x10
[ 110.025750] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 110.026153] ? perf_swevent_event+0x63/0x3f0
[ 110.026515] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 110.026916] ? perf_swevent_event+0x63/0x3f0
[ 110.027279] ? perf_tp_event+0x807/0xe70
[ 110.027614] ? __pfx_perf_tp_event+0x10/0x10
[ 110.027983] ? __perf_install_in_context+0x503/0xb90
[ 110.028389] ? do_raw_spin_unlock+0x53/0x220
[ 110.028761] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.029163] perf_trace_run_bpf_submit+0xef/0x180
[ 110.029558] perf_trace_lock+0x337/0x5d0
[ 110.029895] ? __pfx_perf_trace_lock+0x10/0x10
[ 110.030265] ? lock_acquire+0x15e/0x2f0
[ 110.030587] ? futex_ref_get+0x48/0x300
[ 110.030911] ? futex_ref_get+0x114/0x300
[ 110.030962] kmemleak: Found object by alias at 0x607f1a639124
[ 110.030974] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 110.030991] Tainted: [W]=WARN
[ 110.030995] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.031001] Call Trace:
[ 110.031005]
[ 110.031009] dump_stack_lvl+0xca/0x120
[ 110.031034] __lookup_object+0x94/0xb0
[ 110.031054] delete_object_full+0x27/0x70
[ 110.031069] free_percpu+0x30/0x1160
[ 110.031085] ? arch_uprobe_clear_state+0x16/0x140
[ 110.031103] futex_hash_free+0x38/0xc0
[ 110.031116] mmput+0x2d3/0x390
[ 110.031134] do_exit+0x79d/0x2970
[ 110.031149] ? __pfx_do_exit+0x10/0x10
[ 110.031162] ? find_held_lock+0x2b/0x80
[ 110.031178] ? get_signal+0x835/0x2340
[ 110.031197] do_group_exit+0xd3/0x2a0
[ 110.031211] get_signal+0x2315/0x2340
[ 110.031227] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 110.031242] ? __pfx_get_signal+0x10/0x10
[ 110.031258] ? __schedule+0xe91/0x3590
[ 110.031276] arch_do_signal_or_restart+0x80/0x790
[ 110.031293] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 110.031309] ? __x64_sys_futex+0x1c9/0x4d0
[ 110.031321] ? __x64_sys_futex+0x1d2/0x4d0
[ 110.031334] ? __pfx_do_pwritev+0x10/0x10
[ 110.031346] ? __pfx___x64_sys_futex+0x10/0x10
[ 110.031359] ? xfd_validate_state+0x55/0x180
[ 110.031378] exit_to_user_mode_loop+0x8b/0x110
[ 110.031390] do_syscall_64+0x2f7/0x360
[ 110.031402] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.031414] RIP: 0033:0x7f960f67db19
[ 110.031422] Code: Unable to access opcode bytes at 0x7f960f67daef.
[ 110.031428] RSP: 002b:00007f960cbf3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.031438] RAX: 0000000000000001 RBX: 00007f960f790f68 RCX: 00007f960f67db19
[ 110.031446] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f960f790f6c
[ 110.031453] RBP: 00007f960f790f60 R08: 000000000000000e R09: 0000000000000000
[ 110.031459] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f960f790f6c
[ 110.031466] R13: 00007fffce3288cf R14: 00007f960cbf3300 R15: 0000000000022000
[ 110.031478]
[ 110.031482] kmemleak: Object (percpu) 0x607f1a639120 (size 8):
[ 110.031489] kmemleak: comm "syz-executor.0", pid 3933, jiffies 4294776887
[ 110.031496] kmemleak: min_count = 1
[ 110.031499] kmemleak: count = 0
[ 110.031503] kmemleak: flags = 0x21
[ 110.031507] kmemleak: checksum = 0
[ 110.031510] kmemleak: backtrace:
[ 110.031514] pcpu_alloc_noprof+0x87a/0x1170
[ 110.031528] percpu_ref_init+0x37/0x400
[ 110.031546] io_uring_setup+0x44c/0x2000
[ 110.031558] __x64_sys_io_uring_setup+0xc8/0x170
[ 110.031569] do_syscall_64+0xbf/0x360
[ 110.031577] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.051187] ? futex_hash+0x15c/0x390
[ 110.051497] lock_release+0x1ab/0x290
[ 110.051821] ? futex_hash+0x15c/0x390
[ 110.052134] futex_ref_get+0x119/0x300
[ 110.052451] ? futex_hash+0x15c/0x390
[ 110.052758] futex_hash+0x70/0x390
[ 110.053052] futex_wake+0x143/0x540
[ 110.053355] ? __pfx_perf_trace_lock+0x10/0x10
[ 110.053734] ? __pfx_futex_wake+0x10/0x10
[ 110.054075] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 110.054492] ? lock_release+0xc8/0x290
[ 110.054816] do_futex+0x26d/0x370
[ 110.055109] ? __pfx_do_futex+0x10/0x10
[ 110.055440] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 110.055878] ? find_held_lock+0x2b/0x80
[ 110.056213] __x64_sys_futex+0x1c9/0x4d0
[ 110.056554] ? __pfx___x64_sys_futex+0x10/0x10
[ 110.056932] ? xfd_validate_state+0x55/0x180
[ 110.057307] do_syscall_64+0xbf/0x360
[ 110.057624] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.058047] RIP: 0033:0x7fef1a1a1b19
[ 110.058346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.059799] RSP: 002b:00007fef17717218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.060400] RAX: ffffffffffffffda RBX: 00007fef1a2b4f68 RCX: 00007fef1a1a1b19
