Warning: Permanently added '[localhost]:18668' (ECDSA) to the list of known hosts. 2025/08/29 13:18:00 fuzzer started 2025/08/29 13:18:00 dialing manager at localhost:43077 syzkaller login: [ 58.817889] cgroup: Unknown subsys name 'net' [ 58.872110] cgroup: Unknown subsys name 'cpuset' [ 58.885548] cgroup: Unknown subsys name 'rlimit' 2025/08/29 13:18:10 syscalls: 2214 2025/08/29 13:18:10 code coverage: enabled 2025/08/29 13:18:10 comparison tracing: enabled 2025/08/29 13:18:10 extra coverage: enabled 2025/08/29 13:18:10 setuid sandbox: enabled 2025/08/29 13:18:10 namespace sandbox: enabled 2025/08/29 13:18:10 Android sandbox: enabled 2025/08/29 13:18:10 fault injection: enabled 2025/08/29 13:18:10 leak checking: enabled 2025/08/29 13:18:10 net packet injection: enabled 2025/08/29 13:18:10 net device setup: enabled 2025/08/29 13:18:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 13:18:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 13:18:10 USB emulation: enabled 2025/08/29 13:18:10 hci packet injection: enabled 2025/08/29 13:18:10 wifi device emulation: enabled 2025/08/29 13:18:10 802.15.4 emulation: enabled 2025/08/29 13:18:10 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 13:18:10 fetching corpus: 42, signal 13159/16896 (executing program) 2025/08/29 13:18:10 fetching corpus: 91, signal 26109/31344 (executing program) 2025/08/29 13:18:11 fetching corpus: 141, signal 33466/40187 (executing program) 2025/08/29 13:18:11 fetching corpus: 191, signal 39071/47156 (executing program) 2025/08/29 13:18:11 fetching corpus: 241, signal 47221/56402 (executing program) 2025/08/29 13:18:11 fetching corpus: 291, signal 52413/62795 (executing program) 2025/08/29 13:18:11 fetching corpus: 341, signal 57402/68905 (executing program) 2025/08/29 13:18:11 fetching corpus: 391, signal 61178/73761 (executing program) 2025/08/29 13:18:11 fetching corpus: 441, signal 64219/77919 (executing program) 2025/08/29 13:18:11 fetching corpus: 491, signal 65797/80658 (executing program) 2025/08/29 13:18:11 fetching corpus: 541, signal 71932/87376 (executing program) 2025/08/29 13:18:11 fetching corpus: 591, signal 73456/89972 (executing program) 2025/08/29 13:18:11 fetching corpus: 641, signal 77683/94867 (executing program) 2025/08/29 13:18:12 fetching corpus: 691, signal 81048/98996 (executing program) 2025/08/29 13:18:12 fetching corpus: 741, signal 82820/101698 (executing program) 2025/08/29 13:18:12 fetching corpus: 791, signal 85403/105012 (executing program) 2025/08/29 13:18:12 fetching corpus: 840, signal 88143/108368 (executing program) 2025/08/29 13:18:12 fetching corpus: 890, signal 90376/111302 (executing program) 2025/08/29 13:18:12 fetching corpus: 940, signal 91712/113465 (executing program) 2025/08/29 13:18:12 fetching corpus: 990, signal 92958/115519 (executing program) 2025/08/29 13:18:12 fetching corpus: 1040, signal 94850/118117 (executing program) 2025/08/29 13:18:12 fetching corpus: 1090, signal 97569/121241 (executing program) 2025/08/29 13:18:12 fetching corpus: 1140, signal 99141/123482 (executing program) 2025/08/29 13:18:13 fetching corpus: 1190, signal 101402/126173 (executing program) 2025/08/29 13:18:13 fetching corpus: 1240, signal 103521/128684 (executing program) 2025/08/29 13:18:13 fetching corpus: 1290, signal 104874/130646 (executing program) 2025/08/29 13:18:13 fetching corpus: 1340, signal 106532/132809 (executing program) 2025/08/29 13:18:13 fetching corpus: 1390, signal 107700/134557 (executing program) 2025/08/29 13:18:13 fetching corpus: 1440, signal 109182/136539 (executing program) 2025/08/29 13:18:13 fetching corpus: 1490, signal 110275/138248 (executing program) 2025/08/29 13:18:13 fetching corpus: 1540, signal 111207/139763 (executing program) 2025/08/29 13:18:13 fetching corpus: 1590, signal 112138/141301 (executing program) 2025/08/29 13:18:13 fetching corpus: 1640, signal 113641/143197 (executing program) 2025/08/29 13:18:13 fetching corpus: 1690, signal 114867/144890 (executing program) 2025/08/29 13:18:14 fetching corpus: 1740, signal 116008/146471 (executing program) 2025/08/29 13:18:14 fetching corpus: 1790, signal 117004/147940 (executing program) 2025/08/29 13:18:14 fetching corpus: 1840, signal 118051/149486 (executing program) 2025/08/29 13:18:14 fetching corpus: 1890, signal 119022/150895 (executing program) 2025/08/29 13:18:14 fetching corpus: 1940, signal 120136/152445 (executing program) 2025/08/29 13:18:14 fetching corpus: 1990, signal 121545/154075 (executing program) 2025/08/29 13:18:14 fetching corpus: 2040, signal 122558/155424 (executing program) 2025/08/29 13:18:14 fetching corpus: 2090, signal 123193/156580 (executing program) 2025/08/29 13:18:14 fetching corpus: 2139, signal 123847/157683 (executing program) 2025/08/29 13:18:14 fetching corpus: 2189, signal 124948/159074 (executing program) 2025/08/29 13:18:14 fetching corpus: 2239, signal 126268/160535 (executing program) 2025/08/29 13:18:15 fetching corpus: 2289, signal 126944/161631 (executing program) 2025/08/29 13:18:15 fetching corpus: 2339, signal 128112/163044 (executing program) 2025/08/29 13:18:15 fetching corpus: 2389, signal 128660/164064 (executing program) 2025/08/29 13:18:15 fetching corpus: 2439, signal 129666/165313 (executing program) 2025/08/29 13:18:15 fetching corpus: 2489, signal 130583/166494 (executing program) 2025/08/29 13:18:15 fetching corpus: 2539, signal 131226/167499 (executing program) 2025/08/29 13:18:15 fetching corpus: 2589, signal 132032/168531 (executing program) 2025/08/29 13:18:15 fetching corpus: 2639, signal 132747/169540 (executing program) 2025/08/29 13:18:15 fetching corpus: 2689, signal 133314/170481 (executing program) 2025/08/29 13:18:15 fetching corpus: 2739, signal 134034/171458 (executing program) 2025/08/29 13:18:15 fetching corpus: 2789, signal 136980/173416 (executing program) 2025/08/29 13:18:16 fetching corpus: 2839, signal 137714/174348 (executing program) 2025/08/29 13:18:16 fetching corpus: 2889, signal 138561/175351 (executing program) 2025/08/29 13:18:16 fetching corpus: 2939, signal 139091/176182 (executing program) 2025/08/29 13:18:16 fetching corpus: 2989, signal 139707/177051 (executing program) 2025/08/29 13:18:16 fetching corpus: 3039, signal 140369/177887 (executing program) 2025/08/29 13:18:16 fetching corpus: 3089, signal 141032/178799 (executing program) 2025/08/29 13:18:16 fetching corpus: 3139, signal 141905/179758 (executing program) 2025/08/29 13:18:16 fetching corpus: 3189, signal 142641/180628 (executing program) 2025/08/29 13:18:16 fetching corpus: 3239, signal 143323/181488 (executing program) 2025/08/29 13:18:16 fetching corpus: 3289, signal 143938/182337 (executing program) 2025/08/29 13:18:16 fetching corpus: 3339, signal 144685/183123 (executing program) 2025/08/29 13:18:16 fetching corpus: 3389, signal 145252/183864 (executing program) 2025/08/29 13:18:17 fetching corpus: 3439, signal 145894/184616 (executing program) 2025/08/29 13:18:17 fetching corpus: 3489, signal 146392/185351 (executing program) 2025/08/29 13:18:17 fetching corpus: 3539, signal 146835/186064 (executing program) 2025/08/29 13:18:17 fetching corpus: 3589, signal 147747/186848 (executing program) 