Warning: Permanently added '[localhost]:45984' (ECDSA) to the list of known hosts.
2025/08/29 08:14:45 fuzzer started
2025/08/29 08:14:46 dialing manager at localhost:43077
syzkaller login: [ 51.605662] cgroup: Unknown subsys name 'net'
[ 51.655284] cgroup: Unknown subsys name 'cpuset'
[ 51.667556] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:14:55 syscalls: 2214
2025/08/29 08:14:55 code coverage: enabled
2025/08/29 08:14:55 comparison tracing: enabled
2025/08/29 08:14:55 extra coverage: enabled
2025/08/29 08:14:55 setuid sandbox: enabled
2025/08/29 08:14:55 namespace sandbox: enabled
2025/08/29 08:14:55 Android sandbox: enabled
2025/08/29 08:14:55 fault injection: enabled
2025/08/29 08:14:55 leak checking: enabled
2025/08/29 08:14:55 net packet injection: enabled
2025/08/29 08:14:55 net device setup: enabled
2025/08/29 08:14:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:14:55 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:14:55 USB emulation: enabled
2025/08/29 08:14:55 hci packet injection: enabled
2025/08/29 08:14:55 wifi device emulation: enabled
2025/08/29 08:14:55 802.15.4 emulation: enabled
2025/08/29 08:14:55 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:14:56 fetching corpus: 50, signal 27927/30667 (executing program)
2025/08/29 08:14:56 fetching corpus: 100, signal 39792/43075 (executing program)
2025/08/29 08:14:56 fetching corpus: 150, signal 47857/51496 (executing program)
2025/08/29 08:14:56 fetching corpus: 200, signal 54082/57880 (executing program)
2025/08/29 08:14:56 fetching corpus: 250, signal 57122/61205 (executing program)
2025/08/29 08:14:56 fetching corpus: 300, signal 60071/64331 (executing program)
2025/08/29 08:14:56 fetching corpus: 350, signal 64688/68716 (executing program)
2025/08/29 08:14:57 fetching corpus: 400, signal 69279/72927 (executing program)
2025/08/29 08:14:57 fetching corpus: 450, signal 73530/76769 (executing program)
2025/08/29 08:14:57 fetching corpus: 500, signal 75234/78375 (executing program)
2025/08/29 08:14:57 fetching corpus: 550, signal 77306/80083 (executing program)
2025/08/29 08:14:57 fetching corpus: 600, signal 79763/82086 (executing program)
2025/08/29 08:14:57 fetching corpus: 650, signal 81839/83655 (executing program)
2025/08/29 08:14:57 fetching corpus: 700, signal 83663/84993 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85118 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85221 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85315 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85416 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85487 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85577 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85659 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85751 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85850 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/85925 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86021 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86111 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86206 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86309 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86398 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86485 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86584 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86664 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86762 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86856 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86922 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/86992 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87065 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87147 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87224 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87338 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87428 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87480 (executing program)
2025/08/29 08:14:58 fetching corpus: 702, signal 83742/87480 (executing program)
2025/08/29 08:15:00 starting 8 fuzzer processes
08:15:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:00 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xb})
08:15:00 executing program 7:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x1200, 0x9})
08:15:00 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:00 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x7, &(0x7f0000000140), 0x4)
08:15:00 executing program 4:
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1, 0x1}, {&(0x7f00000004c0)="ef", 0x1, 0xa1a}], 0x0, 0x0)
[ 65.826351] audit: type=1400 audit(1756455300.581:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:15:00 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004740)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)="c3", 0x7fffeffe}, {&(0x7f00000002c0)="03", 0x1}, {&(0x7f0000000340)="c6", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000480)="97", 0x1}], 0x1}}], 0x3, 0x8440)
08:15:00 executing program 6:
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81202c51}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
