Warning: Permanently added '[localhost]:62971' (ECDSA) to the list of known hosts. 2025/09/01 12:21:24 fuzzer started 2025/09/01 12:21:24 dialing manager at localhost:35473 syzkaller login: [ 51.852896] cgroup: Unknown subsys name 'net' [ 51.906403] cgroup: Unknown subsys name 'cpuset' [ 51.918744] cgroup: Unknown subsys name 'rlimit' 2025/09/01 12:21:35 syscalls: 2214 2025/09/01 12:21:35 code coverage: enabled 2025/09/01 12:21:35 comparison tracing: enabled 2025/09/01 12:21:35 extra coverage: enabled 2025/09/01 12:21:35 setuid sandbox: enabled 2025/09/01 12:21:35 namespace sandbox: enabled 2025/09/01 12:21:35 Android sandbox: enabled 2025/09/01 12:21:35 fault injection: enabled 2025/09/01 12:21:35 leak checking: enabled 2025/09/01 12:21:35 net packet injection: enabled 2025/09/01 12:21:35 net device setup: enabled 2025/09/01 12:21:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 12:21:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 12:21:35 USB emulation: enabled 2025/09/01 12:21:35 hci packet injection: enabled 2025/09/01 12:21:35 wifi device emulation: enabled 2025/09/01 12:21:35 802.15.4 emulation: enabled 2025/09/01 12:21:35 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 12:21:35 fetching corpus: 50, signal 21155/24726 (executing program) 2025/09/01 12:21:35 fetching corpus: 100, signal 30133/35223 (executing program) 2025/09/01 12:21:35 fetching corpus: 150, signal 40059/46435 (executing program) 2025/09/01 12:21:36 fetching corpus: 200, signal 46820/54441 (executing program) 2025/09/01 12:21:36 fetching corpus: 250, signal 53061/61830 (executing program) 2025/09/01 12:21:36 fetching corpus: 300, signal 57059/67024 (executing program) 2025/09/01 12:21:36 fetching corpus: 350, signal 61342/72352 (executing program) 2025/09/01 12:21:36 fetching corpus: 400, signal 66144/78099 (executing program) 2025/09/01 12:21:36 fetching corpus: 450, signal 69935/82810 (executing program) 2025/09/01 12:21:36 fetching corpus: 500, signal 73042/86842 (executing program) 2025/09/01 12:21:36 fetching corpus: 550, signal 76190/90844 (executing program) 2025/09/01 12:21:36 fetching corpus: 600, signal 78385/93995 (executing program) 2025/09/01 12:21:36 fetching corpus: 650, signal 79902/96474 (executing program) 2025/09/01 12:21:36 fetching corpus: 700, signal 81872/99314 (executing program) 2025/09/01 12:21:37 fetching corpus: 750, signal 84599/102734 (executing program) 2025/09/01 12:21:37 fetching corpus: 800, signal 87125/106002 (executing program) 2025/09/01 12:21:37 fetching corpus: 850, signal 89531/109063 (executing program) 2025/09/01 12:21:37 fetching corpus: 900, signal 91865/111999 (executing program) 2025/09/01 12:21:37 fetching corpus: 950, signal 93425/114304 (executing program) 2025/09/01 12:21:37 fetching corpus: 1000, signal 95441/116949 (executing program) 2025/09/01 12:21:37 fetching corpus: 1050, signal 97488/119562 (executing program) 2025/09/01 12:21:37 fetching corpus: 1100, signal 98904/121596 (executing program) 2025/09/01 12:21:37 fetching corpus: 1150, signal 100328/123678 (executing program) 2025/09/01 12:21:37 fetching corpus: 1200, signal 101920/125820 (executing program) 2025/09/01 12:21:37 fetching corpus: 1250, signal 102974/127546 (executing program) 2025/09/01 12:21:38 fetching corpus: 1300, signal 104401/129556 (executing program) 2025/09/01 12:21:38 fetching corpus: 1350, signal 105336/131122 (executing program) 2025/09/01 12:21:38 fetching corpus: 1400, signal 107024/133222 (executing program) 2025/09/01 12:21:38 fetching corpus: 1450, signal 108196/134956 (executing program) 2025/09/01 12:21:38 fetching corpus: 1500, signal 109531/136722 (executing program) 2025/09/01 12:21:38 fetching corpus: 1550, signal 111534/138981 (executing program) 2025/09/01 12:21:38 fetching corpus: 1600, signal 113833/141409 (executing program) 2025/09/01 12:21:38 fetching corpus: 1650, signal 114838/142859 (executing program) 2025/09/01 12:21:38 fetching corpus: 1700, signal 116313/144659 (executing program) 2025/09/01 12:21:38 fetching corpus: 1750, signal 117383/146223 (executing program) 2025/09/01 12:21:38 fetching corpus: 1800, signal 118255/147603 (executing program) 2025/09/01 12:21:39 fetching corpus: 1850, signal 119292/149029 (executing program) 2025/09/01 12:21:39 fetching corpus: 1900, signal 120300/150422 (executing program) 2025/09/01 12:21:39 fetching corpus: 1950, signal 122124/152271 (executing program) 2025/09/01 12:21:39 fetching corpus: 2000, signal 122925/153507 (executing program) 2025/09/01 12:21:39 fetching corpus: 2050, signal 123539/154625 (executing program) 2025/09/01 12:21:39 fetching corpus: 2100, signal 124821/156100 (executing program) 2025/09/01 12:21:39 fetching corpus: 2150, signal 126531/157850 (executing program) 2025/09/01 12:21:39 fetching corpus: 2200, signal 127405/159055 (executing program) 2025/09/01 12:21:39 fetching corpus: 2250, signal 128138/160190 (executing program) 2025/09/01 12:21:39 fetching corpus: 2300, signal 129563/161630 (executing program) 2025/09/01 12:21:39 fetching corpus: 2350, signal 130669/162904 (executing program) 2025/09/01 12:21:40 fetching corpus: 2400, signal 131598/164020 (executing program) 2025/09/01 12:21:40 fetching corpus: 2450, signal 132839/165308 (executing program) 2025/09/01 12:21:40 fetching corpus: 2500, signal 133664/166314 (executing program) 2025/09/01 12:21:40 fetching corpus: 2550, signal 134351/167295 (executing program) 2025/09/01 12:21:40 fetching corpus: 2600, signal 135209/168296 (executing program) 2025/09/01 12:21:40 fetching corpus: 2650, signal 136293/169441 (executing program) 2025/09/01 12:21:40 fetching corpus: 2700, signal 136949/170370 (executing program) 2025/09/01 12:21:40 fetching corpus: 2750, signal 137640/171248 (executing program) 2025/09/01 12:21:40 fetching corpus: 2800, signal 138042/172066 (executing program) 2025/09/01 12:21:40 fetching corpus: 2850, signal 138742/172963 (executing program) 2025/09/01 12:21:40 fetching corpus: 2900, signal 139371/173822 (executing program) 2025/09/01 12:21:41 fetching corpus: 2950, signal 139983/174653 (executing program) 2025/09/01 12:21:41 fetching corpus: 3000, signal 140658/175459 (executing program) 2025/09/01 12:21:41 fetching corpus: 3050, signal 141310/176223 (executing program) 2025/09/01 12:21:41 fetching corpus: 3100, signal 142164/177111 (executing program) 2025/09/01 12:21:41 fetching corpus: 3150, signal 143247/178004 (executing program) 2025/09/01 12:21:41 fetching corpus: 3200, signal 144165/178840 (executing program) 2025/09/01 12:21:41 fetching corpus: 3250, signal 145000/179621 (executing program) 2025/09/01 12:21:41 fetching corpus: 3300, signal 146139/180518 (executing program) 2025/09/01 12:21:41 fetching corpus: 3350, signal 147091/181322 (executing program) 2025/09/01 12:21:41 fetching corpus: 3400, signal 147628/181962 (executing program) 2025/09/01 12:21:41 fetching corpus: 3450, signal 148091/182562 (executing program) 2025/09/01 12:21:41 fetching corpus: 3500, signal 148763/183255 (executing program) 2025/09/01 12:21:42 fetching corpus: 3550, signal 149201/183835 (executing program) 2025/09/01 12:21:42 fetching corpus: 3600, signal 149817/184478 (executing program) 2025/09/01 12:21:42 fetching corpus: 3650, signal 150241/185055 (executing program) 2025/09/01 12:21:42 fetching corpus: 3700, signal 150813/185698 (executing program) 2025/09/01 12:21:42 fetching corpus: 3750, signal 151179/186289 (executing program) 2025/09/01 12:21:42 fetching corpus: 3800, signal 151793/186859 (executing program) 2025/09/01 12:21:42 fetching corpus: 3850, signal 152100/187391 (executing program) 2025/09/01 12:21:42 fetching corpus: 3900, signal 152747/187963 (executing program) 2025/09/01 12:21:42 fetching corpus: 3950, signal 153160/188511 (executing program) 2025/09/01 12:21:42 fetching corpus: 4000, signal 153630/189080 (executing program) 2025/09/01 12:21:42 fetching corpus: 4050, signal 153982/189560 (executing program) 2025/09/01 12:21:42 fetching corpus: 4100, signal 154384/190074 (executing program) 2025/09/01 12:21:42 