Warning: Permanently added '[localhost]:60282' (ECDSA) to the list of known hosts.
2025/08/29 08:43:39 fuzzer started
2025/08/29 08:43:39 dialing manager at localhost:43077
syzkaller login: [ 50.447018] cgroup: Unknown subsys name 'net'
[ 50.532544] cgroup: Unknown subsys name 'cpuset'
[ 50.556024] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:43:50 syscalls: 2214
2025/08/29 08:43:50 code coverage: enabled
2025/08/29 08:43:50 comparison tracing: enabled
2025/08/29 08:43:50 extra coverage: enabled
2025/08/29 08:43:50 setuid sandbox: enabled
2025/08/29 08:43:50 namespace sandbox: enabled
2025/08/29 08:43:50 Android sandbox: enabled
2025/08/29 08:43:50 fault injection: enabled
2025/08/29 08:43:50 leak checking: enabled
2025/08/29 08:43:50 net packet injection: enabled
2025/08/29 08:43:50 net device setup: enabled
2025/08/29 08:43:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:43:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:43:50 USB emulation: enabled
2025/08/29 08:43:50 hci packet injection: enabled
2025/08/29 08:43:50 wifi device emulation: enabled
2025/08/29 08:43:50 802.15.4 emulation: enabled
2025/08/29 08:43:50 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:43:50 fetching corpus: 50, signal 24695/27866 (executing program)
2025/08/29 08:43:51 fetching corpus: 100, signal 38086/42141 (executing program)
2025/08/29 08:43:51 fetching corpus: 150, signal 46992/51721 (executing program)
2025/08/29 08:43:51 fetching corpus: 200, signal 51625/57099 (executing program)
2025/08/29 08:43:51 fetching corpus: 250, signal 58064/64038 (executing program)
2025/08/29 08:43:51 fetching corpus: 300, signal 63706/69996 (executing program)
2025/08/29 08:43:51 fetching corpus: 350, signal 65977/72846 (executing program)
2025/08/29 08:43:51 fetching corpus: 400, signal 70129/77291 (executing program)
2025/08/29 08:43:51 fetching corpus: 450, signal 73469/80885 (executing program)
2025/08/29 08:43:52 fetching corpus: 500, signal 77409/84833 (executing program)
2025/08/29 08:43:52 fetching corpus: 550, signal 80011/87627 (executing program)
2025/08/29 08:43:52 fetching corpus: 599, signal 83908/91278 (executing program)
2025/08/29 08:43:52 fetching corpus: 649, signal 87125/94392 (executing program)
2025/08/29 08:43:52 fetching corpus: 699, signal 89087/96365 (executing program)
2025/08/29 08:43:52 fetching corpus: 749, signal 90713/98096 (executing program)
2025/08/29 08:43:52 fetching corpus: 799, signal 92825/100062 (executing program)
2025/08/29 08:43:52 fetching corpus: 849, signal 94705/101811 (executing program)
2025/08/29 08:43:53 fetching corpus: 899, signal 96985/103847 (executing program)
2025/08/29 08:43:53 fetching corpus: 949, signal 98685/105363 (executing program)
2025/08/29 08:43:53 fetching corpus: 999, signal 100124/106635 (executing program)
2025/08/29 08:43:53 fetching corpus: 1049, signal 101881/108027 (executing program)
2025/08/29 08:43:53 fetching corpus: 1099, signal 103628/109381 (executing program)
2025/08/29 08:43:53 fetching corpus: 1149, signal 104674/110270 (executing program)
2025/08/29 08:43:53 fetching corpus: 1199, signal 106351/111713 (executing program)
2025/08/29 08:43:54 fetching corpus: 1249, signal 107445/112548 (executing program)
2025/08/29 08:43:54 fetching corpus: 1299, signal 108410/113232 (executing program)
2025/08/29 08:43:54 fetching corpus: 1349, signal 109316/113865 (executing program)
2025/08/29 08:43:54 fetching corpus: 1399, signal 110487/114681 (executing program)
2025/08/29 08:43:54 fetching corpus: 1449, signal 111607/115375 (executing program)
2025/08/29 08:43:54 fetching corpus: 1499, signal 112361/115868 (executing program)
2025/08/29 08:43:54 fetching corpus: 1549, signal 113634/116515 (executing program)
2025/08/29 08:43:54 fetching corpus: 1599, signal 114568/117034 (executing program)
2025/08/29 08:43:55 fetching corpus: 1649, signal 116541/117920 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/117986 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118024 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118073 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118114 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118152 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118192 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118231 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118264 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118313 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118343 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118372 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118409 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118448 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118483 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118511 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118558 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118599 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118633 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118669 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118705 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118748 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118786 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118826 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118849 (executing program)
2025/08/29 08:43:55 fetching corpus: 1655, signal 116612/118849 (executing program)
2025/08/29 08:43:57 starting 8 fuzzer processes
08:43:57 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000040)=""/56)
08:43:57 executing program 2:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:43:57 executing program 1:
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)=""/4096)
08:43:57 executing program 5:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
[ 68.270104] audit: type=1400 audit(1756457037.612:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:43:57 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000024c0)=0x5, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10)
08:43:57 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:43:57 executing program 4:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000000000})
unlink(&(0x7f00000000c0)='./file0\x00')
08:43:57 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
[ 69.372149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.377974] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.383226] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.390422] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.394727] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.503847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 69.506179] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 69.509343] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 69.520540] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 69.524410] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 69.527100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 69.532646] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 69.539358] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 69.565316] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 69.578638] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 69.587391] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 69.604116] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 69.607172] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 69.611467] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 69.616570] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 69.648210] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 69.655636] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 69.659821] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 69.664596] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 69.666411] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 69.669575] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 69.672994] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 69.674155] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 69.680563] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 69.686656] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 69.695952] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 69.697725] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 69.702529] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 69.704037] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 69.707687] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 69.713311] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 69.730787] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 69.732757] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 69.754070] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 69.757051] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 71.466945] Bluetooth: hci0: command tx timeout