[ 67.047507] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.052650] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.056035] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.058384] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.062318] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.064579] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.067264] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.068877] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.075872] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.081991] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.103304] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.110830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.114263] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.127080] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.130314] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.132539] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.136010] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.144461] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.146297] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.147920] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.169237] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.171034] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.173219] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 67.174797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.180255] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.186435] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.193214] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.197080] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.200539] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.202008] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.202215] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.208185] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.209657] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.209910] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 67.235124] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.239293] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.239392] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.252046] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 67.253219] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.264412] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 69.137265] Bluetooth: hci0: command tx timeout
[ 69.137269] Bluetooth: hci1: command tx timeout
[ 69.203779] Bluetooth: hci2: command tx timeout
[ 69.265806] Bluetooth: hci5: command tx timeout
[ 69.266455] Bluetooth: hci3: command tx timeout
[ 69.266759] Bluetooth: hci4: command tx timeout
[ 69.328863] Bluetooth: hci7: command tx timeout
[ 69.392836] Bluetooth: hci6: command tx timeout
[ 71.186574] Bluetooth: hci0: command tx timeout
[ 71.187940] Bluetooth: hci1: command tx timeout
[ 71.249066] Bluetooth: hci2: command tx timeout
[ 71.312970] Bluetooth: hci4: command tx timeout
[ 71.313392] Bluetooth: hci3: command tx timeout
[ 71.314036] Bluetooth: hci5: command tx timeout
[ 71.376966] Bluetooth: hci7: command tx timeout
[ 71.442746] Bluetooth: hci6: command tx timeout
[ 73.232810] Bluetooth: hci1: command tx timeout
[ 73.233275] Bluetooth: hci0: command tx timeout
[ 73.296778] Bluetooth: hci2: command tx timeout
[ 73.360894] Bluetooth: hci5: command tx timeout
[ 73.361371] Bluetooth: hci3: command tx timeout
[ 73.362313] Bluetooth: hci4: command tx timeout
[ 73.425737] Bluetooth: hci7: command tx timeout
[ 73.488870] Bluetooth: hci6: command tx timeout
[ 75.280895] Bluetooth: hci0: command tx timeout
[ 75.281363] Bluetooth: hci1: command tx timeout
[ 75.345743] Bluetooth: hci2: command tx timeout
[ 75.408785] Bluetooth: hci4: command tx timeout
[ 75.409914] Bluetooth: hci3: command tx timeout
[ 75.410329] Bluetooth: hci5: command tx timeout
[ 75.473772] Bluetooth: hci7: command tx timeout
[ 75.536765] Bluetooth: hci6: command tx timeout
[ 102.327916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.329080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.516452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.517733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.715759] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.716899] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.903575] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.904390] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.958394] audit: type=1400 audit(1756455337.713:8): avc: denied { open } for pid=3836 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 102.968817] audit: type=1400 audit(1756455337.713:9): avc: denied { kernel } for pid=3836 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
08:15:37 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:38 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
[ 103.378445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.379080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:15:38 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:38 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xb})
[ 103.510759] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.511359] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:15:38 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:38 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xb})
[ 103.630303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.630884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:15:38 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:38 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xb})
[ 103.691494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.692123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.750090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.750658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.751749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.752352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.822491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.823189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.855652] loop4: detected capacity change from 0 to 10
[ 103.858305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.858934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.886343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.886977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.938663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.939308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.049774] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.050398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.097249] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.098312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:15:39 executing program 4:
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1, 0x1}, {&(0x7f00000004c0)="ef", 0x1, 0xa1a}], 0x0, 0x0)
08:15:39 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004740)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)="c3", 0x7fffeffe}, {&(0x7f00000002c0)="03", 0x1}, {&(0x7f0000000340)="c6", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000480)="97", 0x1}], 0x1}}], 0x3, 0x8440)
08:15:39 executing program 7:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x1200, 0x9})
08:15:39 executing program 6:
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81202c51}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:15:39 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:39 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x7, &(0x7f0000000140), 0x4)
[ 104.297801] loop4: detected capacity change from 0 to 10
08:15:39 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x7, &(0x7f0000000140), 0x4)
08:15:39 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004740)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)="c3", 0x7fffeffe}, {&(0x7f00000002c0)="03", 0x1}, {&(0x7f0000000340)="c6", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000480)="97", 0x1}], 0x1}}], 0x3, 0x8440)
08:15:39 executing program 6:
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81202c51}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:15:39 executing program 7:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x1200, 0x9})
08:15:39 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
[ 104.430512] kmemleak: Found object by alias at 0x607f1a6394c4
[ 104.430533] CPU: 0 UID: 0 PID: 3930 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 104.430551] Tainted: [W]=WARN
[ 104.430555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 104.430562] Call Trace:
[ 104.430566]
[ 104.430571] dump_stack_lvl+0xca/0x120
[ 104.430596] __lookup_object+0x94/0xb0
[ 104.430613] delete_object_full+0x27/0x70
[ 104.430629] free_percpu+0x30/0x1160
[ 104.430645] ? arch_uprobe_clear_state+0x16/0x140
[ 104.430669] futex_hash_free+0x38/0xc0
[ 104.430683] mmput+0x2d3/0x390
[ 104.430702] do_exit+0x79d/0x2970
[ 104.430715] ? signal_wake_up_state+0x85/0x120
[ 104.430731] ? zap_other_threads+0x2b9/0x3a0
[ 104.430746] ? __pfx_do_exit+0x10/0x10
[ 104.430759] ? do_group_exit+0x1c3/0x2a0
[ 104.430772] ? lock_release+0xc8/0x290
[ 104.430788] do_group_exit+0xd3/0x2a0
[ 104.430803] __x64_sys_exit_group+0x3e/0x50
[ 104.430816] x64_sys_call+0x18c5/0x18d0
[ 104.430833] do_syscall_64+0xbf/0x360
[ 104.430845] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.430856] RIP: 0033:0x7f21e3001b19
[ 104.430865] Code: Unable to access opcode bytes at 0x7f21e3001aef.
[ 104.430870] RSP: 002b:00007fff008a33d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 104.430881] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f21e3001b19
[ 104.430889] RDX: 00007f21e2fb472b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 104.430896] RBP: 0000000000000000 R08: 0000001b2cd25c00 R09: 0000000000000000
[ 104.430903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 104.430910] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff008a34c0
[ 104.430926]
[ 104.430929] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8):
[ 104.430936] kmemleak: comm "syz-executor.1", pid 3940, jiffies 4294771292
[ 104.430942] kmemleak: min_count = 1
[ 104.430946] kmemleak: count = 0
[ 104.430950] kmemleak: flags = 0x21
[ 104.430953] kmemleak: checksum = 0
[ 104.430957] kmemleak: backtrace:
[ 104.430960] pcpu_alloc_noprof+0x87a/0x1170
[ 104.430974] perf_trace_event_init+0x366/0xa10
[ 104.430988] perf_trace_init+0x1a4/0x2f0
[ 104.430999] perf_tp_event_init+0xa6/0x120
[ 104.431015] perf_try_init_event+0x140/0x9f0
[ 104.431028] perf_event_alloc.part.0+0x118e/0x45f0
[ 104.431043] __do_sys_perf_event_open+0x719/0x2c20
[ 104.431056] do_syscall_64+0xbf/0x360
[ 104.431064] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:15:39 executing program 4:
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1, 0x1}, {&(0x7f00000004c0)="ef", 0x1, 0xa1a}], 0x0, 0x0)
08:15:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 7:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x1200, 0x9})
08:15:39 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004740)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)="c3", 0x7fffeffe}, {&(0x7f00000002c0)="03", 0x1}, {&(0x7f0000000340)="c6", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000480)="97", 0x1}], 0x1}}], 0x3, 0x8440)
08:15:39 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x7, &(0x7f0000000140), 0x4)
08:15:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 6:
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81202c51}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:15:39 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
[ 104.596098] loop4: detected capacity change from 0 to 10
[ 104.602014] kmemleak: Found object by alias at 0x607f1a6394c4
[ 104.602031] CPU: 0 UID: 0 PID: 3944 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 104.602049] Tainted: [W]=WARN
[ 104.602053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 104.602060] Call Trace:
[ 104.602064]
[ 104.602069] dump_stack_lvl+0xca/0x120
[ 104.602091] __lookup_object+0x94/0xb0
[ 104.602108] delete_object_full+0x27/0x70
[ 104.602123] free_percpu+0x30/0x1160
[ 104.602139] ? arch_uprobe_clear_state+0x16/0x140
[ 104.602159] futex_hash_free+0x38/0xc0
[ 104.602173] mmput+0x2d3/0x390
[ 104.602192] do_exit+0x79d/0x2970
[ 104.602205] ? signal_wake_up_state+0x85/0x120
[ 104.602220] ? zap_other_threads+0x2b9/0x3a0
[ 104.602236] ? __pfx_do_exit+0x10/0x10
[ 104.602248] ? do_group_exit+0x1c3/0x2a0
[ 104.602261] ? lock_release+0xc8/0x290
[ 104.602278] do_group_exit+0xd3/0x2a0
[ 104.602293] __x64_sys_exit_group+0x3e/0x50
[ 104.602306] x64_sys_call+0x18c5/0x18d0
[ 104.602320] do_syscall_64+0xbf/0x360
[ 104.602332] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.602343] RIP: 0033:0x7f21e3001b19
[ 104.602351] Code: Unable to access opcode bytes at 0x7f21e3001aef.