fetching corpus: 4150, signal 154818/190594 (executing program) 2025/09/01 12:21:43 fetching corpus: 4200, signal 155421/191144 (executing program) 2025/09/01 12:21:43 fetching corpus: 4250, signal 155903/191634 (executing program) 2025/09/01 12:21:43 fetching corpus: 4300, signal 156317/192083 (executing program) 2025/09/01 12:21:43 fetching corpus: 4350, signal 156782/192528 (executing program) 2025/09/01 12:21:43 fetching corpus: 4400, signal 157142/192944 (executing program) 2025/09/01 12:21:43 fetching corpus: 4450, signal 157542/193408 (executing program) 2025/09/01 12:21:43 fetching corpus: 4500, signal 158282/193857 (executing program) 2025/09/01 12:21:43 fetching corpus: 4550, signal 159006/194274 (executing program) 2025/09/01 12:21:43 fetching corpus: 4600, signal 159524/194685 (executing program) 2025/09/01 12:21:43 fetching corpus: 4650, signal 159884/195069 (executing program) 2025/09/01 12:21:43 fetching corpus: 4700, signal 160311/195472 (executing program) 2025/09/01 12:21:44 fetching corpus: 4750, signal 160655/195831 (executing program) 2025/09/01 12:21:44 fetching corpus: 4800, signal 161131/196097 (executing program) 2025/09/01 12:21:44 fetching corpus: 4850, signal 161646/196109 (executing program) 2025/09/01 12:21:44 fetching corpus: 4900, signal 162303/196214 (executing program) 2025/09/01 12:21:44 fetching corpus: 4950, signal 162702/196236 (executing program) 2025/09/01 12:21:44 fetching corpus: 5000, signal 163008/196266 (executing program) 2025/09/01 12:21:44 fetching corpus: 5050, signal 163527/196287 (executing program) 2025/09/01 12:21:44 fetching corpus: 5100, signal 163894/196289 (executing program) 2025/09/01 12:21:44 fetching corpus: 5150, signal 164199/196294 (executing program) 2025/09/01 12:21:45 fetching corpus: 5200, signal 164642/196296 (executing program) 2025/09/01 12:21:45 fetching corpus: 5250, signal 165008/196306 (executing program) 2025/09/01 12:21:45 fetching corpus: 5300, signal 165862/196324 (executing program) 2025/09/01 12:21:45 fetching corpus: 5350, signal 166281/196325 (executing program) 2025/09/01 12:21:45 fetching corpus: 5400, signal 166737/196328 (executing program) 2025/09/01 12:21:45 fetching corpus: 5450, signal 167059/196336 (executing program) 2025/09/01 12:21:45 fetching corpus: 5500, signal 167417/196346 (executing program) 2025/09/01 12:21:45 fetching corpus: 5550, signal 167714/196367 (executing program) 2025/09/01 12:21:45 fetching corpus: 5600, signal 168177/196438 (executing program) 2025/09/01 12:21:45 fetching corpus: 5650, signal 168488/196438 (executing program) 2025/09/01 12:21:45 fetching corpus: 5700, signal 168789/196445 (executing program) 2025/09/01 12:21:46 fetching corpus: 5750, signal 169020/196461 (executing program) 2025/09/01 12:21:46 fetching corpus: 5800, signal 169429/196464 (executing program) 2025/09/01 12:21:46 fetching corpus: 5850, signal 169912/196465 (executing program) 2025/09/01 12:21:46 fetching corpus: 5900, signal 170269/196469 (executing program) 2025/09/01 12:21:46 fetching corpus: 5950, signal 170624/196472 (executing program) 2025/09/01 12:21:46 fetching corpus: 6000, signal 171001/196494 (executing program) 2025/09/01 12:21:46 fetching corpus: 6050, signal 171366/196498 (executing program) 2025/09/01 12:21:46 fetching corpus: 6100, signal 171652/196518 (executing program) 2025/09/01 12:21:46 fetching corpus: 6150, signal 171978/196532 (executing program) 2025/09/01 12:21:46 fetching corpus: 6200, signal 172257/196532 (executing program) 2025/09/01 12:21:46 fetching corpus: 6250, signal 172646/196534 (executing program) 2025/09/01 12:21:46 fetching corpus: 6300, signal 172903/196548 (executing program) 2025/09/01 12:21:47 fetching corpus: 6350, signal 173337/196558 (executing program) 2025/09/01 12:21:47 fetching corpus: 6400, signal 173704/196562 (executing program) 2025/09/01 12:21:47 fetching corpus: 6450, signal 174202/196583 (executing program) 2025/09/01 12:21:47 fetching corpus: 6500, signal 174439/196603 (executing program) 2025/09/01 12:21:47 fetching corpus: 6550, signal 174844/196612 (executing program) 2025/09/01 12:21:47 fetching corpus: 6600, signal 175147/196626 (executing program) 2025/09/01 12:21:47 fetching corpus: 6650, signal 175552/196632 (executing program) 2025/09/01 12:21:47 fetching corpus: 6700, signal 175809/196635 (executing program) 2025/09/01 12:21:47 fetching corpus: 6750, signal 176015/196654 (executing program) 2025/09/01 12:21:47 fetching corpus: 6800, signal 176667/196664 (executing program) 2025/09/01 12:21:47 fetching corpus: 6850, signal 177012/196696 (executing program) 2025/09/01 12:21:48 fetching corpus: 6900, signal 177459/196704 (executing program) 2025/09/01 12:21:48 fetching corpus: 6950, signal 177715/196722 (executing program) 2025/09/01 12:21:48 fetching corpus: 7000, signal 177965/196726 (executing program) 2025/09/01 12:21:48 fetching corpus: 7050, signal 178662/196779 (executing program) 2025/09/01 12:21:48 fetching corpus: 7100, signal 179000/196779 (executing program) 2025/09/01 12:21:48 fetching corpus: 7150, signal 179421/196781 (executing program) 2025/09/01 12:21:48 fetching corpus: 7200, signal 179713/196789 (executing program) 2025/09/01 12:21:48 fetching corpus: 7250, signal 180127/196790 (executing program) 2025/09/01 12:21:48 fetching corpus: 7300, signal 180505/196797 (executing program) 2025/09/01 12:21:48 fetching corpus: 7350, signal 180801/196798 (executing program) 2025/09/01 12:21:48 fetching corpus: 7400, signal 181034/196807 (executing program) 2025/09/01 12:21:48 fetching corpus: 7450, signal 181315/196810 (executing program) 2025/09/01 12:21:48 fetching corpus: 7500, signal 181666/196811 (executing program) 2025/09/01 12:21:49 fetching corpus: 7550, signal 182147/196815 (executing program) 2025/09/01 12:21:49 fetching corpus: 7600, signal 182412/196815 (executing program) 2025/09/01 12:21:49 fetching corpus: 7650, signal 182748/196815 (executing program) 2025/09/01 12:21:49 fetching corpus: 7700, signal 183050/196818 (executing program) 2025/09/01 12:21:49 fetching corpus: 7750, signal 183271/196820 (executing program) 2025/09/01 12:21:49 fetching corpus: 7800, signal 183678/196827 (executing program) 2025/09/01 12:21:49 fetching corpus: 7850, signal 183875/196832 (executing program) 2025/09/01 12:21:49 fetching corpus: 7900, signal 184165/196843 (executing program) 2025/09/01 12:21:49 fetching corpus: 7950, signal 184575/196846 (executing program) 2025/09/01 12:21:49 fetching corpus: 8000, signal 184899/196883 (executing program) 2025/09/01 12:21:49 fetching corpus: 8050, signal 185242/196883 (executing program) 2025/09/01 12:21:50 fetching corpus: 8100, signal 185515/196888 (executing program) 2025/09/01 12:21:50 fetching corpus: 8150, signal 185786/196888 (executing program) 2025/09/01 12:21:50 fetching corpus: 8200, signal 186033/196896 (executing program) 2025/09/01 12:21:50 fetching corpus: 8250, signal 186405/196896 (executing program) 2025/09/01 12:21:50 fetching corpus: 8300, signal 186728/196905 (executing program) 2025/09/01 12:21:50 fetching corpus: 8350, signal 186994/196913 (executing program) 2025/09/01 12:21:50 fetching corpus: 8400, signal 187171/196915 (executing program) 2025/09/01 12:21:50 fetching corpus: 8450, signal 187540/196943 (executing program) 2025/09/01 12:21:50 fetching corpus: 8500, signal 187691/196946 (executing program) 2025/09/01 12:21:50 fetching corpus: 8550, signal 187942/196957 (executing program) 2025/09/01 12:21:50 fetching corpus: 8600, signal 188314/197007 (executing program) 2025/09/01 12:21:50 fetching corpus: 8650, signal 188761/197074 (executing program) 2025/09/01 12:21:50 fetching corpus: 8700, signal 189005/197075 (executing program) 2025/09/01 12:21:51 fetching corpus: 8750, signal 190603/197076 (executing program) 2025/09/01 12:21:51 fetching corpus: 8800, signal 190841/197078 (executing program) 2025/09/01 12:21:51 fetching corpus: 8850, signal 191261/197104 (executing program) 2025/09/01 12:21:51 fetching corpus: 8900, signal 191420/197120 (executing program) 2025/09/01 12:21:51 