[ 71.594499] Bluetooth: hci1: command tx timeout
[ 71.658396] Bluetooth: hci3: command tx timeout
[ 71.659019] Bluetooth: hci2: command tx timeout
[ 71.786625] Bluetooth: hci7: command tx timeout
[ 71.787965] Bluetooth: hci6: command tx timeout
[ 71.788517] Bluetooth: hci5: command tx timeout
[ 71.788995] Bluetooth: hci4: command tx timeout
[ 73.514330] Bluetooth: hci0: command tx timeout
[ 73.642367] Bluetooth: hci1: command tx timeout
[ 73.707447] Bluetooth: hci2: command tx timeout
[ 73.707851] Bluetooth: hci3: command tx timeout
[ 73.834390] Bluetooth: hci6: command tx timeout
[ 73.834804] Bluetooth: hci4: command tx timeout
[ 73.835184] Bluetooth: hci5: command tx timeout
[ 73.835598] Bluetooth: hci7: command tx timeout
[ 75.562321] Bluetooth: hci0: command tx timeout
[ 75.690349] Bluetooth: hci1: command tx timeout
[ 75.754446] Bluetooth: hci3: command tx timeout
[ 75.754860] Bluetooth: hci2: command tx timeout
[ 75.883144] Bluetooth: hci7: command tx timeout
[ 75.883853] Bluetooth: hci5: command tx timeout
[ 75.884249] Bluetooth: hci4: command tx timeout
[ 75.884670] Bluetooth: hci6: command tx timeout
[ 77.611054] Bluetooth: hci0: command tx timeout
[ 77.738442] Bluetooth: hci1: command tx timeout
[ 77.802332] Bluetooth: hci2: command tx timeout
[ 77.802741] Bluetooth: hci3: command tx timeout
[ 77.930420] Bluetooth: hci6: command tx timeout
[ 77.930851] Bluetooth: hci4: command tx timeout
[ 77.931235] Bluetooth: hci5: command tx timeout
[ 77.931731] Bluetooth: hci7: command tx timeout
[ 105.181715] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.182816] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.357799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.358467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.678370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.678964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.861416] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.862059] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.212377] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.213014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.345120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.345894] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.471917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.472598] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.557612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.558244] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.610797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.611854] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.764958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.765611] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.800833] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.801470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.817838] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.818440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.938449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.939048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.981736] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.983659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.037029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.038242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.098827] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.099558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.142636] audit: type=1400 audit(1756457076.484:8): avc: denied { open } for pid=3885 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.150525] audit: type=1400 audit(1756457076.485:9): avc: denied { kernel } for pid=3885 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.156793] loop6: detected capacity change from 0 to 240
08:44:36 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:44:36 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000040)=""/56)
08:44:36 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:44:36 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000024c0)=0x5, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10)
08:44:36 executing program 5:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
08:44:36 executing program 1:
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)=""/4096)
08:44:36 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:36 executing program 2:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:36 executing program 1:
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)=""/4096)
08:44:36 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000024c0)=0x5, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10)
08:44:36 executing program 5:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
08:44:36 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:44:36 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:44:36 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000040)=""/56)
08:44:36 executing program 2:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:36 executing program 5:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
08:44:36 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000024c0)=0x5, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10)
08:44:36 executing program 1:
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)=""/4096)
08:44:36 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:36 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:44:36 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b)
ioctl$TCSETS(r0, 0x5402, 0x0)
08:44:36 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000040)=""/56)
08:44:36 executing program 2:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:36 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:36 executing program 5:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:36 executing program 1:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:36 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
[ 107.643859] loop0: detected capacity change from 0 to 240
[ 107.669366] kmemleak: Found object by alias at 0x607f1a638b74
[ 107.669382] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.669400] Tainted: [W]=WARN
[ 107.669404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.669411] Call Trace:
[ 107.669415]
[ 107.669420] dump_stack_lvl+0xca/0x120
[ 107.669446] __lookup_object+0x94/0xb0
[ 107.669463] delete_object_full+0x27/0x70
[ 107.669478] free_percpu+0x30/0x1160
[ 107.669495] ? arch_uprobe_clear_state+0x16/0x140
[ 107.669515] futex_hash_free+0x38/0xc0
[ 107.669529] mmput+0x2d3/0x390
[ 107.669548] do_exit+0x79d/0x2970
[ 107.669565] ? __pfx_do_exit+0x10/0x10
[ 107.669579] ? find_held_lock+0x2b/0x80
[ 107.669597] ? get_signal+0x835/0x2340
[ 107.669617] do_group_exit+0xd3/0x2a0
[ 107.669631] get_signal+0x2315/0x2340
[ 107.669648] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.669665] ? __pfx_get_signal+0x10/0x10
[ 107.669680] ? __schedule+0xe91/0x3590
[ 107.669701] arch_do_signal_or_restart+0x80/0x790
[ 107.669718] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.669735] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 107.669754] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 107.669773] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.669786] ? xfd_validate_state+0x55/0x180
[ 107.669807] exit_to_user_mode_loop+0x8b/0x110
[ 107.669820] do_syscall_64+0x2f7/0x360
[ 107.669832] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.669844] RIP: 0033:0x7fef88ae9b19
[ 107.669852] Code: Unable to access opcode bytes at 0x7fef88ae9aef.