2025/08/29 13:18:17 fetching corpus: 3639, signal 148445/187530 (executing program) 2025/08/29 13:18:17 fetching corpus: 3689, signal 148974/188180 (executing program) 2025/08/29 13:18:17 fetching corpus: 3739, signal 149571/188887 (executing program) 2025/08/29 13:18:17 fetching corpus: 3789, signal 150122/189536 (executing program) 2025/08/29 13:18:17 fetching corpus: 3839, signal 150693/190214 (executing program) 2025/08/29 13:18:17 fetching corpus: 3889, signal 151332/190825 (executing program) 2025/08/29 13:18:18 fetching corpus: 3939, signal 151871/191422 (executing program) 2025/08/29 13:18:18 fetching corpus: 3989, signal 152534/192053 (executing program) 2025/08/29 13:18:18 fetching corpus: 4039, signal 153037/192636 (executing program) 2025/08/29 13:18:18 fetching corpus: 4089, signal 153493/193222 (executing program) 2025/08/29 13:18:18 fetching corpus: 4139, signal 153973/193779 (executing program) 2025/08/29 13:18:18 fetching corpus: 4189, signal 154496/194296 (executing program) 2025/08/29 13:18:18 fetching corpus: 4239, signal 155075/194835 (executing program) 2025/08/29 13:18:18 fetching corpus: 4289, signal 155626/195387 (executing program) 2025/08/29 13:18:18 fetching corpus: 4339, signal 156177/195905 (executing program) 2025/08/29 13:18:18 fetching corpus: 4389, signal 156739/196441 (executing program) 2025/08/29 13:18:18 fetching corpus: 4439, signal 157247/196913 (executing program) 2025/08/29 13:18:19 fetching corpus: 4488, signal 157710/197450 (executing program) 2025/08/29 13:18:19 fetching corpus: 4538, signal 158137/197935 (executing program) 2025/08/29 13:18:19 fetching corpus: 4588, signal 158875/198426 (executing program) 2025/08/29 13:18:19 fetching corpus: 4638, signal 159436/198929 (executing program) 2025/08/29 13:18:19 fetching corpus: 4688, signal 159858/199368 (executing program) 2025/08/29 13:18:19 fetching corpus: 4738, signal 160379/199769 (executing program) 2025/08/29 13:18:19 fetching corpus: 4788, signal 160846/200218 (executing program) 2025/08/29 13:18:19 fetching corpus: 4838, signal 161439/200491 (executing program) 2025/08/29 13:18:19 fetching corpus: 4888, signal 162282/200500 (executing program) 2025/08/29 13:18:19 fetching corpus: 4938, signal 162826/200527 (executing program) 2025/08/29 13:18:19 fetching corpus: 4988, signal 163206/200529 (executing program) 2025/08/29 13:18:20 fetching corpus: 5038, signal 163804/200529 (executing program) 2025/08/29 13:18:20 fetching corpus: 5088, signal 164263/200636 (executing program) 2025/08/29 13:18:20 fetching corpus: 5138, signal 164704/200659 (executing program) 2025/08/29 13:18:20 fetching corpus: 5188, signal 165024/200659 (executing program) 2025/08/29 13:18:20 fetching corpus: 5238, signal 165665/200679 (executing program) 2025/08/29 13:18:20 fetching corpus: 5288, signal 165974/200681 (executing program) 2025/08/29 13:18:20 fetching corpus: 5338, signal 166405/200686 (executing program) 2025/08/29 13:18:20 fetching corpus: 5388, signal 166953/200698 (executing program) 2025/08/29 13:18:20 fetching corpus: 5437, signal 167387/200699 (executing program) 2025/08/29 13:18:20 fetching corpus: 5487, signal 167862/200764 (executing program) 2025/08/29 13:18:20 fetching corpus: 5537, signal 168386/200772 (executing program) 2025/08/29 13:18:21 fetching corpus: 5587, signal 168815/200777 (executing program) 2025/08/29 13:18:21 fetching corpus: 5637, signal 169311/200811 (executing program) 2025/08/29 13:18:21 fetching corpus: 5687, signal 169636/200824 (executing program) 2025/08/29 13:18:21 fetching corpus: 5737, signal 170127/200840 (executing program) 2025/08/29 13:18:21 fetching corpus: 5787, signal 170603/200863 (executing program) 2025/08/29 13:18:21 fetching corpus: 5837, signal 170897/200864 (executing program) 2025/08/29 13:18:21 fetching corpus: 5887, signal 171250/200869 (executing program) 2025/08/29 13:18:21 fetching corpus: 5937, signal 171465/200870 (executing program) 2025/08/29 13:18:21 fetching corpus: 5987, signal 172486/200871 (executing program) 2025/08/29 13:18:21 fetching corpus: 6036, signal 172808/200908 (executing program) 2025/08/29 13:18:22 fetching corpus: 6086, signal 173135/200911 (executing program) 2025/08/29 13:18:22 fetching corpus: 6136, signal 173520/200916 (executing program) 2025/08/29 13:18:22 fetching corpus: 6186, signal 173830/200947 (executing program) 2025/08/29 13:18:22 fetching corpus: 6235, signal 174185/200962 (executing program) 2025/08/29 13:18:22 fetching corpus: 6285, signal 174450/201027 (executing program) 2025/08/29 13:18:22 fetching corpus: 6335, signal 174857/201048 (executing program) 2025/08/29 13:18:22 fetching corpus: 6385, signal 175099/201049 (executing program) 2025/08/29 13:18:22 fetching corpus: 6435, signal 175444/201056 (executing program) 2025/08/29 13:18:22 fetching corpus: 6485, signal 175825/201068 (executing program) 2025/08/29 13:18:22 fetching corpus: 6535, signal 176132/201079 (executing program) 2025/08/29 13:18:22 fetching corpus: 6585, signal 176343/201088 (executing program) 2025/08/29 13:18:23 fetching corpus: 6635, signal 176633/201092 (executing program) 2025/08/29 13:18:23 fetching corpus: 6685, signal 176876/201101 (executing program) 2025/08/29 13:18:23 fetching corpus: 6735, signal 177320/201109 (executing program) 2025/08/29 13:18:23 fetching corpus: 6785, signal 177608/201113 (executing program) 2025/08/29 13:18:23 fetching corpus: 6835, signal 178046/201115 (executing program) 2025/08/29 13:18:23 fetching corpus: 6885, signal 178322/201118 (executing program) 2025/08/29 13:18:23 fetching corpus: 6935, signal 178743/201130 (executing program) 2025/08/29 13:18:23 fetching corpus: 6985, signal 179047/201143 (executing program) 2025/08/29 13:18:23 fetching corpus: 7035, signal 179551/201148 (executing program) 2025/08/29 13:18:23 fetching corpus: 7085, signal 179806/201151 (executing program) 2025/08/29 13:18:24 fetching corpus: 7135, signal 180192/201155 (executing program) 2025/08/29 13:18:24 fetching corpus: 7185, signal 180434/201166 (executing program) 2025/08/29 13:18:24 fetching corpus: 7235, signal 180818/201193 (executing program) 2025/08/29 13:18:24 fetching corpus: 7285, signal 181175/201199 (executing program) 2025/08/29 13:18:24 fetching corpus: 7335, signal 181406/201207 (executing program) 2025/08/29 13:18:24 fetching corpus: 7385, signal 181737/201224 (executing program) 2025/08/29 13:18:24 fetching corpus: 7435, signal 181972/201225 (executing program) 2025/08/29 13:18:24 fetching corpus: 7485, signal 182260/201228 (executing program) 2025/08/29 13:18:24 fetching corpus: 7535, signal 182493/201229 (executing program) 2025/08/29 13:18:24 fetching corpus: 7585, signal 182754/201240 (executing program) 2025/08/29 13:18:24 fetching corpus: 7635, signal 183050/201286 (executing program) 2025/08/29 13:18:24 fetching corpus: 7685, signal 183324/201286 (executing program) 2025/08/29 13:18:24 fetching corpus: 7735, signal 183619/201293 (executing program) 2025/08/29 13:18:25 fetching corpus: 7785, signal 183917/201418 (executing program) 2025/08/29 13:18:25 fetching corpus: 7835, signal 184087/201421 (executing program) 2025/08/29 13:18:25 fetching corpus: 7885, signal 