fetching corpus: 8950, signal 191723/197123 (executing program) 2025/09/01 12:21:51 fetching corpus: 9000, signal 192059/197139 (executing program) 2025/09/01 12:21:51 fetching corpus: 9050, signal 192259/197143 (executing program) 2025/09/01 12:21:51 fetching corpus: 9100, signal 192449/197145 (executing program) 2025/09/01 12:21:51 fetching corpus: 9150, signal 192682/197147 (executing program) 2025/09/01 12:21:52 fetching corpus: 9200, signal 192908/197155 (executing program) 2025/09/01 12:21:52 fetching corpus: 9250, signal 193091/197159 (executing program) 2025/09/01 12:21:52 fetching corpus: 9300, signal 193318/197162 (executing program) 2025/09/01 12:21:52 fetching corpus: 9350, signal 193514/197162 (executing program) 2025/09/01 12:21:52 fetching corpus: 9400, signal 193738/197162 (executing program) 2025/09/01 12:21:52 fetching corpus: 9431, signal 193848/197165 (executing program) 2025/09/01 12:21:52 fetching corpus: 9431, signal 193848/197165 (executing program) 2025/09/01 12:21:54 starting 8 fuzzer processes 12:21:54 executing program 0: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) ptrace(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='system.posix_acl_default\x00', &(0x7f00000004c0)={{}, {}, [{0x2, 0x85d1a4c154d6ab04}]}, 0x2c, 0x0) 12:21:54 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sync_file_range(r0, 0xffffffffffff8cb1, 0x0, 0x0) 12:21:54 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x2b) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)) r2 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)) 12:21:54 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc05c5340, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000000)) [ 81.863079] audit: type=1400 audit(1756729315.029:7): avc: denied { execmem } for pid=276 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:21:55 executing program 4: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000000340)="7f", 0x1}], 0x10000000000001e2, 0x0) 12:21:55 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001e80)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r0, 0x2, 0x1) 12:21:55 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r2, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) 12:21:55 executing program 6: prctl$PR_GET_ENDIAN(0x4c, 0x0) [ 83.029545] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.031657] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.034482] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.039186] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.041816] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.155397] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.158629] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.161094] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.164053] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.166863] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.289651] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.294154] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.298223] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.304054] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.306555] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.357383] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 83.372372] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.374654] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 83.380211] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.385259] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 83.386499] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.390455] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 83.393297] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 83.397949] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 83.400036] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.404906] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 83.409121] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 83.411008] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 83.413372] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.422008] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.427571] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 83.430804] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.434148] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 83.458802] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.469119] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 83.475766] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.485266] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.492091] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 83.555241] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 83.563048] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 85.126386] Bluetooth: hci0: command tx timeout [ 85.190040] Bluetooth: hci1: command tx timeout [ 85.381969] Bluetooth: hci2: command tx timeout [ 85.509969] Bluetooth: hci4: command tx timeout [ 85.510710] Bluetooth: hci5: command tx timeout [ 85.574187] Bluetooth: hci3: command tx timeout [ 85.574283] Bluetooth: hci6: command tx timeout [ 85.637910] Bluetooth: hci7: command tx timeout [ 87.174877] Bluetooth: hci0: command tx timeout [ 87.238082] Bluetooth: hci1: command tx timeout [ 87.430858] Bluetooth: hci2: command tx timeout [ 87.557922] Bluetooth: hci4: command tx timeout [ 87.557937] Bluetooth: hci5: command tx timeout [ 87.622866] Bluetooth: hci3: command tx timeout [ 87.623307] Bluetooth: hci6: command tx timeout [ 87.685872] Bluetooth: hci7: command tx timeout [ 89.221915] Bluetooth: hci0: command tx timeout [ 89.285880] Bluetooth: hci1: command tx timeout [ 89.480051] Bluetooth: hci2: command tx timeout [ 89.605941] Bluetooth: hci5: command tx timeout [ 89.605957] Bluetooth: hci4: command tx timeout [ 89.669900] Bluetooth: hci6: command tx timeout [ 89.669931] Bluetooth: hci3: command tx timeout [ 89.734880] Bluetooth: hci7: command tx timeout [ 91.270965] Bluetooth: hci0: command tx timeout [ 91.334291] Bluetooth: hci1: command tx timeout [ 91.526496] Bluetooth: hci2: command tx timeout [ 91.654040] Bluetooth: hci4: command tx timeout [ 91.655004] Bluetooth: hci5: command tx timeout [ 91.718841] Bluetooth: hci6: command tx timeout [ 91.718995] Bluetooth: hci3: command tx timeout [ 91.783858] Bluetooth: hci7: command tx timeout [ 120.079030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.079699] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.253914] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.254545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:22:33 executing program 1: sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, 0x0}, 0x0) r0 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000140), 0x0) 12:22:34 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getpgid(0x0) 12:22:34 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getpgid(0x0) 12:22:34 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getpgid(0x0) 12:22:34 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getpgid(0x0) 12:22:34 executing program 1: r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) 12:22:34 executing program 1: r0 = socket$inet(0x2, 0x80003, 0xff) sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001540)=[@ip_retopts={{0x10}}], 0x10}, 0x0) 12:22:34 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x22, &(0x7f0000000000)=0x1, 0x4) [ 