[ 107.669858] RSP: 002b:00007fef8605f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.669869] RAX: 0000000000000001 RBX: 00007fef88bfcf68 RCX: 00007fef88ae9b19
[ 107.669876] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef88bfcf6c
[ 107.669883] RBP: 00007fef88bfcf60 R08: 000000000000000e R09: 0000000000000000
[ 107.669890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef88bfcf6c
[ 107.669897] R13: 00007ffdc2945fdf R14: 00007fef8605f300 R15: 0000000000022000
[ 107.669912]
[ 107.669917] kmemleak: Object (percpu) 0x607f1a638b70 (size 8):
[ 107.669923] kmemleak: comm "syz-executor.0", pid 3951, jiffies 4294774479
[ 107.669930] kmemleak: min_count = 1
[ 107.669934] kmemleak: count = 0
[ 107.669937] kmemleak: flags = 0x21
[ 107.669941] kmemleak: checksum = 0
[ 107.669945] kmemleak: backtrace:
[ 107.669949] pcpu_alloc_noprof+0x87a/0x1170
[ 107.669963] __alloc_workqueue+0x74b/0x1820
[ 107.669980] alloc_workqueue_noprof+0xc7/0x200
[ 107.669989] loop_configure+0xf73/0x1590
[ 107.670003] lo_ioctl+0x66d/0x1c70
[ 107.670015] blkdev_ioctl+0x27c/0x6c0
[ 107.670033] __x64_sys_ioctl+0x18f/0x210
[ 107.670048] do_syscall_64+0xbf/0x360
[ 107.670056] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:44:37 executing program 5:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:37 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:37 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:37 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:37 executing program 4:
get_thread_area(0x0)
08:44:37 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
08:44:37 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:37 executing program 1:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
[ 107.798298] loop2: detected capacity change from 0 to 240
[ 107.806967] kmemleak: Found object by alias at 0x607f1a638b74
[ 107.806986] CPU: 1 UID: 0 PID: 3954 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.807004] Tainted: [W]=WARN
[ 107.807008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.807015] Call Trace:
[ 107.807019]
[ 107.807024] dump_stack_lvl+0xca/0x120
[ 107.807051] __lookup_object+0x94/0xb0
[ 107.807067] delete_object_full+0x27/0x70
[ 107.807083] free_percpu+0x30/0x1160
[ 107.807099] ? arch_uprobe_clear_state+0x16/0x140
[ 107.807119] futex_hash_free+0x38/0xc0
[ 107.807133] mmput+0x2d3/0x390
[ 107.807152] do_exit+0x79d/0x2970
[ 107.807165] ? signal_wake_up_state+0x85/0x120
[ 107.807181] ? zap_other_threads+0x2b9/0x3a0
[ 107.807197] ? __pfx_do_exit+0x10/0x10
[ 107.807209] ? do_group_exit+0x1c3/0x2a0
[ 107.807222] ? lock_release+0xc8/0x290
[ 107.807239] do_group_exit+0xd3/0x2a0
[ 107.807253] __x64_sys_exit_group+0x3e/0x50
[ 107.807272] x64_sys_call+0x18c5/0x18d0
[ 107.807287] do_syscall_64+0xbf/0x360
[ 107.807298] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.807310] RIP: 0033:0x7fef88ae9b19
[ 107.807319] Code: Unable to access opcode bytes at 0x7fef88ae9aef.
[ 107.807324] RSP: 002b:00007ffdc2946208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 107.807335] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fef88ae9b19
[ 107.807343] RDX: 00007fef88a9c72b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 107.807350] RBP: 0000000000000000 R08: 0000001b2ce26880 R09: 0000000000000000
[ 107.807357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 107.807364] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffdc29462f0
[ 107.807379]
[ 107.807383] kmemleak: Object (percpu) 0x607f1a638b70 (size 8):
[ 107.807390] kmemleak: comm "syz-executor.0", pid 3951, jiffies 4294774479
[ 107.807397] kmemleak: min_count = 1
[ 107.807401] kmemleak: count = 0
[ 107.807405] kmemleak: flags = 0x21
[ 107.807408] kmemleak: checksum = 0
[ 107.807412] kmemleak: backtrace:
[ 107.807416] pcpu_alloc_noprof+0x87a/0x1170
[ 107.807430] __alloc_workqueue+0x74b/0x1820
[ 107.807447] alloc_workqueue_noprof+0xc7/0x200
[ 107.807456] loop_configure+0xf73/0x1590
[ 107.807471] lo_ioctl+0x66d/0x1c70
[ 107.807483] blkdev_ioctl+0x27c/0x6c0
[ 107.807500] __x64_sys_ioctl+0x18f/0x210
[ 107.807514] do_syscall_64+0xbf/0x360
[ 107.807523] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.808638] kmemleak: Cannot insert 0x607f1a638b74 into the object search tree (overlaps existing)
[ 107.808655] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.808674] Tainted: [W]=WARN
[ 107.808678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.808686] Call Trace:
[ 107.808690]
[ 107.808694] dump_stack_lvl+0xca/0x120
[ 107.808723] __link_object+0x190/0x210
[ 107.808742] __create_object+0x48/0x80
[ 107.808760] pcpu_alloc_noprof+0x87a/0x1170
[ 107.808791] __percpu_init_rwsem+0x2d/0x160
[ 107.808809] ? security_sb_alloc+0x75/0x140
[ 107.808826] alloc_super+0x29e/0xb80
[ 107.808841] ? __pfx_super_s_dev_test+0x10/0x10
[ 107.808859] sget_fc+0xfe/0xb80
[ 107.808870] ? __pfx_super_s_dev_set+0x10/0x10
[ 107.808888] get_tree_bdev_flags+0x1b8/0x620
[ 107.808900] ? __pfx_isofs_fill_super+0x10/0x10
[ 107.808917] ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 107.808929] ? cap_capable+0xdb/0x3b0
[ 107.808946] ? security_capable+0x2f/0x90
[ 107.808962] vfs_get_tree+0x93/0x340
[ 107.808988] path_mount+0x132d/0x1dd0
[ 107.809004] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.809019] ? __pfx_path_mount+0x10/0x10
[ 107.809031] ? kmem_cache_free+0x2a1/0x540
[ 107.809043] ? putname.part.0+0x11b/0x160
[ 107.809060] ? getname_flags.part.0+0x1c6/0x540
[ 107.809078] ? putname.part.0+0x11b/0x160
[ 107.809096] __x64_sys_mount+0x27b/0x300
[ 107.809109] ? __pfx___x64_sys_mount+0x10/0x10
[ 107.809128] do_syscall_64+0xbf/0x360
[ 107.809141] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.809154] RIP: 0033:0x7fbafae2904a