[ 104.602356] RSP: 002b:00007fff008a33d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 104.602367] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f21e3001b19
[ 104.602375] RDX: 00007f21e2fb472b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 104.602382] RBP: 0000000000000000 R08: 0000001b2cd25958 R09: 0000000000000000
[ 104.602388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 104.602395] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff008a34c0
[ 104.602410]
[ 104.602414] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8):
[ 104.602421] kmemleak: comm "syz-executor.1", pid 3953, jiffies 4294771451
[ 104.602427] kmemleak: min_count = 1
[ 104.602431] kmemleak: count = 0
[ 104.602434] kmemleak: flags = 0x21
[ 104.602438] kmemleak: checksum = 0
[ 104.602441] kmemleak: backtrace:
[ 104.602445] pcpu_alloc_noprof+0x87a/0x1170
[ 104.602459] perf_trace_event_init+0x366/0xa10
[ 104.602473] perf_trace_init+0x1a4/0x2f0
[ 104.602484] perf_tp_event_init+0xa6/0x120
[ 104.602511] perf_try_init_event+0x140/0x9f0
[ 104.602524] perf_event_alloc.part.0+0x118e/0x45f0
[ 104.602540] __do_sys_perf_event_open+0x719/0x2c20
[ 104.602552] do_syscall_64+0xbf/0x360
[ 104.602561] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:15:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:39 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r1, &(0x7f0000000140)=""/199, 0xc7, 0xff)
08:15:39 executing program 4:
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1, 0x1}, {&(0x7f00000004c0)="ef", 0x1, 0xa1a}], 0x0, 0x0)
08:15:39 executing program 1:
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)={0x0, 0x1, 'G'})
08:15:39 executing program 5:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
[ 104.787076] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 104.793911] 9pnet_fd: Insufficient options for proto=fd
[ 104.814408] loop4: detected capacity change from 0 to 10
08:15:39 executing program 1:
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)={0x0, 0x1, 'G'})
[ 104.839248] kmemleak: Found object by alias at 0x607f1a6394c4
[ 104.839266] CPU: 1 UID: 0 PID: 3963 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 104.839284] Tainted: [W]=WARN
[ 104.839287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 104.839294] Call Trace:
[ 104.839299]
[ 104.839303] dump_stack_lvl+0xca/0x120
[ 104.839328] __lookup_object+0x94/0xb0
[ 104.839345] delete_object_full+0x27/0x70
[ 104.839360] free_percpu+0x30/0x1160
[ 104.839377] ? arch_uprobe_clear_state+0x16/0x140
[ 104.839397] futex_hash_free+0x38/0xc0
[ 104.839410] mmput+0x2d3/0x390
[ 104.839429] do_exit+0x79d/0x2970
[ 104.839442] ? signal_wake_up_state+0x85/0x120
[ 104.839458] ? zap_other_threads+0x2b9/0x3a0
[ 104.839473] ? __pfx_do_exit+0x10/0x10
[ 104.839485] ? do_group_exit+0x1c3/0x2a0
[ 104.839498] ? lock_release+0xc8/0x290
[ 104.839515] do_group_exit+0xd3/0x2a0
[ 104.839530] __x64_sys_exit_group+0x3e/0x50
[ 104.839543] x64_sys_call+0x18c5/0x18d0
[ 104.839559] do_syscall_64+0xbf/0x360
[ 104.839570] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.839581] RIP: 0033:0x7f21e3001b19
[ 104.839590] Code: Unable to access opcode bytes at 0x7f21e3001aef.