121.678010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.678633] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.863140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.863758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.154861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.155506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.235621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.236243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.646928] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.647561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.786713] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.787481] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.869870] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.870510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.941580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.942728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.052217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.053045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.082320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.083003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.166978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.168190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.307597] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.308797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.372085] audit: type=1400 audit(1756729356.537:8): avc: denied { open } for pid=3901 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.384049] audit: type=1400 audit(1756729356.537:9): avc: denied { kernel } for pid=3901 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.499811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.501321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.577889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.579109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:22:36 executing program 2: keyctl$set_timeout(0xf, 0x0, 0x0) 12:22:36 executing program 7: clock_gettime(0x5, &(0x7f0000003400)) 12:22:36 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 12:22:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@newae={0x48, 0x1e, 0x9babdbcf27a041f1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, [@etimer_thresh={0x8}]}, 0x48}}, 0x0) 12:22:36 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x4bfa, 0x0) 12:22:36 executing program 4: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000000340)="7f", 0x1}], 0x10000000000001e2, 0x0) 12:22:36 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sync_file_range(r0, 0x0, 0x0, 0xd) 12:22:36 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000140001"], 0xb8}}, 0x0) [ 123.862884] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 12:22:37 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:37 executing program 1: pselect6(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), 0x0) 12:22:37 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x4bfa, 0x0) [ 123.938390] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.5'. [ 123.952678] loop7: detected capacity change from 0 to 240 [ 123.972954] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.973844] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.974456] CPU: 0 UID: 0 PID: 3931 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.976146] Tainted: [W]=WARN [ 123.976892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.978528] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.980265] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.984133] RSP: 0018:ffff8880477ef800 EFLAGS: 00010212 [ 123.984553] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.985125] RDX: ffff88801642d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 123.985684] RBP: ffff8880477efa70 R08: ffff88806ce31340 R09: ffffe8ffffc100f0 [ 123.986241] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.986804] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.987367] FS: 000055556938e400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.988002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.988462] CR2: 00007fffed914d18 CR3: 0000000046a09000 CR4: 0000000000350ef0 [ 123.989021] Call Trace: [ 123.989229] [ 123.989419] ? arch_scale_cpu_capacity+0x17/0xa0 [ 123.989809] ? __pfx_perf_tp_event+0x10/0x10 [ 123.990168] ? __asan_memset+0x24/0x50 [ 123.990512] ? perf_trace_lock+0xb5/0x5d0 [ 123.990850] ? kvm_sched_clock_read+0x16/0x30 [ 123.991217] ? sched_clock+0x37/0x60 [ 123.991524] ? sched_clock_cpu+0x6c/0x4e0 [ 123.991867] ? lock_is_held_type+0x9e/0x120 [ 123.992221] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.992636] perf_trace_run_bpf_submit+0xef/0x180 [ 123.993048] perf_trace_lock+0x337/0x5d0 [ 123.993396] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.993781] ? lock_acquire+0x15e/0x2f0 [ 123.994114] ? futex_ref_get+0x48/0x300 [ 123.994444] ? futex_ref_get+0x114/0x300 [ 123.994780] ? futex_hash+0x15c/0x390 [ 123.995095] lock_release+0x1ab/0x290 [ 123.995418] ? futex_hash+0x15c/0x390 [ 123.995739] futex_ref_get+0x119/0x300 [ 123.996067] ? futex_hash+0x15c/0x390 [ 123.996383] futex_hash+0x70/0x390 [ 123.996682] futex_wake+0x143/0x540 [ 123.996992] ? put_pid+0x1f/0x30 [ 123.997277] ? kernel_clone+0x204/0x7f0 [ 123.997612] ? __pfx_futex_wake+0x10/0x10 [ 123.997959] ? __pfx_kernel_clone+0x10/0x10 [ 123.998318] ? perf_trace_lock+0xb5/0x5d0 [ 123.998678] do_futex+0x26d/0x370 [ 123.998972] ? __pfx_do_futex+0x10/0x10 [ 123.999303] ? __pfx___do_sys_clone+0x10/0x10 [ 123.999674] ? find_held_lock+0x2b/0x80 [ 124.000016] __x64_sys_futex+0x1c9/0x4d0 [ 124.000362] ? __pfx___x64_sys_futex+0x10/0x10 [ 124.000754] ? xfd_validate_state+0x55/0x180 [ 124.001146] do_syscall_64+0xbf/0x360 [ 124.001471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.001892] RIP: 0033:0x7fc2420deb19 [ 124.002199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.003710] RSP: 002b:00007fff7e1ea318 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.004334] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc2420deb19 [ 124.004914] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc2421f1f68 [ 124.005506] RBP: 00007fc2421f1f60 R08: 00007fc23f654700 R09: 0000000000000000 [ 124.006099] R10: 00007fc23f654700 R11: 0000000000000246 R12: 00007fc2421f6378 [ 124.006693] R13: 00007fff7e1ea420 R14: 00007fc2421f1f60 R15: 000000000001e3d6 [ 124.007283] [ 124.007480] Modules linked in: [ 124.007874] ---[ end trace 0000000000000000 ]--- [ 124.008276] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.008672] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.010197] RSP: 0018:ffff8880477ef800 EFLAGS: 00010212 [ 124.010644] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 124.011240] RDX: ffff88801642d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 124.011858] RBP: ffff8880477efa70 R08: ffff88806ce31340 R09: ffffe8ffffc100f0 [ 124.012444] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.013034] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.013619] FS: 000055556938e400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 124.014295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.014798] CR2: 00007fffed914d18 CR3: 0000000046a09000 CR4: 0000000000350ef0 [ 124.015466] note: syz-executor.1[3931] exited with preempt_count 1 [ 124.016034] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 124.016768] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3931, name: syz-executor.1 [ 124.017477] preempt_count: 0, expected: 0 [ 124.017833] RCU nest depth: 2, expected: 0 [ 124.018189] INFO: lockdep is turned off. [ 124.018534] CPU: 0 UID: 0 PID: 3931 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 124.018553] Tainted: [D]=DIE, [W]=WARN [ 124.018557] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.018563] Call Trace: [ 124.018567] [ 124.018571] dump_stack_lvl+0xfa/0x120 [ 124.018597] __might_resched+0x2f3/0x510 [ 124.018611] exit_signals+0x25/0x940 [ 124.018630] do_exit+0x2db/0x2970 [ 124.018643] ? _printk+0xbe/0xf0 [ 124.018657] ? __pfx__printk+0x10/0x10 [ 124.018670] ? __pfx_do_exit+0x10/0x10 [ 124.018685] make_task_dead+0x174/0x3b0 [ 124.018698] ? do_syscall_64+0xbf/0x360 [ 124.018709] rewind_stack_and_make_dead+0x16/0x20 [ 124.018726] RIP: 0033:0x7fc2420deb19 [ 124.018734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.018745] RSP: 002b:00007fff7e1ea318 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.018756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc2420deb19 [ 124.018763] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc2421f1f68 [ 124.018770] RBP: 00007fc2421f1f60 R08: 00007fc23f654700 R09: 0000000000000000 [ 124.018778] R10: 00007fc23f654700 R11: 0000000000000246 R12: 00007fc2421f6378 [ 124.018785] R13: 00007fff7e1ea420 R14: 00007fc2421f1f60 R15: 000000000001e3d6 [ 124.018796] [ 124.051630] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 124.092145] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.5'. 