[ 107.809163] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 107.809175] RSP: 002b:00007fbaf839cfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 107.809186] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fbafae2904a
[ 107.809194] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fbaf839d000
[ 107.809202] RBP: 00007fbaf839d040 R08: 00007fbaf839d040 R09: 0000000020000000
[ 107.809210] R10: 0000000000000001 R11: 0000000000000206 R12: 0000000020000000
[ 107.809217] R13: 0000000020000100 R14: 00007fbaf839d000 R15: 0000000020013500
[ 107.809233]
[ 107.809818] kmemleak: Kernel memory leak detector disabled
[ 107.809822] kmemleak: Object (percpu) 0x607f1a638b70 (size 8):
[ 107.809830] kmemleak: comm "syz-executor.0", pid 3951, jiffies 4294774479
[ 107.809837] kmemleak: min_count = 1
[ 107.809841] kmemleak: count = 0
[ 107.809845] kmemleak: flags = 0x21
[ 107.809849] kmemleak: checksum = 0
[ 107.809853] kmemleak: backtrace:
[ 107.809856] pcpu_alloc_noprof+0x87a/0x1170
[ 107.809872] __alloc_workqueue+0x74b/0x1820
[ 107.809891] alloc_workqueue_noprof+0xc7/0x200
[ 107.809900] loop_configure+0xf73/0x1590
[ 107.809918] lo_ioctl+0x66d/0x1c70
[ 107.809931] blkdev_ioctl+0x27c/0x6c0
[ 107.809949] __x64_sys_ioctl+0x18f/0x210
[ 107.809964] do_syscall_64+0xbf/0x360
[ 107.809973] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:44:37 executing program 1:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:37 executing program 5:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:37 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
08:44:37 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
write(r0, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}, 0x0)
08:44:37 executing program 4:
get_thread_area(0x0)
08:44:37 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000001080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000), 0x2)
08:44:37 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000001300)=')', 0x1}], 0x1}}], 0x1, 0x4f79)
08:44:37 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4)
08:44:37 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
[ 107.946978] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
08:44:37 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:37 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4)
08:44:37 executing program 4:
get_thread_area(0x0)
08:44:37 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x15, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @local}}}, 0x88)
08:44:37 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000001300)=')', 0x1}], 0x1}}], 0x1, 0x4f79)
08:44:37 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsync(0xffffffffffffffff)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
08:44:37 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
08:44:37 executing program 3:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x0, 0xfffffffc})
08:44:37 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000001300)=')', 0x1}], 0x1}}], 0x1, 0x4f79)
[ 108.072563] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 108.073522] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 108.074134] CPU: 1 UID: 0 PID: 4006 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.075610] Tainted: [W]=WARN
[ 108.076428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.078041] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.078991] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.083184] RSP: 0018:ffff8880455f7780 EFLAGS: 00010012
[ 108.083612] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004001000
[ 108.084180] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 108.084734] RBP: ffff8880455f79f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b70
[ 108.085293] R10: 0000000000000000 R11: ffff88801780cc98 R12: dffffc0000000000
[ 108.085843] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.086398] FS: 00007f5d6fc5f700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.087019] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.087469] CR2: 00007f5d727fd018 CR3: 000000004160c000 CR4: 0000000000350ef0
[ 108.088020] Call Trace:
[ 108.088224]
[ 108.088406] ? __pfx_perf_tp_event+0x10/0x10
[ 108.088764] ? lock_acquire+0x15e/0x2f0
[ 108.089090] ? __is_insn_slot_addr+0x2e/0x290
[ 108.089456] ? find_held_lock+0x2b/0x80
[ 108.089779] ? __is_insn_slot_addr+0x136/0x290
[ 108.090147] ? lock_release+0xc8/0x290
[ 108.090456] ? __is_insn_slot_addr+0x140/0x290
[ 108.090823] ? kernel_text_address+0x5b/0xc0
[ 108.091175] ? __kernel_text_address+0xd/0x40
[ 108.091529] ? unwind_get_return_address+0x59/0xa0
[ 108.091921] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 108.092347] ? arch_stack_walk+0x9c/0xf0
[ 108.092680] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.093104] perf_trace_run_bpf_submit+0xef/0x180
[ 108.093502] perf_trace_preemptirq_template+0x259/0x430
[ 108.093942] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 108.094393] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.094870] ? __pfx___resched_curr+0x10/0x10
[ 108.095235] ? find_held_lock+0x2b/0x80
[ 108.095558] ? try_to_wake_up+0x8ae/0x11d0
[ 108.095902] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 108.096310] trace_irq_enable.constprop.0+0xa6/0x100
[ 108.096716] trace_hardirqs_on+0x26/0x40
[ 108.097046] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 108.097441] try_to_wake_up+0x8ae/0x11d0
[ 108.097771] ? __pfx_try_to_wake_up+0x10/0x10
[ 108.098146] ? plist_del+0x122/0x270
[ 108.098452] ? find_held_lock+0x2b/0x80
[ 108.098775] ? futex_wake+0x474/0x540
[ 108.099089] wake_up_q+0xa1/0x130
[ 108.099374] futex_wake+0x47e/0x540