184479/201432 (executing program) 2025/08/29 13:18:25 fetching corpus: 7935, signal 184693/201438 (executing program) 2025/08/29 13:18:25 fetching corpus: 7985, signal 185019/201441 (executing program) 2025/08/29 13:18:25 fetching corpus: 8035, signal 185291/201448 (executing program) 2025/08/29 13:18:25 fetching corpus: 8085, signal 185579/201451 (executing program) 2025/08/29 13:18:25 fetching corpus: 8135, signal 185984/201453 (executing program) 2025/08/29 13:18:25 fetching corpus: 8185, signal 186282/201459 (executing program) 2025/08/29 13:18:25 fetching corpus: 8235, signal 186701/201476 (executing program) 2025/08/29 13:18:25 fetching corpus: 8285, signal 187079/201478 (executing program) 2025/08/29 13:18:25 fetching corpus: 8334, signal 187300/201481 (executing program) 2025/08/29 13:18:26 fetching corpus: 8383, signal 187731/201481 (executing program) 2025/08/29 13:18:26 fetching corpus: 8433, signal 187953/201491 (executing program) 2025/08/29 13:18:26 fetching corpus: 8483, signal 188220/201492 (executing program) 2025/08/29 13:18:26 fetching corpus: 8533, signal 188453/201495 (executing program) 2025/08/29 13:18:26 fetching corpus: 8583, signal 188674/201511 (executing program) 2025/08/29 13:18:26 fetching corpus: 8633, signal 188832/201517 (executing program) 2025/08/29 13:18:26 fetching corpus: 8683, signal 189134/201527 (executing program) 2025/08/29 13:18:26 fetching corpus: 8733, signal 189402/201552 (executing program) 2025/08/29 13:18:26 fetching corpus: 8783, signal 189715/201556 (executing program) 2025/08/29 13:18:26 fetching corpus: 8833, signal 189970/201580 (executing program) 2025/08/29 13:18:26 fetching corpus: 8883, signal 190270/201588 (executing program) 2025/08/29 13:18:26 fetching corpus: 8933, signal 190440/201591 (executing program) 2025/08/29 13:18:26 fetching corpus: 8983, signal 190619/201600 (executing program) 2025/08/29 13:18:27 fetching corpus: 9033, signal 190829/201619 (executing program) 2025/08/29 13:18:27 fetching corpus: 9083, signal 191515/201702 (executing program) 2025/08/29 13:18:27 fetching corpus: 9133, signal 191789/201704 (executing program) 2025/08/29 13:18:27 fetching corpus: 9183, signal 191947/201707 (executing program) 2025/08/29 13:18:27 fetching corpus: 9233, signal 192136/201711 (executing program) 2025/08/29 13:18:27 fetching corpus: 9283, signal 192563/201727 (executing program) 2025/08/29 13:18:27 fetching corpus: 9333, signal 192892/201728 (executing program) 2025/08/29 13:18:27 fetching corpus: 9383, signal 193094/201730 (executing program) 2025/08/29 13:18:27 fetching corpus: 9433, signal 193487/201752 (executing program) 2025/08/29 13:18:27 fetching corpus: 9483, signal 193694/201768 (executing program) 2025/08/29 13:18:27 fetching corpus: 9532, signal 193980/201770 (executing program) 2025/08/29 13:18:28 fetching corpus: 9582, signal 194184/201772 (executing program) 2025/08/29 13:18:28 fetching corpus: 9632, signal 194424/201776 (executing program) 2025/08/29 13:18:28 fetching corpus: 9682, signal 194651/201778 (executing program) 2025/08/29 13:18:28 fetching corpus: 9732, signal 194905/201800 (executing program) 2025/08/29 13:18:28 fetching corpus: 9782, signal 195319/201808 (executing program) 2025/08/29 13:18:28 fetching corpus: 9831, signal 195523/201815 (executing program) 2025/08/29 13:18:28 fetching corpus: 9881, signal 195684/201816 (executing program) 2025/08/29 13:18:28 fetching corpus: 9931, signal 195906/201818 (executing program) 2025/08/29 13:18:28 fetching corpus: 9981, signal 196115/201825 (executing program) 2025/08/29 13:18:28 fetching corpus: 10031, signal 196352/201834 (executing program) 2025/08/29 13:18:28 fetching corpus: 10081, signal 196593/201839 (executing program) 2025/08/29 13:18:28 fetching corpus: 10131, signal 196859/201839 (executing program) 2025/08/29 13:18:29 fetching corpus: 10181, signal 197116/201839 (executing program) 2025/08/29 13:18:29 fetching corpus: 10231, signal 197372/201842 (executing program) 2025/08/29 13:18:29 fetching corpus: 10281, signal 197523/201843 (executing program) 2025/08/29 13:18:29 fetching corpus: 10310, signal 197704/201846 (executing program) 2025/08/29 13:18:29 fetching corpus: 10310, signal 197704/201846 (executing program) 2025/08/29 13:18:31 starting 8 fuzzer processes 13:18:31 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:18:31 executing program 1: syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x1e}) 13:18:31 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) 13:18:31 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$RNDGETENTCNT(r0, 0x40085203, 0x0) 13:18:31 executing program 7: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) 13:18:31 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000140)={0x24, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000800}, 0x0) [ 89.708558] audit: type=1400 audit(1756473511.819:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:18:31 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000040)=0x1000, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4) 13:18:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) [ 90.935393] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.936532] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.938469] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.941884] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.948327] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.948487] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.950679] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.954313] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.954878] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.958453] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.958856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.959042] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.968274] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.973301] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.978528] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.997663] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.999708] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.000615] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.007183] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.011188] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.060997] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 91.061793] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.064113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.066004] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.068378] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.069795] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.077099] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 91.080327] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 91.081126] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 91.082308] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 91.084829] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 91.099610] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 91.102524] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 91.104151] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 