[ 110.060970] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef1a2b4f6c
[ 110.061547] RBP: 00007fef1a2b4f60 R08: 000000000000000e R09: 0000000000000000
[ 110.062122] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fef1a2b4f6c
[ 110.062697] R13: 00007ffc5c67071f R14: 00007fef17717300 R15: 0000000000022000
[ 110.063279]
[ 110.063473] Modules linked in:
[ 110.063737] CR2: ffffed10212c903e
[ 110.064029] ---[ end trace 0000000000000000 ]---
[ 110.064407] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.064792] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.066247] RSP: 0018:ffff888044cdf800 EFLAGS: 00010212
[ 110.066674] RAX: 1ffff110212c903e RBX: ffff888109648000 RCX: ffffc90006e50000
[ 110.067242] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff8881096481f0
[ 110.067818] RBP: ffff888044cdfa70 R08: ffff88806ce31340 R09: ffffe8ffffc167f0
[ 110.068395] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.068969] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 110.069541] FS: 00007fef17717700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 110.070184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.070650] CR2: ffffed10212c903e CR3: 00000000436b8000 CR4: 0000000000350ef0
[ 110.071233] note: syz-executor.2[3938] exited with irqs disabled
[ 110.071741] BUG: unable to handle page fault for address: ffffed10212c903e
[ 110.072294] #PF: supervisor read access in kernel mode
[ 110.072712] #PF: error_code(0x0000) - not-present page
[ 110.073124] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 110.073578] Oops: Oops: 0000 [#2] SMP KASAN NOPTI
[ 110.073972] CPU: 0 UID: 0 PID: 3938 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 110.074916] Tainted: [D]=DIE, [W]=WARN
[ 110.075233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.075907] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.076293] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.077759] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 110.078190] RAX: 1ffff110212c903e RBX: ffff888109648000 RCX: 0000000000000002
[ 110.078761] RDX: ffff888017bdb700 RSI: ffffffff818995b7 RDI: ffff8881096481f0
[ 110.079333] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc167f0
[ 110.079911] R10: 0000000000000000 R11: ffff88801b9ff498 R12: dffffc0000000000
[ 110.080481] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000
[ 110.081055] FS: 00007fef17717700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 110.081706] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.082172] CR2: ffffed10212c903e CR3: 00000000436b8000 CR4: 0000000000350ef0
[ 110.082747] Call Trace:
[ 110.082966]
[ 110.083151] ? __pfx_perf_tp_event+0x10/0x10
[ 110.083515] ? stack_depot_save_flags+0x2c/0xa20
[ 110.083918] ? kasan_save_stack+0x34/0x50
[ 110.084259] ? kasan_save_stack+0x24/0x50
[ 110.084595] ? kasan_save_track+0x14/0x30
[ 110.084940] ? __kasan_save_free_info+0x3a/0x60
[ 110.085319] ? __kasan_slab_free+0x3f/0x50
[ 110.085667] ? kmem_cache_free+0x2a1/0x540
[ 110.086012] ? rcu_core+0x7c8/0x1800
[ 110.086320] ? handle_softirqs+0x1b1/0x770
[ 110.086677] ? __irq_exit_rcu+0xc4/0x100
[ 110.087023] ? irq_exit_rcu+0x9/0x20
[ 110.087327] ? sysvec_apic_timer_interrupt+0x70/0x80
[ 110.087745] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 110.088187] ? unwind_next_frame+0x16d9/0x2540
[ 110.088565] ? __unwind_start+0x517/0x7c0
[ 110.088905] ? arch_stack_walk+0x62/0xf0
[ 110.089233] ? stack_trace_save+0x8e/0xc0
[ 110.089571] ? kasan_save_stack+0x24/0x50
08:42:36 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000240)="1e", 0x1}], 0x1, 0x0, 0x0, 0x90)
08:42:36 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
r1 = io_uring_setup(0x1ff, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000140)=[r0], 0x1)
dup2(r1, r0)
io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0)
[ 110.089910] ? kasan_save_track+0x14/0x30
[ 110.090378] ? __kasan_kmalloc+0x7f/0x90
[ 110.090717] ? find_get_context+0xcb/0x680
[ 110.091066] ? __do_sys_perf_event_open+0xa16/0x2c20
[ 110.091497] ? kvm_sched_clock_read+0x16/0x30
[ 110.091878] ? sched_clock+0x37/0x60
[ 110.092186] ? sched_clock_cpu+0x6c/0x4e0
[ 110.092528] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.092936] perf_trace_run_bpf_submit+0xef/0x180
[ 110.093334] perf_trace_lock+0x337/0x5d0
[ 110.093671] ? update_cfs_group+0x11d/0x260