[ 108.099675] ? __pfx_futex_wake+0x10/0x10
[ 108.100011] ? kmem_cache_free+0x2a1/0x540
[ 108.100347] ? fd_install+0x1d8/0x660
[ 108.100652] ? putname.part.0+0x11b/0x160
[ 108.101000] do_futex+0x26d/0x370
[ 108.101286] ? __pfx_do_futex+0x10/0x10
[ 108.101610] __x64_sys_futex+0x1c9/0x4d0
[ 108.101942] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.102417] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.102894] ? __pfx___x64_sys_futex+0x10/0x10
[ 108.103271] do_syscall_64+0xbf/0x360
[ 108.103580] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.103993] RIP: 0033:0x7f5d726e9b19
[ 108.104291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 108.105734] RSP: 002b:00007f5d6fc5f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 108.106329] RAX: ffffffffffffffda RBX: 00007f5d727fcf68 RCX: 00007f5d726e9b19
[ 108.106890] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5d727fcf6c
[ 108.107453] RBP: 00007f5d727fcf60 R08: 000000000000000e R09: 0000000000000000
[ 108.108012] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f5d727fcf6c
[ 108.108573] R13: 00007ffc14b3c10f R14: 00007f5d6fc5f300 R15: 0000000000022000
[ 108.109153]
[ 108.109342] Modules linked in:
[ 108.109603] ---[ end trace 0000000000000000 ]---
[ 108.109977] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.110357] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.111794] RSP: 0018:ffff8880455f7780 EFLAGS: 00010012
[ 108.112217] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004001000
[ 108.112790] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 108.113361] RBP: ffff8880455f79f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b70
[ 108.113929] R10: 0000000000000000 R11: ffff88801780cc98 R12: dffffc0000000000
[ 108.114497] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.115061] FS: 00007f5d6fc5f700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.115704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.116173] CR2: 00007f5d727fd018 CR3: 000000004160c000 CR4: 0000000000350ef0
[ 108.116744] note: syz-executor.3[4006] exited with irqs disabled
[ 108.117705] note: syz-executor.3[4006] exited with preempt_count 3
08:44:37 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4)
08:44:37 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsync(0xffffffffffffffff)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
08:44:37 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000001300)=')', 0x1}], 0x1}}], 0x1, 0x4f79)
08:44:37 executing program 4:
get_thread_area(0x0)
08:44:37 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x15, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @local}}}, 0x88)
08:44:37 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsync(0xffffffffffffffff)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
08:44:37 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4)
[ 108.391285] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] SMP KASAN NOPTI
[ 108.392169] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 108.392744] CPU: 1 UID: 0 PID: 3883 Comm: systemd-udevd Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.393644] Tainted: [D]=DIE, [W]=WARN
[ 108.393938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.394565] RIP: 0010:__queue_work+0x202/0x1240
[ 108.394933] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[ 108.396303] RSP: 0018:ffff888016047290 EFLAGS: 00010056
[ 108.396708] RAX: 0000000000000000 RBX: ffff8880447f0718 RCX: ffffffff8141ef1d
[ 108.397255] RDX: ffff888016121b80 RSI: ffffffff8141ef2b RDI: 0000000000000005
[ 108.397794] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff0f11ef4
[ 108.398332] R10: 0000000000000000 R11: ffff888017b15800 R12: dffffc0000000000
[ 108.398870] R13: 0000000000000000 R14: 0000000000000001 R15: ffff888044fd1000
[ 108.399410] FS: 00007fe22a9db8c0(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.400023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.400465] CR2: 00007fff70075e98 CR3: 000000000a1de000 CR4: 0000000000350ef0
[ 108.401015] Call Trace:
[ 108.401215]
[ 108.401394] ? lock_acquire+0x18c/0x2f0
[ 108.401708] queue_work_on+0xd0/0xe0
[ 108.402001] loop_queue_rq+0x5c8/0x1180
[ 108.402313] __blk_mq_issue_directly+0xd5/0x260
[ 108.402677] ? __pfx___blk_mq_issue_directly+0x10/0x10
[ 108.403085] ? submit_bio_noacct_nocheck+0x301/0xcb0
[ 108.403368] kmemleak: Automatic memory scanning thread ended
[ 108.403473] blk_mq_request_issue_directly+0x11c/0x1e0
[ 108.404333] blk_mq_issue_direct+0x192/0x640
[ 108.404673] blk_mq_dispatch_queue_requests+0x4b0/0x7c0
[ 108.405086] blk_mq_flush_plug_list+0x1ec/0x5b0
[ 108.405443] ? mpage_readahead+0x3fe/0x550
[ 108.405771] ? __pfx_mpage_readahead+0x10/0x10
[ 108.406126] ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[ 108.406528] __blk_flush_plug+0x25c/0x460
[ 108.406848] ? __pfx___blk_flush_plug+0x10/0x10
[ 108.407210] blk_finish_plug+0x53/0xa0
[ 108.407510] read_pages+0x51b/0xb10
[ 108.407798] ? __pfx_lru_add+0x10/0x10
[ 108.408105] ? __pfx_read_pages+0x10/0x10
[ 108.408428] ? kasan_save_track+0x14/0x30
[ 108.408749] ? xas_start+0x14e/0x710
[ 108.409043] page_cache_ra_unbounded+0x391/0x6a0
[ 108.409413] force_page_cache_ra+0x253/0x370
[ 108.409757] page_cache_sync_ra+0x104/0xaa0
[ 108.410092] filemap_get_pages+0x354/0x18e0
[ 108.410423] ? kernel_text_address+0x5b/0xc0
[ 108.410769] ? __kernel_text_address+0xd/0x40
[ 108.411117] ? __pfx_filemap_get_pages+0x10/0x10
[ 108.411485] filemap_read+0x388/0xcf0
[ 108.411783] ? __pfx_filemap_read+0x10/0x10
[ 108.412112] ? fput_close_sync+0x10f/0x240
[ 108.412441] ? 0xffffffff81000000
[ 108.412709] ? do_syscall_64+0xbf/0x360
[ 108.413025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.413432] ? kasan_save_stack+0x24/0x50