[ 104.839595] RSP: 002b:00007fff008a33d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 104.839606] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f21e3001b19
[ 104.839613] RDX: 00007f21e2fb472b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 104.839620] RBP: 0000000000000000 R08: 0000001b2cd259a8 R09: 0000000000000000
[ 104.839627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 104.839633] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff008a34c0
[ 104.839649]
[ 104.839652] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8):
[ 104.839659] kmemleak: comm "syz-executor.6", pid 3970, jiffies 4294771661
[ 104.839666] kmemleak: min_count = 1
[ 104.839670] kmemleak: count = 0
[ 104.839673] kmemleak: flags = 0x21
[ 104.839677] kmemleak: checksum = 0
[ 104.839680] kmemleak: backtrace:
[ 104.839683] pcpu_alloc_noprof+0x87a/0x1170
[ 104.839698] perf_trace_event_init+0x366/0xa10
[ 104.839717] perf_trace_init+0x1a4/0x2f0
[ 104.839728] perf_tp_event_init+0xa6/0x120
[ 104.839743] perf_try_init_event+0x140/0x9f0
[ 104.839756] perf_event_alloc.part.0+0x118e/0x45f0
[ 104.839772] __do_sys_perf_event_open+0x719/0x2c20
[ 104.839783] do_syscall_64+0xbf/0x360
[ 104.839792] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:15:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r1, &(0x7f0000000140)=""/199, 0xc7, 0xff)
[ 104.876446] 9pnet_fd: Insufficient options for proto=fd
08:15:39 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r1, &(0x7f0000000140)=""/199, 0xc7, 0xff)
08:15:39 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
08:15:39 executing program 5:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
08:15:39 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
[ 105.011602] 9pnet_fd: Insufficient options for proto=fd
08:15:39 executing program 1:
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)={0x0, 0x1, 'G'})
[ 105.021585] kmemleak: Found object by alias at 0x607f1a6394c4
[ 105.021606] CPU: 0 UID: 0 PID: 3989 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 105.021625] Tainted: [W]=WARN
[ 105.021629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 105.021636] Call Trace:
[ 105.021640]
[ 105.021645] dump_stack_lvl+0xca/0x120
[ 105.021673] __lookup_object+0x94/0xb0
[ 105.021690] delete_object_full+0x27/0x70
[ 105.021712] free_percpu+0x30/0x1160
[ 105.021730] ? arch_uprobe_clear_state+0x16/0x140
[ 105.021750] futex_hash_free+0x38/0xc0
[ 105.021765] mmput+0x2d3/0x390
[ 105.021783] do_exit+0x79d/0x2970
[ 105.021800] ? __pfx_do_exit+0x10/0x10
[ 105.021814] ? find_held_lock+0x2b/0x80
[ 105.021832] ? get_signal+0x835/0x2340
[ 105.021852] do_group_exit+0xd3/0x2a0
[ 105.021867] get_signal+0x2315/0x2340
[ 105.021884] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 105.021901] ? __pfx_get_signal+0x10/0x10
[ 105.021917] ? __schedule+0xe91/0x3590
[ 105.021936] arch_do_signal_or_restart+0x80/0x790
[ 105.021954] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 105.021970] ? __x64_sys_futex+0x1c9/0x4d0
[ 105.021982] ? __x64_sys_futex+0x1d2/0x4d0
[ 105.021995] ? fput+0x6a/0x100
[ 105.022010] ? __pfx___x64_sys_futex+0x10/0x10
[ 105.022028] exit_to_user_mode_loop+0x8b/0x110
[ 105.022042] do_syscall_64+0x2f7/0x360
[ 105.022054] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.022066] RIP: 0033:0x7f21e3001b19
[ 105.022076] Code: Unable to access opcode bytes at 0x7f21e3001aef.