91.104754] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 91.105925] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 91.117987] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 91.121955] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 91.128031] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 91.137354] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 93.030689] Bluetooth: hci2: command tx timeout [ 93.030814] Bluetooth: hci3: command tx timeout [ 93.031406] Bluetooth: hci0: command tx timeout [ 93.031472] Bluetooth: hci1: command tx timeout [ 93.158024] Bluetooth: hci4: command tx timeout [ 93.222050] Bluetooth: hci6: command tx timeout [ 93.222864] Bluetooth: hci7: command tx timeout [ 93.286159] Bluetooth: hci5: command tx timeout [ 95.078015] Bluetooth: hci2: command tx timeout [ 95.078484] Bluetooth: hci1: command tx timeout [ 95.079727] Bluetooth: hci3: command tx timeout [ 95.080150] Bluetooth: hci0: command tx timeout [ 95.205997] Bluetooth: hci4: command tx timeout [ 95.271037] Bluetooth: hci7: command tx timeout [ 95.271503] Bluetooth: hci6: command tx timeout [ 95.334030] Bluetooth: hci5: command tx timeout [ 97.126106] Bluetooth: hci3: command tx timeout [ 97.126559] Bluetooth: hci0: command tx timeout [ 97.128012] Bluetooth: hci2: command tx timeout [ 97.128057] Bluetooth: hci1: command tx timeout [ 97.256935] Bluetooth: hci4: command tx timeout [ 97.319053] Bluetooth: hci6: command tx timeout [ 97.319161] Bluetooth: hci7: command tx timeout [ 97.382110] Bluetooth: hci5: command tx timeout [ 97.611098] kmemleak: Found object by alias at 0x607f1a631484 [ 97.611117] CPU: 1 UID: 0 PID: 103 Comm: kworker/1:2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 97.611135] Tainted: [W]=WARN [ 97.611138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 97.611146] Workqueue: cgwb_release cgwb_release_workfn [ 97.611167] Call Trace: [ 97.611171] [ 97.611176] dump_stack_lvl+0xca/0x120 [ 97.611197] __lookup_object+0x94/0xb0 [ 97.611214] delete_object_full+0x27/0x70 [ 97.611229] free_percpu+0x30/0x1160 [ 97.611248] percpu_counter_destroy_many+0x188/0x2b0 [ 97.611267] cgwb_release_workfn+0x25b/0x900 [ 97.611281] process_one_work+0x8e1/0x19c0 [ 97.611302] ? __pfx_process_one_work+0x10/0x10 [ 97.611316] ? move_linked_works+0x172/0x270 [ 97.611336] ? assign_work+0x196/0x240 [ 97.611351] worker_thread+0x67e/0xe90 [ 97.611365] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 97.611382] ? __pfx_worker_thread+0x10/0x10 [ 97.611396] kthread+0x3c8/0x740 [ 97.611409] ? __pfx_kthread+0x10/0x10 [ 97.611420] ? ret_from_fork+0x23/0x430 [ 97.611439] ? lock_release+0xc8/0x290 [ 97.611453] ? __pfx_kthread+0x10/0x10 [ 97.611466] ret_from_fork+0x34b/0x430 [ 97.611482] ? __pfx_kthread+0x10/0x10 [ 97.611494] ret_from_fork_asm+0x1a/0x30 [ 97.611518] [ 97.611522] kmemleak: Object (percpu) 0x607f1a631480 (size 8): [ 97.611529] kmemleak: comm "ip", pid 206, jiffies 4294713203 [ 97.611536] kmemleak: min_count = 1 [ 97.611539] kmemleak: count = 1 [ 97.611543] kmemleak: flags = 0x21 [ 97.611547] kmemleak: checksum = 0 [ 97.611550] kmemleak: backtrace: [ 97.611554] pcpu_alloc_noprof+0x87a/0x1170 [ 97.611568] fib_nh_init+0x92/0x400 [ 97.611581] fib_create_info+0x2640/0x4320 [ 97.611593] fib_table_insert+0x137/0x1a80 [ 97.611607] fib_magic+0x32b/0x3a0 [ 97.611616] fib_add_ifaddr+0x449/0x590 [ 97.611625] fib_inetaddr_event+0x147/0x270 [ 97.611636] notifier_call_chain+0xc0/0x360 [ 97.611646] blocking_notifier_call_chain+0x6b/0xa0 [ 97.611656] __inet_insert_ifa+0x904/0xcc0 [ 97.611672] inet_rtm_newaddr+0x104a/0x1530 [ 97.611688] rtnetlink_rcv_msg+0x9c6/0xfc0 [ 97.611704] netlink_rcv_skb+0x147/0x430 [ 97.611720] netlink_unicast+0x5a7/0x870 [ 97.611735] netlink_sendmsg+0x8ac/0xd80 [ 97.611750] ____sys_sendmsg+0xa67/0xc20 [ 99.175039] Bluetooth: hci1: command tx timeout [ 99.175096] Bluetooth: hci0: command tx timeout [ 99.175771] Bluetooth: hci2: command tx timeout [ 99.176952] Bluetooth: hci3: command tx timeout [ 99.302126] Bluetooth: hci4: command tx timeout [ 99.367383] Bluetooth: hci6: command tx timeout [ 99.368169] Bluetooth: hci7: command tx timeout [ 99.430081] Bluetooth: hci5: command tx timeout [ 126.902638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.903432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.109802] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.110403] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.374400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.375046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.515871] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.516497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:19:09 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockname(r0, 0x0, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x9) [ 127.637997] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 127.650815] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.652033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:19:09 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockname(r0, 0x0, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x9) 13:19:09 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockname(r0, 0x0, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x9) [ 127.740484] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 127.774111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.774601] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 127.774672] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:19:09 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockname(r0, 0x0, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x9) [ 127.858106] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 127.934834] kmemleak: Cannot insert 0x607f1a631484 into the object search tree (overlaps existing) [ 127.934850] CPU: 0 UID: 0 PID: 287 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.934868] Tainted: [W]=WARN [ 127.934871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.934878] Call Trace: [ 127.934883] [ 127.934887] dump_stack_lvl+0xca/0x120 [ 127.934919] __link_object+0x190/0x210 [ 127.934937] __create_object+0x48/0x80 [ 127.934954] pcpu_alloc_noprof+0x87a/0x1170 [ 127.934978] __percpu_counter_init_many+0x44/0x360 [ 127.934997] fprop_global_init+0x5b/0x100 [ 127.935014] mem_cgroup_css_alloc+0x88f/0x15e0 [ 127.935029] ? lock_is_held_type+0x9e/0x120 [ 127.935048] cgroup_apply_control_enable+0x446/0x9f0 [ 127.935070] cgroup_mkdir+0x86e/0x1110 [ 127.935087] ? __pfx_cgroup_mkdir+0x10/0x10 [ 127.935108] kernfs_iop_mkdir+0x111/0x190 [ 127.935127] vfs_mkdir+0x59a/0x8d0 [ 127.935146] do_mkdirat+0x19f/0x3d0 [ 127.935160] ? __pfx_do_mkdirat+0x10/0x10 [ 127.935177] __x64_sys_mkdir+0xf3/0x140 [ 127.935190] do_syscall_64+0xbf/0x360 [ 127.935202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.935214] RIP: 0033:0x7f5a59a3ac27 [ 127.935223] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.935234] RSP: 002b:00007ffff24653d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 127.935245] RAX: ffffffffffffffda RBX: 00007ffff2465460 RCX: 00007f5a59a3ac27 [ 127.935253] RDX: 00007ffff2465477 RSI: 00000000000001ff RDI: 