[ 108.413753] ? kasan_record_aux_stack+0x89/0xa0
[ 108.414111] ? kmem_cache_free+0x148/0x540
[ 108.414433] ? __fput+0x67b/0xb50
[ 108.414708] ? fput_close_sync+0x10f/0x240
[ 108.415037] ? __x64_sys_close+0x8f/0x120
[ 108.415360] ? do_syscall_64+0xbf/0x360
[ 108.415666] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.416072] ? terminate_walk+0x31c/0x680
[ 108.416396] ? lock_acquire+0x18c/0x2f0
[ 108.416712] ? do_filp_open+0x333/0x450
[ 108.417026] ? down_read+0x1b1/0x470
[ 108.417316] ? __pfx_down_read+0x10/0x10
[ 108.417628] ? lock_release+0x1c7/0x290
[ 108.417938] ? avc_policy_seqno+0x9/0x20
[ 108.418257] ? selinux_file_permission+0x99/0x600
[ 108.418630] blkdev_read_iter+0x1a3/0x510
[ 108.418953] vfs_read+0x868/0xc70
[ 108.419225] ? __pfx_vfs_read+0x10/0x10
[ 108.419534] ? __seccomp_filter+0x535/0xfa0
[ 108.419873] ksys_read+0x121/0x240
[ 108.420151] ? __pfx_ksys_read+0x10/0x10
[ 108.420463] ? __secure_computing+0x18d/0x290
[ 108.420814] do_syscall_64+0xbf/0x360
[ 108.421116] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.421511] RIP: 0033:0x7fe22af7404e
[ 108.421799] Code: 0f 1f 40 00 48 8b 15 79 9f 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28
[ 108.423167] RSP: 002b:00007ffc85e34048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 108.423740] RAX: ffffffffffffffda RBX: 000055aa6c471f28 RCX: 00007fe22af7404e
[ 108.424285] RDX: 0000000000000400 RSI: 000055aa6c471f38 RDI: 0000000000000010
[ 108.424824] RBP: 000055aa6c448290 R08: 000055aa6c471f10 R09: 00007fe22af5abe0
[ 108.425369] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000000
[ 108.425908] R13: 0000000000000400 R14: 000055aa6c471f10 R15: 000055aa6c4482e0
[ 108.426452]
[ 108.426635] Modules linked in:
[ 108.426887] ---[ end trace 0000000000000000 ]---
[ 108.427244] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.427608] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.428980] RSP: 0018:ffff8880455f7780 EFLAGS: 00010012
[ 108.429387] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004001000
[ 108.429928] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 108.430468] RBP: ffff8880455f79f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b70
[ 108.431007] R10: 0000000000000000 R11: ffff88801780cc98 R12: dffffc0000000000
[ 108.431546] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.432087] FS: 00007fe22a9db8c0(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.432697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.433145] CR2: 00007fff70075e98 CR3: 000000000a1de000 CR4: 0000000000350ef0
[ 108.433688] note: systemd-udevd[3883] exited with irqs disabled
[ 108.434480] note: systemd-udevd[3883] exited with preempt_count 1
[ 108.434970] ------------[ cut here ]------------
[ 108.435654] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: systemd-udevd/3883
[ 108.436316] Modules linked in:
[ 108.436573] CPU: 1 UID: 0 PID: 3883 Comm: systemd-udevd Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.437493] Tainted: [D]=DIE, [W]=WARN
[ 108.437789] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.438433] RIP: 0010:do_exit+0x1c36/0x2970
[ 108.438770] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 bf a4 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 ab a4 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 9d a4 38 00 4c 89 e6 bf 05 06 00 00 e8
[ 108.440161] RSP: 0018:ffff888016047e40 EFLAGS: 00010293
[ 108.440586] RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff813b2727
[ 108.441141] RDX: ffff888016121b80 RSI: ffffffff813b42d5 RDI: ffff888016122d68
[ 108.441697] RBP: ffff888016121b80 R08: 0000000000000001 R09: fffffbfff0f11cd8
[ 108.442239] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b
[ 108.442799] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000
[ 108.443359] FS: 00007fe22a9db8c0(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.443971] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.444434] CR2: 00007fff70075e98 CR3: 000000000a1de000 CR4: 0000000000350ef0
[ 108.444983] Call Trace:
[ 108.445184]
[ 108.445381] ? _printk+0xbe/0xf0
[ 108.445652] ? __pfx__printk+0x10/0x10
[ 108.445957] ? __pfx_do_exit+0x10/0x10
[ 108.446285] make_task_dead+0x174/0x3b0
[ 108.446609] ? do_syscall_64+0xbf/0x360
[ 108.446925] rewind_stack_and_make_dead+0x16/0x20
[ 108.447315] RIP: 0033:0x7fe22af7404e
[ 108.447604] Code: 0f 1f 40 00 48 8b 15 79 9f 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28
[ 108.449085] RSP: 002b:00007ffc85e34048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 108.449766] RAX: ffffffffffffffda RBX: 000055aa6c471f28 RCX: 00007fe22af7404e
[ 108.450407] RDX: 0000000000000400 RSI: 000055aa6c471f38 RDI: 0000000000000010
[ 108.450951] RBP: 000055aa6c448290 R08: 000055aa6c471f10 R09: 00007fe22af5abe0
[ 108.451583] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000000
[ 108.452135] R13: 0000000000000400 R14: 000055aa6c471f10 R15: 000055aa6c4482e0
[ 108.452867]
[ 108.453074] irq event stamp: 15502
[ 108.453372] hardirqs last enabled at (15501): [] _raw_write_unlock_irq+0x23/0x40
[ 108.454091] hardirqs last disabled at (15502): [] __schedule+0x16dd/0x3590
[ 108.454786] softirqs last enabled at (14726): [] handle_softirqs+0x50c/0x770
[ 108.455508] softirqs last disabled at (14691): [] __irq_exit_rcu+0xc4/0x100
[ 108.456190] ---[ end trace 0000000000000000 ]---
[ 108.456584] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[ 108.457315] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3883, name: systemd-udevd
[ 108.457979] preempt_count: 0, expected: 0
[ 108.458339] RCU nest depth: 2, expected: 0
[ 108.458674] INFO: lockdep is turned off.