[ 105.022081] RSP: 002b:00007f21e0577218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 105.022092] RAX: 0000000000000001 RBX: 00007f21e3114f68 RCX: 00007f21e3001b19
[ 105.022100] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f21e3114f6c
[ 105.022107] RBP: 00007f21e3114f60 R08: 000000000000000e R09: 0000000000000000
[ 105.022114] R10: 000000000000004a R11: 0000000000000246 R12: 00007f21e3114f6c
[ 105.022121] R13: 00007fff008a31af R14: 00007f21e0577300 R15: 0000000000022000
[ 105.022137]
[ 105.022141] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8):
[ 105.022148] kmemleak: comm "syz-executor.6", pid 3994, jiffies 4294771872
[ 105.022155] kmemleak: min_count = 1
[ 105.022158] kmemleak: count = 0
[ 105.022162] kmemleak: flags = 0x21
[ 105.022166] kmemleak: checksum = 0
[ 105.022170] kmemleak: backtrace:
[ 105.022173] pcpu_alloc_noprof+0x87a/0x1170
[ 105.022188] perf_trace_event_init+0x366/0xa10
[ 105.022201] perf_trace_init+0x1a4/0x2f0
[ 105.022212] perf_tp_event_init+0xa6/0x120
[ 105.022227] perf_try_init_event+0x140/0x9f0
[ 105.022240] perf_event_alloc.part.0+0x118e/0x45f0
[ 105.022257] __do_sys_perf_event_open+0x719/0x2c20
[ 105.022269] do_syscall_64+0xbf/0x360
[ 105.022278] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:15:39 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r1, &(0x7f0000000140)=""/199, 0xc7, 0xff)
08:15:39 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r1, &(0x7f0000000140)=""/199, 0xc7, 0xff)
08:15:39 executing program 5:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
08:15:39 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udplite6\x00')
pread64(r1, &(0x7f0000000140)=""/199, 0xc7, 0xff)
08:15:39 executing program 7:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa00}}, 0x14}}, 0x0)
08:15:39 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
08:15:39 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086607, &(0x7f0000000640)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
08:15:39 executing program 1:
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)={0x0, 0x1, 'G'})
[ 105.219810] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 105.220718] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 105.221320] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 105.222752] Tainted: [W]=WARN
[ 105.223456] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 105.225308] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.226349] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.230799] RSP: 0018:ffff888017cb7780 EFLAGS: 00010012
[ 105.231220] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000c0ea000
[ 105.231779] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 105.232338] RBP: ffff888017cb79f0 R08: ffff88806ce31340 R09: ffffe8ffffc164c0
[ 105.232895] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 105.233452] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 105.234015] FS: 00007f7dcc8fe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.234655] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.235114] CR2: 0000001b2d126000 CR3: 000000000cf1e000 CR4: 0000000000350ef0
[ 105.235677] Call Trace:
[ 105.235884]
[ 105.236067] ? __pfx_perf_tp_event+0x10/0x10
[ 105.236426] ? lock_acquire+0x15e/0x2f0
[ 105.236750] ? __is_insn_slot_addr+0x2e/0x290
[ 105.237115] ? find_held_lock+0x2b/0x80
[ 105.237439] ? __is_insn_slot_addr+0x136/0x290
[ 105.237814] ? lock_release+0xc8/0x290
[ 105.238128] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 105.238582] ? __resched_curr+0x2a2/0x330
[ 105.238919] ? __pfx___resched_curr+0x10/0x10
[ 105.239286] ? perf_trace_run_bpf_submit+0xef/0x180
[ 105.239693] ? place_entity+0x300/0x410
[ 105.240013] perf_trace_run_bpf_submit+0xef/0x180
[ 105.240402] perf_trace_preemptirq_template+0x259/0x430
[ 105.240832] ? enqueue_task_fair+0xded/0x1e00
[ 105.241194] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 105.241665] ? lock_is_held_type+0x9e/0x120
[ 105.242015] ? find_held_lock+0x2b/0x80
[ 105.242341] ? try_to_wake_up+0x8ae/0x11d0
[ 105.242699] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 105.243111] trace_irq_enable.constprop.0+0xa6/0x100
[ 105.243516] trace_hardirqs_on+0x26/0x40
[ 105.243842] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 105.244238] try_to_wake_up+0x8ae/0x11d0
[ 105.244567] ? __pfx_try_to_wake_up+0x10/0x10