00007ffff2465460 [ 127.935261] RBP: 00000000ffffffff R08: 0000000000000000 R09: 00007ffff2465270 [ 127.935268] R10: 00007ffff2465127 R11: 0000000000000206 R12: 0000000000000001 [ 127.935275] R13: 00007ffff24656e0 R14: 0000000000000000 R15: 00000000000000f8 [ 127.935291] [ 127.935914] kmemleak: Kernel memory leak detector disabled [ 127.935918] kmemleak: Object (percpu) 0x607f1a631480 (size 8): [ 127.935925] kmemleak: comm "ip", pid 206, jiffies 4294713203 [ 127.935931] kmemleak: min_count = 1 [ 127.935935] kmemleak: count = 1 [ 127.935939] kmemleak: flags = 0x21 [ 127.935943] kmemleak: checksum = 0 [ 127.935947] kmemleak: backtrace: [ 127.935950] pcpu_alloc_noprof+0x87a/0x1170 [ 127.935965] fib_nh_init+0x92/0x400 [ 127.935978] fib_create_info+0x2640/0x4320 [ 127.935989] fib_table_insert+0x137/0x1a80 [ 127.936004] fib_magic+0x32b/0x3a0 [ 127.936012] fib_add_ifaddr+0x449/0x590 [ 127.936022] fib_inetaddr_event+0x147/0x270 [ 127.936033] notifier_call_chain+0xc0/0x360 [ 127.936044] blocking_notifier_call_chain+0x6b/0xa0 [ 127.936057] __inet_insert_ifa+0x904/0xcc0 [ 127.936076] inet_rtm_newaddr+0x104a/0x1530 [ 127.936091] rtnetlink_rcv_msg+0x9c6/0xfc0 [ 127.936107] netlink_rcv_skb+0x147/0x430 [ 127.936124] netlink_unicast+0x5a7/0x870 [ 127.936139] netlink_sendmsg+0x8ac/0xd80 [ 127.936153] ____sys_sendmsg+0xa67/0xc20 13:19:10 executing program 2: r0 = syz_io_uring_setup(0x4e0b, &(0x7f0000001780), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), &(0x7f0000001840)) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x8) 13:19:10 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) [ 128.098273] audit: type=1400 audit(1756473550.209:8): avc: denied { open } for pid=3858 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 13:19:10 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) [ 128.106987] audit: type=1400 audit(1756473550.209:9): avc: denied { kernel } for pid=3858 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 13:19:10 executing program 1: syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x1e}) [ 128.346771] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.347509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.374811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.375574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.398876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.399510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.407754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.408357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.419243] kmemleak: Automatic memory scanning thread ended [ 128.419968] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.420543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.437734] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.438349] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.511952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.512569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.598362] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.599523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.599609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.600646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.644175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.644778] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:19:10 executing program 1: syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x1e}) 13:19:10 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 13:19:10 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:10 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:10 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:19:10 executing program 4: syz_mount_image$vfat(&(0x7f0000001a00), &(0x7f0000001a40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@fat=@fmask}]}) 13:19:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000440008000f801002000400003000000000000008000297902a1f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ffffffff078000ffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ffffffff078000ffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="f8ffff00f0ffffffff078000ffffff00"/32, 0x20, 0x600}, {&(0x7f0000010400)="f8ffff00f0ffffffff078000ffffff00"/32, 0x20, 0x800}, {&(0x7f0000010500)="53595a4b414c4c45522020080000eb80325132510000eb80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100022eb70325132510000eb70325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200022eb70325132510000eb70325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200022eb70325132510000eb70325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200022eb70325132510000eb703251090064000000", 0x120, 0xa00}, {&(0x7f0000010700)="2e20202020202020202020100022eb70325132510000eb7032510300000000002e2e202020202020202020100022eb70325132510000eb70325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200022eb70325132510000eb70325104001a040000", 0x80, 0x2200}, {&(0x7f0000010800)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x3200}, {&(0x7f0000010d00)='syzkallers\x00'/32, 0x20, 0x4200}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x8200}], 0x0, &(0x7f0000010f00)) [ 128.772986] loop3: detected capacity change from 0 to 130 [ 128.781460] No source specified [ 128.782792] No source specified 13:19:10 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:19:10 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:10 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:10 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:19:10 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 13:19:10 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2989, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x33}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/raw\x00') syz_open_procfs(0x0, &(0x7f00000002c0)='sched\x00') io_setup(0x8, &(0x7f0000000040)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0) r3 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r3, 0x13, &(0x7f0000000140), 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r4, 0x1, 0x44, &(0x7f0000000040), 0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, 0x0) io_submit(r1, 0x2, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000001b80)='r', 0x1}]) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 128.936099] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.936831] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 128.937384] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 128.937880] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00 [ 128.938551] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2 [ 128.939376] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.939895] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.940555] Buffer I/O error on dev sr0, logical block 0, async page read [ 128.943705] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.944325] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.945061] Buffer I/O error on dev sr0, logical block 1, async page read [ 128.957071] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.957506] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.958353] Buffer I/O error on dev sr0, logical block 2, async page read [ 