12:22:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x4bfa, 0x0) 12:22:40 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read(r0, 0x0, 0x0) 12:22:40 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:40 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:40 executing program 6: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 12:22:40 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 12:22:40 executing program 1: openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000040)={0x103d43, 0x0, 0x13}, 0x18) 12:22:40 executing program 4: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000000340)="7f", 0x1}], 0x10000000000001e2, 0x0) [ 127.076728] loop7: detected capacity change from 0 to 240 [ 127.079399] loop5: detected capacity change from 0 to 240 [ 127.087797] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 127.092883] FAT-fs (loop3): bogus number of directory entries (114) [ 127.094036] FAT-fs (loop3): Can't find a valid FAT filesystem [ 127.095035] ISO 9660 Extensions: Microsoft Joliet Level 3 12:22:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x4bfa, 0x0) 12:22:40 executing program 6: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 12:22:40 executing program 4: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000000340)="7f", 0x1}], 0x10000000000001e2, 0x0) [ 127.955840] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 127.956539] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 127.959322] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 127.961340] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 127.962769] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 127.964597] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 127.966720] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 127.967345] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 127.968948] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 127.971903] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 127.972487] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 127.974585] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 127.976189] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 127.977565] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 127.978719] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 127.980402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 127.981348] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 127.982918] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 127.985624] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 127.986739] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 127.987996] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 127.990723] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 127.991350] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 127.993125] Bluetooth: hci7: Opcode 0x0406 failed: -4 12:22:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x16, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) 12:22:41 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0xb00}, 0x8) 12:22:41 executing program 6: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 12:22:41 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:41 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:41 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 12:22:41 executing program 1: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2016000, 0x0) 12:22:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) bind$bt_hci(r0, &(0x7f0000000140), 0x6) [ 128.039546] loop7: detected capacity change from 0 to 240 [ 128.043976] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 128.069774] loop5: detected capacity change from 0 to 240 12:22:41 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xab80, 0x0) dup2(r0, r1) [ 128.083910] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 128.085389] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] SMP KASAN NOPTI [ 128.087159] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 128.088327] CPU: 1 UID: 0 PID: 3981 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.090143] Tainted: [D]=DIE, [W]=WARN [ 128.090750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.092010] RIP: 0010:__queue_work+0x202/0x1240 [ 128.092757] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 128.095544] RSP: 0018:ffff8880470a73f0 EFLAGS: 00010056 [ 128.096361] RAX: 0000000000000000 RBX: ffff888045bd2118 RCX: ffffc9000842b000 [ 128.097463] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 128.098566] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff0f128f4 [ 128.099661] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 128.100760] R13: 0000000000000000 R14: 0000000000000001 R15: ffff888047acb000 [ 128.101865] FS: 00007f2855ce7700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 128.103108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.104002] CR2: 00007f2855ce8000 CR3: 000000000ddc5000 CR4: 0000000000350ef0 [ 128.105107] Call Trace: [ 128.105517] [ 128.105881] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.106641] queue_work_on+0xd0/0xe0 [ 128.107248] loop_queue_rq+0x5c8/0x1180 [ 128.107881] __blk_mq_issue_directly+0xd5/0x260 [ 128.108622] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 128.109443] ? blk_mq_put_tag+0x101/0x160 [ 128.110091] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 128.110937] blk_mq_request_issue_directly+0x11c/0x1e0 [ 128.111751] blk_mq_issue_direct+0x192/0x640 [ 128.112437] ? __blk_mq_alloc_requests+0xa16/0x15a0 [ 128.113223] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 128.114046] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 128.114801] ? read_tsc+0x9/0x20 [ 128.115343] ? ktime_get+0x16d/0x270 [ 128.115932] ? trace_block_plug+0x149/0x1b0 [ 128.116612] ? blk_add_rq_to_plug+0x234/0x550 [ 128.117314] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 128.118112] ? blk_mq_submit_bio+0x4fd/0x2220 [ 128.118833] __blk_flush_plug+0x25c/0x460 [ 128.119479] ? __pfx___blk_flush_plug+0x10/0x10 [ 128.120206] ? __pfx_css_rstat_updated+0x10/0x10 [ 128.120966] ? lock_release+0x1c7/0x290 [ 128.121590] __submit_bio+0x480/0x5b0 [ 128.122190] ? __pfx___submit_bio+0x10/0x10 [ 128.122910] ? lock_acquire+0x18c/0x2f0 [ 128.123549] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.124363] ? read_tsc+0x9/0x20 [ 128.124903] ? ktime_get+0x16d/0x270 [ 128.125502] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 128.126261] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 128.127102] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 128.127831] ? __getblk_slow+0x3db/0x550 [ 128.128475] submit_bio_noacct+0x359/0x1350 [ 128.129150] __bread_gfp+0x18b/0x3c0 [ 128.129743] fat_fill_super+0x5e1/0x3fd0 [ 128.130395] ? __pfx_setup+0x10/0x10 [ 128.130986] ? __pfx_fat_fill_super+0x10/0x10 [ 128.131698] ? snprintf+0xbe/0x100 [ 128.132270] ? __pfx_snprintf+0x10/0x10 [ 128.132905] ? do_raw_spin_lock+0x123/0x260 [ 128.133577] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.134307] ? set_blocksize+0x1b4/0x470 [ 128.134957] ? lock_release+0x1c7/0x290 [ 128.135590] ? sb_set_blocksize+0x177/0x1c0 [ 128.136265] ? setup_bdev_super+0x31f/0x6e0 [ 128.136949] get_tree_bdev_flags+0x38a/0x620 [ 128.137636] ? __pfx_vfat_fill_super+0x10/0x10 [ 128.138356] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 128.139127] ? cap_capable+0xdb/0x3b0 [ 128.139732] ? security_capable+0x2f/0x90 [ 128.140385] vfs_get_tree+0x93/0x340 [ 128.140983] path_mount+0x132d/0x1dd0 [ 128.141585] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.142398] ? __pfx_path_mount+0x10/0x10 [ 128.143046] ? kmem_cache_free+0x2a1/0x540 [ 128.143707] ? putname.part.0+0x11b/0x160 [ 128.144363] ? getname_flags.part.0+0x1c6/0x540 [ 128.145099] ? putname.part.0+0x11b/0x160 [ 128.145758] __x64_sys_mount+0x27b/0x300 [ 128.146391] ? __pfx___x64_sys_mount+0x10/0x10 [ 128.147119] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.147940] do_syscall_64+0xbf/0x360 [ 128.148544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.149347] RIP: 0033:0x7f285877304a [ 128.149925] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.152715] RSP: 002b:00007f2855ce6fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.153877] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f285877304a [ 128.154983] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2855ce7000 [ 128.156078] RBP: 00007f2855ce7040 R08: 00007f2855ce7040 R09: 0000000020000000 [ 128.157169] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 128.158259] R13: 0000000020000100 R14: 00007f2855ce7000 R15: 0000000020010d00 [ 128.159358] [ 128.159731] Modules linked in: [ 128.160243] ---[ end trace 0000000000000000 ]--- [ 128.160971] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.161706] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.164496] RSP: 0018:ffff8880477ef800 EFLAGS: 00010212 [ 128.165317] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 128.166422] RDX: ffff88801642d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 128.167525] RBP: ffff8880477efa70 R08: ffff88806ce31340 R09: ffffe8ffffc100f0 [ 128.168615] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 128.169718] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 128.170841] FS: 00007f2855ce7700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 128.172073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.172971] CR2: 00007f2855ce8000 CR3: 000000000ddc5000 CR4: 0000000000350ef0 [ 128.174059] note: syz-executor.3[3981] exited with irqs disabled [ 128.176292] note: syz-executor.3[3981] exited with preempt_count 1 [ 128.178235] ------------[ cut here ]------------ [ 128.179065] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: syz-executor.3/3981 [ 128.180401] Modules linked in: [ 128.180942] CPU: 1 UID: 0 PID: 3981 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.182847] Tainted: [D]=DIE, [W]=WARN [ 128.183441] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.184723] RIP: 0010:do_exit+0x1c36/0x2970 [ 128.185429] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 128.188249] RSP: 0018:ffff8880470a7e40 EFLAGS: 00010246 [ 128.189101] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc9000842b000 [ 128.190236] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff88800a572d68 [ 128.191372] RBP: ffff88800a571b80 R08: 0000000000000001 R09: fffffbfff0f126d8 [ 128.192507] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 128.193633] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 128.194765] FS: 00007f2855ce7700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 128.196056] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.197016] CR2: 00007f2855ce8000 CR3: 000000000ddc5000 CR4: 0000000000350ef0 [ 128.198155] Call Trace: [ 128.198581] [ 128.198983] ? _printk+0xbe/0xf0 [ 128.199529] ? __pfx__printk+0x10/0x10 [ 128.200211] ? __pfx_do_exit+0x10/0x10 [ 128.200870] make_task_dead+0x174/0x3b0 [ 128.201520] ? do_syscall_64+0xbf/0x360 [ 128.202199] rewind_stack_and_make_dead+0x16/0x20 [ 128.203004] RIP: 0033:0x7f285877304a [ 128.203595] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.206415] RSP: 002b:00007f2855ce6fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.207621] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f285877304a [ 128.208770] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2855ce7000 [ 128.209899] RBP: 00007f2855ce7040 R08: 00007f2855ce7040 R09: 0000000020000000 [ 128.211043] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 128.212176] R13: 0000000020000100 R14: 00007f2855ce7000 R15: 0000000020010d00 [ 128.213319] [ 128.213695] irq event stamp: 0 [ 128.214234] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 128.215245] hardirqs last disabled at (0): [] copy_process+0x1e08/0x73c0 [ 128.216552] softirqs last enabled at (0): [] copy_process+0x1e58/0x73c0 [ 128.217858] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 128.218881] ---[ end trace 0000000000000000 ]--- [ 128.219613] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 128.221037] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3981, name: syz-executor.3 [ 128.222385] preempt_count: 0, expected: 0 [ 128.223062] RCU nest depth: 2, expected: 0 [ 128.223710] INFO: lockdep is turned off. [ 128.224384] CPU: 1 UID: 0 PID: 3981 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.224421] Tainted: [D]=DIE, [W]=WARN [ 128.224429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.224441] Call Trace: [ 128.224449] [ 128.224458] dump_stack_lvl+0xfa/0x120 [ 128.224496] __might_resched+0x2f3/0x510 [ 128.224524] exit_signals+0x25/0x940 [ 128.224560] do_exit+0x2db/0x2970 [ 128.224587] ? _printk+0xbe/0xf0 [ 128.224612] ? __pfx__printk+0x10/0x10 [ 128.224639] ? __pfx_do_exit+0x10/0x10 [ 128.224672] make_task_dead+0x174/0x3b0 [ 128.224698] ? do_syscall_64+0xbf/0x360 [ 128.224721] rewind_stack_and_make_dead+0x16/0x20 [ 128.224753] RIP: 0033:0x7f285877304a [ 128.224769] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.224791] RSP: 002b:00007f2855ce6fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.224813] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f285877304a [ 128.224835] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2855ce7000 [ 128.224849] RBP: 00007f2855ce7040 R08: 00007f2855ce7040 R09: 0000000020000000 [ 128.224864] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 128.224878] R13: 0000000020000100 R14: 00007f2855ce7000 R15: 0000000020010d00 [ 128.224904] 12:22:41 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) 12:22:41 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xab80, 0x0) dup2(r0, r1) 12:22:41 executing program 6: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) [ 128.297425] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 12:22:41 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) bind$bt_hci(r0, &(0x7f0000000140), 0x6) 12:22:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x16, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) [ 128.409905] rfkill: input handler disabled [ 128.411292] rfkill: input handler enabled [ 128.418095] rfkill: input handler disabled [ 128.421321] rfkill: input handler enabled [ 128.463453] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 12:22:42 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xab80, 0x0) dup2(r0, r1) 12:22:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x16, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) 12:22:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x4b4b, &(0x7f0000000140)) 12:22:42 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:22:42 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) 12:22:42 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) bind$bt_hci(r0, &(0x7f0000000140), 0x6) 12:22:42 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 12:22:42 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sync_file_range(r0, 0x0, 0x0, 0x2) [ 128.992615] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 129.013232] loop5: detected capacity change from 0 to 240 [ 129.025989] ISO 9660 Extensions: Microsoft Joliet Level 3 12:22:42 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) 12:22:42 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sync_file_range(r0, 0x0, 0x0, 0x2) 12:22:42 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xab80, 0x0) dup2(r0, r1) 12:22:42 executing program 1: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) r2 = epoll_create(0x1) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 12:22:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x16, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) [ 129.095416] Bluetooth: hci0: command 0x0c1a tx timeout 12:22:42 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) 12:22:42 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) bind$bt_hci(r0, &(0x7f0000000140), 0x6) 