[ 105.244931] ? plist_del+0x122/0x270
[ 105.245239] ? find_held_lock+0x2b/0x80
[ 105.245562] ? futex_wake+0x474/0x540
[ 105.245875] wake_up_q+0xa1/0x130
[ 105.246164] futex_wake+0x47e/0x540
[ 105.246462] ? __pfx_futex_wake+0x10/0x10
[ 105.246801] ? kmem_cache_free+0x2a1/0x540
[ 105.247137] ? fd_install+0x1d8/0x660
[ 105.247442] ? putname.part.0+0x11b/0x160
[ 105.247779] do_futex+0x26d/0x370
[ 105.248062] ? __pfx_do_futex+0x10/0x10
[ 105.248382] ? __pfx___schedule+0x10/0x10
[ 105.248719] __x64_sys_futex+0x1c9/0x4d0
[ 105.249047] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 105.249522] ? __x64_sys_openat+0x142/0x200
[ 105.249871] ? __pfx___x64_sys_futex+0x10/0x10
[ 105.250241] ? xfd_validate_state+0x55/0x180
[ 105.250610] do_syscall_64+0xbf/0x360
[ 105.250915] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.251323] RIP: 0033:0x7f7dcf388b19
[ 105.251620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 105.253036] RSP: 002b:00007f7dcc8fe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 105.253633] RAX: ffffffffffffffda RBX: 00007f7dcf49bf68 RCX: 00007f7dcf388b19
[ 105.254194] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7dcf49bf6c
[ 105.254762] RBP: 00007f7dcf49bf60 R08: 000000000000000e R09: 0000000000000000
[ 105.255320] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f7dcf49bf6c
[ 105.255878] R13: 00007fffd137c03f R14: 00007f7dcc8fe300 R15: 0000000000022000
[ 105.256444]
[ 105.256630] Modules linked in:
[ 105.256890] ---[ end trace 0000000000000000 ]---
[ 105.257260] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.257637] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.259060] RSP: 0018:ffff888017cb7780 EFLAGS: 00010012
[ 105.259477] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000c0ea000
[ 105.260038] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 105.260601] RBP: ffff888017cb79f0 R08: ffff88806ce31340 R09: ffffe8ffffc164c0
[ 105.261160] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 105.261721] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 105.262280] FS: 00007f7dcc8fe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.262922] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.263381] CR2: 0000001b2d126000 CR3: 000000000cf1e000 CR4: 0000000000350ef0
[ 105.263943] note: syz-executor.5[4008] exited with irqs disabled
[ 105.264484] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 105.265354] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 105.265947] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 105.266881] Tainted: [D]=DIE, [W]=WARN
[ 105.267182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 105.267827] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.268203] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.269616] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[ 105.270033] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 105.270595] RDX: ffff888017a33700 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 105.271153] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc164c0
[ 105.271708] R10: 0000000000000000 R11: ffff88801eb01498 R12: dffffc0000000000
[ 105.272264] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 105.272819] FS: 00007f7dcc8fe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.273450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.273908] CR2: 0000001b2d126000 CR3: 000000000cf1e000 CR4: 0000000000350ef0
[ 105.274464] Call Trace:
[ 105.274676]
[ 105.274855] ? __pfx_perf_tp_event+0x10/0x10
[ 105.275212] ? enqueue_task_fair+0xded/0x1e00
[ 105.275571] ? do_raw_spin_lock+0x123/0x260
[ 105.275916] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 105.276286] ? lock_acquire+0x18c/0x2f0
[ 105.276604] ? lock_release+0x1c7/0x290
[ 105.276922] ? do_raw_spin_unlock+0x53/0x220
[ 105.277277] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 105.277687] ? try_to_wake_up+0x128/0x11d0
[ 105.278029] ? do_raw_spin_lock+0x123/0x260
[ 105.278375] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 105.278758] ? perf_trace_run_bpf_submit+0xef/0x180
[ 105.279154] perf_trace_run_bpf_submit+0xef/0x180
[ 105.279543] perf_trace_preemptirq_template+0x259/0x430
[ 105.279971] ? read_tsc+0x9/0x20
[ 105.280251] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 105.280717] ? clockevents_program_event+0x135/0x360
[ 105.281123] ? tick_program_event+0xac/0x140