128.968648] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.969118] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.969769] Buffer I/O error on dev sr0, logical block 3, async page read [ 128.975221] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.975781] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.976677] Buffer I/O error on dev sr0, logical block 4, async page read [ 128.986772] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.987394] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.988191] Buffer I/O error on dev sr0, logical block 5, async page read [ 128.991997] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.992403] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.993133] Buffer I/O error on dev sr0, logical block 6, async page read [ 128.995511] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 128.995950] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 128.996574] Buffer I/O error on dev sr0, logical block 7, async page read [ 129.050458] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 129.051972] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 129.052484] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 129.053107] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00 [ 129.053681] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2 [ 129.054566] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.055016] Buffer I/O error on dev sr0, logical block 0, async page read [ 129.055587] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.056010] Buffer I/O error on dev sr0, logical block 1, async page read [ 129.059611] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.060389] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.063020] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.063490] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.064990] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.065451] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 13:19:11 executing program 1: syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x1e}) 13:19:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) 13:19:11 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:19:11 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 13:19:11 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:19:11 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) move_mount(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x66) 13:19:11 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2989, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x33}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/raw\x00') syz_open_procfs(0x0, &(0x7f00000002c0)='sched\x00') io_setup(0x8, &(0x7f0000000040)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0) r3 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r3, 0x13, &(0x7f0000000140), 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r4, 0x1, 0x44, &(0x7f0000000040), 0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, 0x0) io_submit(r1, 0x2, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000001b80)='r', 0x1}]) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 13:19:11 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x20, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0) [ 129.180048] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 129.180785] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 129.181969] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 129.182469] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00 [ 129.183281] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.183778] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.185984] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.187882] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.189780] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.193153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.195165] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.196321] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 13:19:11 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/72) 13:19:11 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4) connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) 13:19:11 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) getsockopt$inet6_buf(r2, 0x29, 0x10, 0x0, &(0x7f00000001c0)) 13:19:11 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2989, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x33}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/raw\x00') syz_open_procfs(0x0, &(0x7f00000002c0)='sched\x00') io_setup(0x8, &(0x7f0000000040)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0) r3 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r3, 0x13, &(0x7f0000000140), 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_int(r4, 0x1, 0x44, &(0x7f0000000040), 0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, 0x0) io_submit(r1, 0x2, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000001b80)='r', 0x1}]) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 13:19:11 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000040)=@keyring={'key_or_keyring:', r0, 0xa}) 13:19:11 executing program 1: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f00000000c0)=@reiserfs_6, &(0x7f0000000080), 0x0) 13:19:11 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/72) 13:19:11 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x4b3a, &(0x7f00000000c0)) [ 129.358023] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#1] SMP KASAN NOPTI [ 129.358954] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 129.359591] CPU: 1 UID: 0 PID: 3983 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 129.360457] Tainted: [W]=WARN [ 129.361143] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.362886] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 129.363860] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 129.367664] RSP: 0018:ffff88804840f780 EFLAGS: 00010012 [ 129.368863] RAX: 00200000000000b0 RBX: ffff888013f08641 RCX: ffffc9000765c000 [ 129.369419] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 129.369971] RBP: ffff88804840f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b20 [ 129.370523] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.371070] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 129.371630] FS: 00007f426d8bf700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 129.372255] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.372707] CR2: 00007f427045d018 CR3: 000000000bcf8000 CR4: 0000000000350ef0 [ 129.373260] Call Trace: [ 129.373463] [ 129.373647] ? __pfx_perf_tp_event+0x10/0x10 [ 129.374000] ? __asan_memcpy+0x3d/0x60 [ 129.374310] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 129.374793] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 129.375301] ? lock_is_held_type+0x9e/0x120 [ 129.375647] ? ctx_sched_in+0x134/0x9b0 [ 129.375958] ? css_rstat_updated+0x1b8/0x4d0 [ 129.376313] ? __pfx_css_rstat_updated+0x10/0x10 [ 129.376691] ? lock_is_held_type+0x9e/0x120 [ 129.377038] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.377432] ? lock_is_held_type+0x9e/0x120 [ 129.377776] perf_trace_run_bpf_submit+0xef/0x180 [ 