[ 108.458993] CPU: 1 UID: 0 PID: 3883 Comm: systemd-udevd Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.459011] Tainted: [D]=DIE, [W]=WARN
[ 108.459015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.459021] Call Trace:
[ 108.459024]
[ 108.459028] dump_stack_lvl+0xfa/0x120
[ 108.459049] __might_resched+0x2f3/0x510
[ 108.459062] exit_signals+0x25/0x940
[ 108.459079] do_exit+0x2db/0x2970
[ 108.459091] ? _printk+0xbe/0xf0
[ 108.459103] ? __pfx__printk+0x10/0x10
[ 108.459116] ? __pfx_do_exit+0x10/0x10
[ 108.459130] make_task_dead+0x174/0x3b0
[ 108.459142] ? do_syscall_64+0xbf/0x360
[ 108.459152] rewind_stack_and_make_dead+0x16/0x20
[ 108.459167] RIP: 0033:0x7fe22af7404e
[ 108.459175] Code: 0f 1f 40 00 48 8b 15 79 9f 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28
[ 108.459185] RSP: 002b:00007ffc85e34048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 108.459195] RAX: ffffffffffffffda RBX: 000055aa6c471f28 RCX: 00007fe22af7404e
[ 108.459203] RDX: 0000000000000400 RSI: 000055aa6c471f38 RDI: 0000000000000010
[ 108.459210] RBP: 000055aa6c448290 R08: 000055aa6c471f10 R09: 00007fe22af5abe0
[ 108.459217] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000000
[ 108.459223] R13: 0000000000000400 R14: 000055aa6c471f10 R15: 000055aa6c4482e0
[ 108.459234]
08:44:38 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
08:44:38 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
08:44:38 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsync(0xffffffffffffffff)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
08:44:38 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
fsync(0xffffffffffffffff)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0xf000)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
08:44:38 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x15, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @local}}}, 0x88)
08:44:38 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00'])
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1)
r2 = fork()
r3 = dup2(r1, r0)
ptrace$peeksig(0x4209, r2, &(0x7f0000000240)={0x0, 0x0, 0x6}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}])
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x3, 0xf9, 0x1f, 0x6e, 0x0, 0x890, 0x80000, 0x9, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={&(0x7f0000000140)}, 0x100, 0x5a, 0x8, 0x6, 0x81, 0x3ffc0000, 0x2bf, 0x0, 0xa79d, 0x0, 0x463}, r2, 0x9, r3, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc})
08:44:38 executing program 3:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x0, 0xfffffffc})
08:44:38 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
[ 109.001133] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 109.002000] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 109.002682] CPU: 0 UID: 0 PID: 4041 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 109.003619] Tainted: [D]=DIE, [W]=WARN
[ 109.003922] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 109.004564] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.004943] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.006373] RSP: 0018:ffff888043dc7780 EFLAGS: 00010012
[ 109.006788] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 109.007317] RDX: ffff8880193c8000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 109.007839] RBP: ffff888043dc79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15b70
[ 109.008360] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 109.008880] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 109.009409] FS: 0000555584545400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.010037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.010492] CR2: 0000555584546c18 CR3: 0000000044e94000 CR4: 0000000000350ef0
[ 109.011048] Call Trace:
[ 109.011255]
[ 109.011438] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.011865] ? __pfx_perf_tp_event+0x10/0x10
[ 109.012218] ? __mutex_trylock_common+0xf9/0x260
[ 109.012599] ? arch_scale_cpu_capacity+0x17/0xa0
[ 109.012990] ? cpu_util.constprop.0+0x17d/0x340
[ 109.013367] ? __asan_memset+0x24/0x50
[ 109.013679] ? sched_balance_find_dst_group+0xa9a/0x1c00
[ 109.014106] ? lock_release+0x1c7/0x290
[ 109.014428] ? __pfx___mutex_lock+0x10/0x10
[ 109.014777] ? __pfx_sched_balance_find_dst_group+0x10/0x10
[ 109.015222] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 109.015641] ? perf_trace_run_bpf_submit+0xef/0x180
[ 109.016043] ? sched_clock+0x37/0x60
[ 109.016354] ? sched_clock_cpu+0x6c/0x4e0
[ 109.016684] perf_trace_run_bpf_submit+0xef/0x180
[ 109.017079] perf_trace_preemptirq_template+0x259/0x430
[ 109.017506] ? __pick_eevdf+0x326/0x570
[ 109.017820] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.018288] ? update_curr+0x39e/0x500
[ 109.018600] ? check_preempt_wakeup_fair+0x406/0x950
[ 109.019000] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 109.019402] trace_irq_enable.constprop.0+0xa6/0x100
[ 109.019805] trace_hardirqs_on+0x26/0x40
[ 109.020127] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 109.020519] try_to_wake_up+0x8ae/0x11d0
[ 109.020849] ? __pfx_try_to_wake_up+0x10/0x10
[ 109.021217] ? plist_del+0x122/0x270
[ 109.021523] ? __futex_unqueue+0xda/0x1c0
[ 109.021859] wake_up_q+0xa1/0x130
[ 109.022144] futex_wake+0x47e/0x540
[ 109.022438] ? __pfx_futex_wake+0x10/0x10
[ 109.022768] ? xfd_validate_state+0x55/0x180
[ 109.023127] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 109.023539] ? finish_task_switch.isra.0+0x206/0x840
[ 109.023947] do_futex+0x26d/0x370
[ 109.024231] ? __pfx_do_futex+0x10/0x10
[ 109.024567] ? __pfx___schedule+0x10/0x10
[ 109.024911] __x64_sys_futex+0x1c9/0x4d0
[ 109.025255] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.025728] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.026189] ? __pfx___x64_sys_futex+0x10/0x10
[ 109.026550] ? xfd_validate_state+0x55/0x180
[ 109.026901] do_syscall_64+0xbf/0x360
[ 109.027205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.027608] RIP: 0033:0x7fef88ae9b19
[ 109.027902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 109.029314] RSP: 002b:00007ffdc2946058 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 109.029900] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fef88ae9b19
[ 109.030450] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef88bfcf68
[ 109.031003] RBP: 00007fef88bfcf60 R08: 00007fef8605f700 R09: 0000000000000000
[ 109.031532] R10: 00007fef8605f700 R11: 0000000000000246 R12: 00007fef88c01060
[ 109.032051] R13: 00007ffdc2946160 R14: 00007fef88bfcf60 R15: 000000000001a958
[ 109.032574]
[ 109.032750] Modules linked in:
[ 109.032999] ---[ end trace 0000000000000000 ]---
[ 109.033345] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.033694] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.035011] RSP: 0018:ffff8880455f7780 EFLAGS: 00010012