12:22:42 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sync_file_range(r0, 0x0, 0x0, 0x2) 12:22:42 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 12:22:42 executing program 4: r0 = epoll_create(0x6) r1 = epoll_create(0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r3) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)={0x20000011}) 12:22:42 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sync_file_range(r0, 0x0, 0x0, 0x2) [ 129.173146] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 12:22:42 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) 12:22:42 executing program 2: modify_ldt$write(0x1, &(0x7f0000000080), 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x80000001, 0x1000, 0x1000, 0x1, 0x3, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0xffffffc1, 0x1000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0xffffc90000000000, &(0x7f0000000180), 0x10) 12:22:42 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 12:22:42 executing program 4: setresuid(0x0, 0xee01, 0x0) setreuid(0xffffffffffffffff, 0x0) 12:22:42 executing program 3: keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000009c0), 0x0, 0x0, 0x0) 12:22:42 executing program 6: setresuid(0xee01, 0xee00, 0x0) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) 12:22:42 executing program 0: ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000001140)) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000011c0), 0x0, 0x0) 12:22:42 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x114, &(0x7f0000000000)) [ 129.989909] Bluetooth: hci6: command 0x0c1a tx timeout [ 129.989940] Bluetooth: hci3: command 0x0c1a tx timeout [ 129.990568] Bluetooth: hci4: command 0x0c1a tx timeout [ 129.991597] Bluetooth: hci5: command 0x0c1a tx timeout [ 129.992132] Bluetooth: hci2: command 0x0c1a tx timeout [ 129.993085] Bluetooth: hci1: command 0x0c1a tx timeout 12:22:43 executing program 3: keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000009c0), 0x0, 0x0, 0x0) 12:22:43 executing program 2: modify_ldt$write(0x1, &(0x7f0000000080), 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x80000001, 0x1000, 0x1000, 0x1, 0x3, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0xffffffc1, 0x1000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0xffffc90000000000, &(0x7f0000000180), 0x10) 12:22:43 executing program 6: setresuid(0xee01, 0xee00, 0x0) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) 12:22:43 executing program 1: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) r2 = epoll_create(0x1) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 12:22:43 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:43 executing program 4: setresuid(0x0, 0xee01, 0x0) setreuid(0xffffffffffffffff, 0x0) 12:22:43 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 12:22:43 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x114, &(0x7f0000000000)) [ 130.029339] serio: Serial port ptm0 [ 130.053936] Bluetooth: hci7: command 0x0c1a tx timeout 12:22:43 executing program 2: modify_ldt$write(0x1, &(0x7f0000000080), 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x80000001, 0x1000, 0x1000, 0x1, 0x3, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0xffffffc1, 0x1000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0xffffc90000000000, &(0x7f0000000180), 0x10) 12:22:43 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x114, &(0x7f0000000000)) 12:22:43 executing program 4: setresuid(0x0, 0xee01, 0x0) setreuid(0xffffffffffffffff, 0x0) 12:22:44 executing program 3: keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000009c0), 0x0, 0x0, 0x0) 12:22:44 executing program 6: setresuid(0xee01, 0xee00, 0x0) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) 12:22:44 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 12:22:44 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:44 executing program 2: modify_ldt$write(0x1, &(0x7f0000000080), 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x80000001, 0x1000, 0x1000, 0x1, 0x3, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0xffffffc1, 0x1000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0xffffc90000000000, &(0x7f0000000180), 0x10) 12:22:44 executing program 4: setresuid(0x0, 0xee01, 0x0) setreuid(0xffffffffffffffff, 0x0) 12:22:44 executing program 1: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) r2 = epoll_create(0x1) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 12:22:44 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x114, &(0x7f0000000000)) [ 131.031527] serio: Serial port ptm0 [ 131.142590] Bluetooth: hci0: command 0x0c1a tx timeout 12:22:44 executing program 1: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) r2 = epoll_create(0x1) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 12:22:44 executing program 6: setresuid(0xee01, 0xee00, 0x0) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) 12:22:44 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:44 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:44 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:44 executing program 3: keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000009c0), 0x0, 0x0, 0x0) 12:22:44 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 12:22:45 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000700)="fc", 0x1}], 0x1, 0x0) [ 131.889262] serio: Serial port ptm0 [ 131.894931] serio: Serial port ptm1 [ 131.898586] serio: Serial port ptm2 12:22:45 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000700)="fc", 0x1}], 0x1, 0x0) 12:22:45 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0xd, &(0x7f0000000000), 0x4) 12:22:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:45 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:45 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r0, 0x107, 0x18, 0x0, &(0x7f0000000240)) 12:22:45 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 132.037970] Bluetooth: hci1: command 0x0c1a tx timeout 12:22:45 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) [ 132.038978] Bluetooth: hci4: command 0x0c1a tx timeout [ 132.040051] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.041087] Bluetooth: hci5: command 0x0c1a tx timeout [ 132.041279] Bluetooth: hci3: command 0x0c1a tx timeout [ 132.041999] Bluetooth: hci6: command 0x0c1a tx timeout [ 132.089460] serio: Serial port ptm0 [ 132.096554] serio: Serial port ptm1 12:22:45 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000700)="fc", 0x1}], 0x1, 0x0) [ 132.101912] Bluetooth: hci7: command 0x0c1a tx timeout [ 132.128800] serio: Serial port ptm2 12:22:45 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:45 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000700)="fc", 0x1}], 0x1, 0x0) 12:22:45 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0xd, &(0x7f0000000000), 0x4) 12:22:45 executing program 6: syz_mount_image$nfs4(0x0, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) 12:22:45 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) 12:22:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12:22:45 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0xce24, @empty}, 0x10) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0}, 0x20004000) [ 132.814702] serio: Serial port ptm0 [ 132.817604] serio: Serial port ptm1 12:22:45 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x10000}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x14) 12:22:46 executing program 4: pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x5) 12:22:46 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) 12:22:46 executing program 6: syz_mount_image$nfs4(0x0, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) 12:22:46 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0xce24, @empty}, 0x10) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0}, 0x20004000) 12:22:46 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0xd, &(0x7f0000000000), 0x4) 12:22:46 executing program 5: open_by_handle_at(0xffffffffffffffff, &(0x7f0000000540)=@raw={0x4, 0xe79059addec989b5, {"e2"}}, 0x0) 12:22:46 