129.378156] perf_trace_preemptirq_template+0x259/0x430 [ 129.378577] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.379037] ? check_preempt_wakeup_fair+0x406/0x950 [ 129.379446] ? find_held_lock+0x2b/0x80 [ 129.379769] ? try_to_wake_up+0x8ae/0x11d0 [ 129.380107] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 129.380506] trace_irq_enable.constprop.0+0xa6/0x100 [ 129.380901] trace_hardirqs_on+0x26/0x40 [ 129.381219] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 129.381607] try_to_wake_up+0x8ae/0x11d0 [ 129.381933] ? __pfx_try_to_wake_up+0x10/0x10 [ 129.382292] ? plist_del+0x122/0x270 [ 129.382592] ? find_held_lock+0x2b/0x80 [ 129.382910] ? futex_wake+0x474/0x540 [ 129.383223] wake_up_q+0xa1/0x130 [ 129.383506] futex_wake+0x47e/0x540 [ 129.383799] ? __pfx_futex_wake+0x10/0x10 [ 129.384129] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 129.384527] ? lock_release+0xc8/0x290 [ 129.384836] do_futex+0x26d/0x370 [ 129.385116] ? __pfx_do_futex+0x10/0x10 [ 129.385432] __x64_sys_futex+0x1c9/0x4d0 [ 129.385753] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.386216] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.386576] ? xfd_validate_state+0x55/0x180 [ 129.386938] do_syscall_64+0xbf/0x360 [ 129.387244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.387647] RIP: 0033:0x7f4270349b19 [ 129.387938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.389331] RSP: 002b:00007f426d8bf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.389920] RAX: ffffffffffffffda RBX: 00007f427045cf68 RCX: 00007f4270349b19 [ 129.390470] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f427045cf6c [ 129.391016] RBP: 00007f427045cf60 R08: 000000000000000e R09: 0000000000000000 [ 129.391574] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f427045cf6c [ 129.392121] R13: 00007fff78f2516f R14: 00007f426d8bf300 R15: 0000000000022000 [ 129.392675] [ 129.392859] Modules linked in: [ 129.393114] ---[ end trace 0000000000000000 ]--- [ 129.393116] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 129.393476] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 129.394341] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 129.394695] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 129.395365] CPU: 0 UID: 0 PID: 3973 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 129.396745] RSP: 0018:ffff88804840f780 EFLAGS: 00010012 [ 129.397645] Tainted: [D]=DIE, [W]=WARN [ 129.398046] RAX: 00200000000000b0 RBX: ffff888013f08641 RCX: ffffc9000765c000 [ 129.398338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.398888] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 129.399522] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.400064] RBP: ffff88804840f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b20 [ 129.400417] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.400957] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.402337] RSP: 0018:ffff88804719f780 EFLAGS: 00010012 [ 129.402875] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 129.403296] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 129.403837] FS: 00007f426d8bf700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 129.404383] RDX: ffff88804651b700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 129.404990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.405530] RBP: ffff88804719f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16b20 [ 129.405973] CR2: 00007f427045d018 CR3: 000000000bcf8000 CR4: 0000000000350ef0 [ 129.406516] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 129.407062] note: syz-executor.2[3983] exited with irqs disabled [ 129.407607] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 129.408610] FS: 00005555778e4400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 129.409228] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.409678] CR2: 00007fab52b2fad0 CR3: 000000000c2e1000 CR4: 0000000000350ef0 [ 129.410233] Call Trace: [ 129.410437] [ 129.410615] ? __ext4_journal_stop+0xe2/0x1f0 [ 129.410973] ? ext4_dirty_inode+0xf1/0x130 [ 129.411314] ? __mark_inode_dirty+0x1b7/0xd00 [ 129.411673] ? do_user_addr_fault+0x4fa/0xeb0 [ 129.412035] ? __pfx_perf_tp_event+0x10/0x10 [ 129.412386] ? jbd2_journal_dirty_metadata+0x1bf/0xdb0 [ 129.412801] ? find_held_lock+0x2b/0x80 [ 129.413122] ? __ext4_handle_dirty_metadata+0x263/0x8f0 [ 129.413539] ? css_rstat_updated+0x1b8/0x4d0 [ 129.413893] ? __pfx_css_rstat_updated+0x10/0x10 [ 129.414268] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.414662] ? do_raw_spin_lock+0x123/0x260 [ 129.415002] ? lock_release+0x1c7/0x290 [ 129.415324] perf_trace_run_bpf_submit+0xef/0x180 [ 129.415707] perf_trace_preemptirq_template+0x259/0x430 [ 129.416131] ? __pick_eevdf+0x326/0x570 [ 129.416449] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.416909] ? update_curr+0x39e/0x500 [ 129.417217] ? check_preempt_wakeup_fair+0x406/0x950 [ 129.417613] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 129.418016] trace_irq_enable.constprop.0+0xa6/0x100 [ 129.418413] trace_hardirqs_on+0x26/0x40 [ 129.418729] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 129.419122] try_to_wake_up+0x8ae/0x11d0 [ 129.419449] ? __pfx_try_to_wake_up+0x10/0x10 [ 129.419806] ? plist_del+0x122/0x270 [ 129.420106] ? __futex_unqueue+0xda/0x1c0 [ 129.420432] wake_up_q+0xa1/0x130 [ 129.420713] futex_wake+0x47e/0x540 [ 129.421005] ? __pfx_futex_wake+0x10/0x10 [ 129.421335] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 129.421695] ? lock_release+0x1c7/0x290 [ 129.422010] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.422475] do_futex+0x26d/0x370 [ 129.422755] ? __pfx_do_futex+0x10/0x10 [ 129.423070] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 129.423487] ? read_tsc+0x9/0x20 [ 129.423765] __x64_sys_futex+0x1c9/0x4d0 [ 129.424092] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.424553] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.424919] ? xfd_validate_state+0x55/0x180 [ 129.425277] do_syscall_64+0xbf/0x360 [ 129.425577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.425977] RIP: 0033:0x7fd7f903db19 [ 129.426269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.427675] RSP: 002b:00007ffca545feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.428267] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7f903db19 [ 129.428819] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd7f9150f68 [ 129.429369] RBP: 00007fd7f9150f60 R08: 00007fd7f914d0b0 R09: 0000000000000000 [ 129.429921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f9155220 [ 129.430477] R13: 00007ffca545ffc0 R14: 00007fd7f9150f60 R15: 000000000001f8ca [ 129.431027] [ 129.431223] Modules linked in: [ 129.431478] ---[ end trace 0000000000000000 ]--- [ 129.431479] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#3] SMP KASAN NOPTI [ 129.431840] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 129.432687] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 129.433038] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 129.433677] CPU: 1 UID: 0 PID: 3983 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 129.435065] RSP: 0018:ffff88804840f780 EFLAGS: 00010012 [ 129.435971] Tainted: [D]=DIE, [W]=WARN [ 