[ 110.094025] ? kvm_sched_clock_read+0x16/0x30
[ 110.094395] ? __pfx_perf_trace_lock+0x10/0x10
[ 110.094773] ? check_preempt_wakeup_fair+0x6e/0x950
[ 110.095183] ? sched_ttwu_pending+0x2e0/0x4a0
[ 110.095553] lock_release+0x1ab/0x290
[ 110.095879] ? ttwu_do_activate+0x1a4/0x8a0
[ 110.096251] _raw_spin_unlock+0x16/0x40
[ 110.096583] sched_ttwu_pending+0x2e0/0x4a0
[ 110.096939] ? __pfx_sched_ttwu_pending+0x10/0x10
[ 110.097343] ? mark_held_locks+0x49/0x80
[ 110.097679] ? invalidate_bh_lru+0x135/0x180
[ 110.098040] __flush_smp_call_function_queue+0x434/0x740
[ 110.098484] __sysvec_call_function_single+0x6d/0x370
[ 110.098909] sysvec_call_function_single+0xa1/0xc0
[ 110.099313]
[ 110.099500]
[ 110.099695] asm_sysvec_call_function_single+0x1a/0x20
[ 110.100134] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 110.100521] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 110.101988] RSP: 0018:ffff888044cdff28 EFLAGS: 00000246
[ 110.102422] RAX: 0000000000000001 RBX: ffff888017bdb700 RCX: ffffffff817c2b86
[ 110.103001] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 110.103577] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 110.104165] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888017bdb700
[ 110.104734] R13: 0000000000000009 R14: ffff888044cdf7e0 R15: 0000000000000000
[ 110.105308] ? trace_irq_enable.constprop.0+0x26/0x100
[ 110.105772] ? make_task_dead+0x214/0x3b0
[ 110.106195] ? make_task_dead+0x214/0x3b0
[ 110.106534] ? do_syscall_64+0xbf/0x360
[ 110.106860] rewind_stack_and_make_dead+0x16/0x20
[ 110.107257] RIP: 0033:0x7fef1a1a1b19
[ 110.107561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.109007] RSP: 002b:00007fef17717218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.109618] RAX: ffffffffffffffda RBX: 00007fef1a2b4f68 RCX: 00007fef1a1a1b19
[ 110.110188] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef1a2b4f6c
[ 110.110762] RBP: 00007fef1a2b4f60 R08: 000000000000000e R09: 0000000000000000
[ 110.111336] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fef1a2b4f6c
[ 110.111921] R13: 00007ffc5c67071f R14: 00007fef17717300 R15: 0000000000022000
[ 110.112509]
[ 110.112699] Modules linked in:
[ 110.112960] CR2: ffffed10212c903e
[ 110.113241] ---[ end trace 0000000000000000 ]---
[ 110.113621] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.114011] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.115483] RSP: 0018:ffff888044cdf800 EFLAGS: 00010212
[ 110.115919] RAX: 1ffff110212c903e RBX: ffff888109648000 RCX: ffffc90006e50000
[ 110.116495] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff8881096481f0
[ 110.117064] RBP: ffff888044cdfa70 R08: ffff88806ce31340 R09: ffffe8ffffc167f0
[ 110.117637] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.118216] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 110.118802] FS: 00007fef17717700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 110.119455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.119938] CR2: ffffed10212c903e CR3: 00000000436b8000 CR4: 0000000000350ef0
[ 110.120514] Kernel panic - not syncing: Fatal exception in interrupt
[ 110.121204] Kernel Offset: disabled
[ 110.121498] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:42:36 Registers:
info registers vcpu 0
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888044cdf048
R8 =0000000000000000 R9 =ffffed10014f0046 R10=0000000000000031 R11=3a6465746e696154
R12=0000000000000031 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fef17717700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed10212c903e CR3=00000000436b8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fef1a2887c000007fef1a2887c8
XMM02=00007fef1a2887e000007fef1a2887c0 XMM03=00007fef1a2887c800007fef1a2887c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff819ba4e6 RDX=ffff888017850000
RSI=0000000000000000 RDI=0000000000000001 RBP=80000000374f7067 RSP=ffff888044cbf6b0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffffffff819bae09 R13=0000000000000000 R14=0000000000000007 R15=00007fae90906000
RIP=ffffffff8173e784 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe2500000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d622000 CR3=0000000020c5b000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff81209610ffffffff812095ec XMM01=ffffffff812c8387ffffffff812c8313
XMM02=ffffffff8136dd7affffffff812c8387 XMM03=ffffffff812c8313ffffffff81209610
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000