executing program 4: name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 12:22:46 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x10000}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x14) 12:22:46 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001ac0), 0x0, &(0x7f0000001b80)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}, {@huge_always}]}) 12:22:46 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) 12:22:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSERGETLSR(r0, 0x5460, 0x0) 12:22:46 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) 12:22:46 executing program 6: syz_mount_image$nfs4(0x0, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) 12:22:46 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x10000}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x14) [ 133.189906] Bluetooth: hci0: command 0x0c1a tx timeout 12:22:46 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0xce24, @empty}, 0x10) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0}, 0x20004000) 12:22:46 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0xd, &(0x7f0000000000), 0x4) [ 133.252443] tmpfs: Unsupported parameter 'huge' 12:22:46 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x10000}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x14) [ 133.286624] tmpfs: Unsupported parameter 'huge' 12:22:46 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0xce24, @empty}, 0x10) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0}, 0x20004000) 12:22:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSERGETLSR(r0, 0x5460, 0x0) 12:22:46 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) 12:22:46 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001ac0), 0x0, &(0x7f0000001b80)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}, {@huge_always}]}) 12:22:46 executing program 6: syz_mount_image$nfs4(0x0, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) 12:22:46 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) [ 133.465919] tmpfs: Unsupported parameter 'huge' 12:22:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@rights={{0x10}}], 0x10}, 0x0) 12:22:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSERGETLSR(r0, 0x5460, 0x0) 12:22:46 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001ac0), 0x0, &(0x7f0000001b80)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}, {@huge_always}]}) [ 133.608720] tmpfs: Unsupported parameter 'huge' 12:22:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSERGETLSR(r0, 0x5460, 0x0) 12:22:46 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) 12:22:46 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @loopback}, 0x1c) 12:22:46 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0xb}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}}, 0x0) 12:22:46 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_adjtime(0x0, &(0x7f0000000200)={0xffff}) 12:22:46 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001ac0), 0x0, &(0x7f0000001b80)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}, {@huge_always}]}) 12:22:46 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) 12:22:46 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x4) chroot(&(0x7f0000000200)='./file0\x00') [ 133.693587] tmpfs: Unsupported parameter 'huge' 12:22:46 executing program 0: fchmodat(0xffffffffffffffff, 0x0, 0x0) 12:22:46 executing program 2: capset(0x0, 0x0) 12:22:46 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x11, 0x0, 0x0) [ 133.760930] kmemleak: Found object by alias at 0x607f1a639c88 [ 133.760958] CPU: 1 UID: 0 PID: 4240 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 133.760990] Tainted: [D]=DIE, [W]=WARN [ 133.760996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 133.761007] Call Trace: [ 133.761013] [ 133.761020] dump_stack_lvl+0xca/0x120 [ 133.761057] __lookup_object+0x94/0xb0 [ 133.761083] delete_object_full+0x27/0x70 [ 133.761107] free_percpu+0x30/0x1160 [ 133.761134] ? arch_uprobe_clear_state+0x16/0x140 [ 133.761163] futex_hash_free+0x38/0xc0 [ 133.761184] mmput+0x2d3/0x390 [ 133.761212] do_exit+0x79d/0x2970 [ 133.761233] ? signal_wake_up_state+0x85/0x120 [ 133.761257] ? zap_other_threads+0x2b9/0x3a0 [ 133.761280] ? __pfx_do_exit+0x10/0x10 [ 133.761300] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 133.761326] ? lock_release+0x1c7/0x290 [ 133.761349] do_group_exit+0xd3/0x2a0 [ 133.761371] __x64_sys_exit_group+0x3e/0x50 [ 133.761393] x64_sys_call+0x18c5/0x18d0 [ 133.761417] do_syscall_64+0xbf/0x360 [ 133.761436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.761454] RIP: 0033:0x7f32bbd1cb19 [ 133.761468] Code: Unable to access opcode bytes at 0x7f32bbd1caef. [ 133.761476] RSP: 002b:00007ffc67a70338 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 133.761494] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f32bbd1cb19 [ 133.761507] RDX: 00007f32bbccf72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 133.761518] RBP: 0000000000000000 R08: 0000001b2d92001c R09: 0000000000000000 [ 133.761529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.761540] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc67a70420 [ 133.761557] [ 133.761563] kmemleak: Object (percpu) 0x607f1a639c84 (size 8): [ 133.761574] kmemleak: comm "syz-executor.6", pid 4247, jiffies 4294800588 [ 133.761585] kmemleak: min_count = 1 [ 133.761591] kmemleak: count = 0 [ 133.761597] kmemleak: flags = 0x21 [ 133.761603] kmemleak: checksum = 0 [ 133.761609] kmemleak: backtrace: [ 133.761614] pcpu_alloc_noprof+0x87a/0x1170 [ 133.761639] alloc_vfsmnt+0x135/0x6e0 [ 133.761661] vfs_create_mount.part.0+0x40/0x440 [ 133.761685] path_mount+0x1637/0x1dd0 [ 133.761704] __x64_sys_mount+0x27b/0x300 [ 133.761723] do_syscall_64+0xbf/0x360 [ 133.761738] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:22:46 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) 12:22:46 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_adjtime(0x0, &(0x7f0000000200)={0xffff}) 12:22:47 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x4) chroot(&(0x7f0000000200)='./file0\x00') 12:22:47 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r0, 0x0, 0x0) 12:22:47 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCBRADDBR(r0, 0x8912, &(0x7f00000001c0)='batadv_slave_1\x00') ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) 12:22:47 executing program 5: setrlimit(0x4, &(0x7f0000000000)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) io_setup(0x8, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x1}]) write(0xffffffffffffffff, 0x0, 0x0) 12:22:47 executing program 2: mincore(&(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000000)) pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) 12:22:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x11, 0x0, 0x0) [ 133.945794] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 133.946937] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 12:22:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x11, 0x0, 0x0) VM DIAGNOSIS: 12:22:37 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880477ef0c0 R8 =0000000000000000 R9 =ffffed10013e6046 R10=00000000000fe503 R11=30376578302f4952 R12=0000000000000823 R13=0000000000000060 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556938e400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fffed914d18 CR3=0000000046a09000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc2421c57c000007fc2421c57c8 XMM02=00007fc2421c57e000007fc2421c57c0 XMM03=00007fc2421c57c800007fc2421c57c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de20 RCX=ffffffff816880fc RDX=ffff88801a9b5280 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88801bf4f988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555592171400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d922000 CR3=000000000dad6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff000000000000000000000000000000 XMM01=010000000000000000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f32bbe037c800007f32bbe037c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000