129.436376] RAX: 00200000000000b0 RBX: ffff888013f08641 RCX: ffffc9000765c000 [ 129.436671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.437213] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 129.437837] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 129.438380] RBP: ffff88804840f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b20 [ 129.438736] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 129.439283] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.440667] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 129.441209] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 129.441617] RAX: 00200000000000b0 RBX: ffff888013f08641 RCX: ffffffff8189962c [ 129.442160] FS: 00005555778e4400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 129.442701] RDX: ffff88800f500000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 129.443321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.443859] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16b20 [ 129.444303] CR2: 00007fab52b2fad0 CR3: 000000000c2e1000 CR4: 0000000000350ef0 [ 129.444842] R10: 0000000000000000 R11: ffff88800a160098 R12: dffffc0000000000 [ 129.445386] note: syz-executor.4[3973] exited with irqs disabled [ 129.445923] R13: 0100000000000000 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 129.446924] FS: 00007f426d8bf700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 129.447556] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.448007] CR2: 00007f427045d018 CR3: 000000000bcf8000 CR4: 0000000000350ef0 [ 129.448554] Call Trace: [ 129.448756] [ 129.448936] ? __pfx_perf_tp_event+0x10/0x10 [ 129.449296] ? enqueue_task_fair+0x43a/0x1e00 [ 129.449659] ? do_raw_spin_lock+0x123/0x260 [ 129.450010] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.450387] ? lock_acquire+0x18c/0x2f0 [ 129.450711] ? lock_release+0x1c7/0x290 [ 129.451033] ? do_raw_spin_unlock+0x53/0x220 [ 129.451396] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 129.451805] ? try_to_wake_up+0x128/0x11d0 [ 129.452150] ? do_raw_spin_lock+0x123/0x260 [ 129.452500] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.452880] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.453282] perf_trace_run_bpf_submit+0xef/0x180 [ 129.453672] perf_trace_preemptirq_template+0x259/0x430 [ 129.454105] ? read_tsc+0x9/0x20 [ 129.454387] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.454861] ? clockevents_program_event+0x135/0x360 [ 129.455280] ? tick_program_event+0xac/0x140 [ 129.455637] ? handle_softirqs+0x16e/0x770 [ 129.455983] trace_irq_enable.constprop.0+0xa6/0x100 [ 129.456384] trace_hardirqs_on+0x26/0x40 [ 129.456708] handle_softirqs+0x16e/0x770 [ 129.457042] __irq_exit_rcu+0xc4/0x100 [ 129.457363] irq_exit_rcu+0x9/0x20 [ 129.457652] sysvec_apic_timer_interrupt+0x70/0x80 [ 129.458050] [ 129.458235] [ 129.458419] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 129.458840] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 129.459224] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 129.460652] RSP: 0018:ffff88804840ff28 EFLAGS: 00000246 [ 129.461073] RAX: 0000000000000001 RBX: ffff88800f500000 RCX: ffffffff817c2b86 [ 129.461633] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 129.462191] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 129.462753] R10: ffffffff8643ac57 R11: 7973203a65746f6e R12: ffff88800f500000 [ 129.463321] R13: 0000000000000000 R14: e01ffc00000000b0 R15: 0000000000000000 [ 129.463886] ? trace_irq_enable.constprop.0+0x26/0x100 [ 129.464301] ? make_task_dead+0x214/0x3b0 [ 129.464635] ? make_task_dead+0x214/0x3b0 [ 129.464967] ? do_syscall_64+0xbf/0x360 [ 129.465286] rewind_stack_and_make_dead+0x16/0x20 [ 129.465676] RIP: 0033:0x7f4270349b19 [ 129.465980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.467409] RSP: 002b:00007f426d8bf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.468004] RAX: ffffffffffffffda RBX: 00007f427045cf68 RCX: 00007f4270349b19 [ 129.468563] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f427045cf6c [ 129.469127] RBP: 00007f427045cf60 R08: 000000000000000e R09: 0000000000000000 [ 129.469687] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f427045cf6c [ 129.470251] R13: 00007fff78f2516f R14: 00007f426d8bf300 R15: 0000000000022000 [ 129.470820] [ 129.471008] Modules linked in: [ 129.471273] ---[ end trace 0000000000000000 ]--- [ 129.471275] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 129.471642] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 129.472505] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 129.472864] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 129.473539] CPU: 0 UID: 0 PID: 3973 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 129.474947] RSP: 0018:ffff88804840f780 EFLAGS: 00010012 [ 129.475878] Tainted: [D]=DIE, [W]=WARN [ 129.476288] RAX: 00200000000000b0 RBX: ffff888013f08641 RCX: ffffc9000765c000 [ 129.476595] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.477151] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 129.477792] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.478341] RBP: ffff88804840f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b20 [ 129.478704] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.479266] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.480697] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 129.481251] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 129.481670] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 129.482226] FS: 00007f426d8bf700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 129.482777] RDX: ffff88804651b700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 129.483401] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.483950] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16b20 [ 129.484403] CR2: 00007f427045d018 CR3: 000000000bcf8000 CR4: 0000000000350ef0 [ 129.484955] R10: 0000000000000000 R11: ffff88800ee0ac98 R12: dffffc0000000000 [ 129.485512] Kernel panic - not syncing: Fatal exception in interrupt [ 130.531789] Shutting down cpus with NMI [ 130.532820] Kernel Offset: disabled [ 130.533105] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 13:19:11 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff88804719f530 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11008e33ea7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff88804719f568 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555778e4400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fab52b2fad0 CR3=000000000c2e1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000ff000000000000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007fd7f91247c800007fd7f91247c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804840f0f0 R8 =0000000000000000 R9 =ffffed1001522046 R10=0000000000000038 R11=313030203a505352 R12=0000000000000038 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f426d8bf700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f427045d018 CR3=000000000bcf8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f42704307c000007f42704307c8 XMM02=00007f42704307e000007f42704307c0 XMM03=00007f42704307c800007f42704307c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000