[ 109.035402] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004001000
[ 109.035921] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 109.036440] RBP: ffff8880455f79f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b70
[ 109.036958] R10: 0000000000000000 R11: ffff88801780cc98 R12: dffffc0000000000
[ 109.037484] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 109.038005] FS: 0000555584545400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.038590] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.039015] CR2: 0000555584546c18 CR3: 0000000044e94000 CR4: 0000000000350ef0
[ 109.039537] note: syz-executor.1[4041] exited with irqs disabled
[ 109.040039] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[ 109.040856] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 109.041499] CPU: 0 UID: 0 PID: 4041 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 109.042370] Tainted: [D]=DIE, [W]=WARN
[ 109.042654] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 109.043253] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.043606] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.044931] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[ 109.045330] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 109.045851] RDX: ffff8880193c8000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 109.046372] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15b70
[ 109.046894] R10: 0000000000000000 R11: ffff88801978b098 R12: dffffc0000000000
[ 109.047415] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 109.047936] FS: 0000555584545400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.048529] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.048956] CR2: 0000555584546c18 CR3: 0000000044e94000 CR4: 0000000000350ef0
[ 109.049486] Call Trace:
[ 109.049679]
[ 109.049847] ? __pfx_perf_tp_event+0x10/0x10
[ 109.050184] ? trace_pelt_se_tp+0xdf/0x130
[ 109.050501] ? place_entity+0x300/0x410
[ 109.050799] ? lock_acquire+0x18c/0x2f0
[ 109.051097] ? update_cfs_group+0x11d/0x260
[ 109.051420] ? lock_release+0x1c7/0x290
[ 109.051719] ? run_posix_cpu_timers+0x160/0x7d0
[ 109.052068] ? __pfx_run_posix_cpu_timers+0x10/0x10
[ 109.052437] ? sched_balance_trigger+0x1ac/0xcb0
[ 109.052797] ? sched_tick+0x27c/0x6c0
[ 109.053095] ? do_raw_spin_lock+0x123/0x260
[ 109.053420] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 109.053771] ? perf_trace_run_bpf_submit+0xef/0x180
[ 109.054147] perf_trace_run_bpf_submit+0xef/0x180
[ 109.054511] perf_trace_preemptirq_template+0x259/0x430
[ 109.054911] ? read_tsc+0x9/0x20
[ 109.055174] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.055616] ? clockevents_program_event+0x135/0x360
[ 109.055996] ? tick_program_event+0xac/0x140
[ 109.056325] ? handle_softirqs+0x16e/0x770
[ 109.056648] trace_irq_enable.constprop.0+0xa6/0x100
[ 109.057034] trace_hardirqs_on+0x26/0x40
[ 109.057338] handle_softirqs+0x16e/0x770
[ 109.057649] __irq_exit_rcu+0xc4/0x100
[ 109.057947] irq_exit_rcu+0x9/0x20
[ 109.058215] sysvec_apic_timer_interrupt+0x70/0x80
[ 109.058588]
[ 109.058759]
[ 109.058930] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 109.059318] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 109.059672] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 109.061000] RSP: 0018:ffff888043dc7f28 EFLAGS: 00000246
[ 109.061392] RAX: 0000000000000001 RBX: ffff8880193c8000 RCX: ffffffff817c2b86
[ 109.061910] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 109.062430] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 109.062948] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880193c8000
[ 109.063473] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 109.063993] ? trace_irq_enable.constprop.0+0x26/0x100
[ 109.064382] ? make_task_dead+0x214/0x3b0
[ 109.064693] ? make_task_dead+0x214/0x3b0
[ 109.065010] ? do_syscall_64+0xbf/0x360
[ 109.065307] rewind_stack_and_make_dead+0x16/0x20
[ 109.065669] RIP: 0033:0x7fef88ae9b19
[ 109.065945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 109.067262] RSP: 002b:00007ffdc2946058 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 109.067815] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fef88ae9b19
[ 109.068334] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef88bfcf68
[ 109.068854] RBP: 00007fef88bfcf60 R08: 00007fef8605f700 R09: 0000000000000000
[ 109.069380] R10: 00007fef8605f700 R11: 0000000000000246 R12: 00007fef88c01060
[ 109.069899] R13: 00007ffdc2946160 R14: 00007fef88bfcf60 R15: 000000000001a958
[ 109.070423]
[ 109.070600] Modules linked in:
[ 109.070842] ---[ end trace 0000000000000000 ]---
[ 109.071187] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.071537] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.072854] RSP: 0018:ffff8880455f7780 EFLAGS: 00010012
[ 109.073251] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004001000
[ 109.073771] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 109.074292] RBP: ffff8880455f79f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b70
[ 109.074812] R10: 0000000000000000 R11: ffff88801780cc98 R12: dffffc0000000000
[ 109.075332] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 109.075854] FS: 0000555584545400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.076446] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.076874] CR2: 0000555584546c18 CR3: 0000000044e94000 CR4: 0000000000350ef0
[ 109.077405] Kernel panic - not syncing: Fatal exception in interrupt
[ 109.078075] Kernel Offset: disabled
[ 109.078347] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:44:37 Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888044995280
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888044357988
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1
R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555588c49400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe6d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cc25000 CR3=00000000414ea000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000ff0000000000 XMM01=00000000000000000000010000000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f174bb4e7c800007f174bb4e7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880455f7070
R8 =0000000000000000 R9 =ffffed100172e046 R10=0000000000000034 R11=0000000065646f43
R12=0000000000000034 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f5d6fc5f700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe0600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5d727fd018 CR3=000000004160c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f5d727d07c000007f5d727d07c8
XMM02=00007f5d727d07e000007f5d727d07c0 XMM03=00007f5d727d07c800007f5d727d07c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000