[ 105.281472] ? handle_softirqs+0x16e/0x770
[ 105.281816] trace_irq_enable.constprop.0+0xa6/0x100
[ 105.282218] trace_hardirqs_on+0x26/0x40
[ 105.282546] handle_softirqs+0x16e/0x770
[ 105.282877] __irq_exit_rcu+0xc4/0x100
[ 105.283194] irq_exit_rcu+0x9/0x20
[ 105.283478] sysvec_apic_timer_interrupt+0x70/0x80
[ 105.283873]
[ 105.284053]
[ 105.284235] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 105.284647] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 105.285020] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 105.286426] RSP: 0018:ffff888017cb7f28 EFLAGS: 00000246
[ 105.286852] RAX: 0000000000000001 RBX: ffff888017a33700 RCX: ffffffff817c2b86
[ 105.287405] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 105.287961] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 105.288513] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888017a33700
[ 105.289065] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[ 105.289623] ? trace_irq_enable.constprop.0+0x26/0x100
[ 105.290035] ? make_task_dead+0x214/0x3b0
[ 105.290365] ? make_task_dead+0x214/0x3b0
[ 105.290707] ? do_syscall_64+0xbf/0x360
[ 105.291033] rewind_stack_and_make_dead+0x16/0x20
[ 105.291444] RIP: 0033:0x7f7dcf388b19
[ 105.291751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 105.293243] RSP: 002b:00007f7dcc8fe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 105.293863] RAX: ffffffffffffffda RBX: 00007f7dcf49bf68 RCX: 00007f7dcf388b19
[ 105.294446] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7dcf49bf6c
[ 105.295033] RBP: 00007f7dcf49bf60 R08: 000000000000000e R09: 0000000000000000
[ 105.295612] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f7dcf49bf6c
[ 105.296197] R13: 00007fffd137c03f R14: 00007f7dcc8fe300 R15: 0000000000022000
[ 105.296781]
[ 105.296970] Modules linked in:
[ 105.297231] ---[ end trace 0000000000000000 ]---
[ 105.297602] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.297981] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.299413] RSP: 0018:ffff888017cb7780 EFLAGS: 00010012
[ 105.299832] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000c0ea000
[ 105.300394] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 105.300957] RBP: ffff888017cb79f0 R08: ffff88806ce31340 R09: ffffe8ffffc164c0
[ 105.301520] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 105.302085] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 105.302660] FS: 00007f7dcc8fe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.303298] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.303763] CR2: 0000001b2d126000 CR3: 000000000cf1e000 CR4: 0000000000350ef0
[ 105.304335] Kernel panic - not syncing: Fatal exception in interrupt
[ 105.305022] Kernel Offset: disabled
[ 105.305319] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:15:40 Registers:
info registers vcpu 0
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888017cb7070
R8 =0000000000000000 R9 =ffffed10016d3046 R10=0000000000000032 R11=0000000065646f43
R12=0000000000000032 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7dcc8fe700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe4500000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d126000 CR3=000000000cf1e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f7dcf46f7c000007f7dcf46f7c8
XMM02=00007f7dcf46f7e000007f7dcf46f7c0 XMM03=00007f7dcf46f7c800007f7dcf46f7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffff888013688e00 RBX=ffff88800be27870 RCX=ffffed10031b3fd2 RDX=0000000000000013
RSI=ffffffff81dad94a RDI=ffff88800be27870 RBP=ffff888018d9fe88 RSP=ffff888018d9fd60
R8 =0000000000001166 R9 =ffffed10017c4f0e R10=0000000000000001 R11=0000000000000001
R12=ffff88800be27870 R13=0000000000000000 R14=0000000000000008 R15=ffffffff84e134c0
RIP=ffffffff8173e788 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f434f16a8c0 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055556f52cc58 CR3=000000000b597000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffff000000ff000000ff000000000000
XMM02=0000564963003175700065756575712f XMM03=7269762f736563697665642f7379732f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000564963effbb00000564963f039b0
XMM06=0000564963f48970ffffffff00000002 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000020200000000000002020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000