Warning: Permanently added '[localhost]:50728' (ECDSA) to the list of known hosts. 2025/09/01 10:40:45 fuzzer started 2025/09/01 10:40:45 dialing manager at localhost:35473 syzkaller login: [ 51.181290] cgroup: Unknown subsys name 'net' [ 51.249430] cgroup: Unknown subsys name 'cpuset' [ 51.305579] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:40:57 syscalls: 2214 2025/09/01 10:40:57 code coverage: enabled 2025/09/01 10:40:57 comparison tracing: enabled 2025/09/01 10:40:57 extra coverage: enabled 2025/09/01 10:40:57 setuid sandbox: enabled 2025/09/01 10:40:57 namespace sandbox: enabled 2025/09/01 10:40:57 Android sandbox: enabled 2025/09/01 10:40:57 fault injection: enabled 2025/09/01 10:40:57 leak checking: enabled 2025/09/01 10:40:57 net packet injection: enabled 2025/09/01 10:40:57 net device setup: enabled 2025/09/01 10:40:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:40:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:40:57 USB emulation: enabled 2025/09/01 10:40:57 hci packet injection: enabled 2025/09/01 10:40:57 wifi device emulation: enabled 2025/09/01 10:40:57 802.15.4 emulation: enabled 2025/09/01 10:40:57 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:40:57 fetching corpus: 50, signal 19768/23357 (executing program) 2025/09/01 10:40:57 fetching corpus: 100, signal 28475/33572 (executing program) 2025/09/01 10:40:57 fetching corpus: 150, signal 38075/44428 (executing program) 2025/09/01 10:40:57 fetching corpus: 200, signal 46923/54363 (executing program) 2025/09/01 10:40:57 fetching corpus: 250, signal 52707/61214 (executing program) 2025/09/01 10:40:57 fetching corpus: 300, signal 58443/67888 (executing program) 2025/09/01 10:40:57 fetching corpus: 350, signal 66364/76388 (executing program) 2025/09/01 10:40:58 fetching corpus: 400, signal 70429/81319 (executing program) 2025/09/01 10:40:58 fetching corpus: 450, signal 72896/84759 (executing program) 2025/09/01 10:40:58 fetching corpus: 500, signal 76573/89216 (executing program) 2025/09/01 10:40:58 fetching corpus: 550, signal 81973/95037 (executing program) 2025/09/01 10:40:58 fetching corpus: 600, signal 84570/98399 (executing program) 2025/09/01 10:40:58 fetching corpus: 650, signal 86527/101124 (executing program) 2025/09/01 10:40:58 fetching corpus: 700, signal 89304/104527 (executing program) 2025/09/01 10:40:58 fetching corpus: 750, signal 91737/107547 (executing program) 2025/09/01 10:40:58 fetching corpus: 800, signal 95115/111264 (executing program) 2025/09/01 10:40:59 fetching corpus: 850, signal 98270/114776 (executing program) 2025/09/01 10:40:59 fetching corpus: 900, signal 99589/116750 (executing program) 2025/09/01 10:40:59 fetching corpus: 950, signal 101528/119161 (executing program) 2025/09/01 10:40:59 fetching corpus: 1000, signal 103400/121515 (executing program) 2025/09/01 10:40:59 fetching corpus: 1050, signal 104853/123428 (executing program) 2025/09/01 10:40:59 fetching corpus: 1100, signal 105923/125091 (executing program) 2025/09/01 10:40:59 fetching corpus: 1150, signal 107179/126865 (executing program) 2025/09/01 10:40:59 fetching corpus: 1200, signal 108288/128519 (executing program) 2025/09/01 10:40:59 fetching corpus: 1250, signal 109399/130115 (executing program) 2025/09/01 10:40:59 fetching corpus: 1300, signal 110683/131900 (executing program) 2025/09/01 10:41:00 fetching corpus: 1350, signal 112161/133749 (executing program) 2025/09/01 10:41:00 fetching corpus: 1400, signal 113747/135607 (executing program) 2025/09/01 10:41:00 fetching corpus: 1450, signal 115142/137335 (executing program) 2025/09/01 10:41:00 fetching corpus: 1500, signal 116438/138906 (executing program) 2025/09/01 10:41:00 fetching corpus: 1550, signal 117413/140297 (executing program) 2025/09/01 10:41:00 fetching corpus: 1598, signal 118357/141610 (executing program) 2025/09/01 10:41:00 fetching corpus: 1648, signal 119624/143086 (executing program) 2025/09/01 10:41:00 fetching corpus: 1697, signal 120404/144252 (executing program) 2025/09/01 10:41:00 fetching corpus: 1747, signal 121282/145459 (executing program) 2025/09/01 10:41:00 fetching corpus: 1797, signal 122152/146600 (executing program) 2025/09/01 10:41:00 fetching corpus: 1847, signal 123012/147739 (executing program) 2025/09/01 10:41:01 fetching corpus: 1897, signal 123929/148906 (executing program) 2025/09/01 10:41:01 fetching corpus: 1947, signal 124592/149889 (executing program) 2025/09/01 10:41:01 fetching corpus: 1997, signal 125640/151164 (executing program) 2025/09/01 10:41:01 fetching corpus: 2047, signal 126480/152250 (executing program) 2025/09/01 10:41:01 fetching corpus: 2097, signal 127399/153322 (executing program) 2025/09/01 10:41:01 fetching corpus: 2147, signal 128022/154264 (executing program) 2025/09/01 10:41:01 fetching corpus: 2197, signal 128821/155271 (executing program) 2025/09/01 10:41:01 fetching corpus: 2247, signal 129744/156307 (executing program) 2025/09/01 10:41:01 fetching corpus: 2297, signal 130525/157258 (executing program) 2025/09/01 10:41:01 fetching corpus: 2347, signal 131458/158238 (executing program) 2025/09/01 10:41:01 fetching corpus: 2397, signal 132361/159186 (executing program) 2025/09/01 10:41:02 fetching corpus: 2447, signal 132946/160014 (executing program) 2025/09/01 10:41:02 fetching corpus: 2497, signal 133440/160734 (executing program) 2025/09/01 10:41:02 fetching corpus: 2547, signal 134103/161565 (executing program) 2025/09/01 10:41:02 fetching corpus: 2597, signal 134719/162355 (executing program) 2025/09/01 10:41:02 fetching corpus: 2647, signal 135354/163145 (executing program) 2025/09/01 10:41:02 fetching corpus: 2697, signal 136123/163981 (executing program) 2025/09/01 10:41:02 fetching corpus: 2747, signal 136748/164802 (executing program) 2025/09/01 10:41:02 fetching corpus: 2797, signal 137211/165444 (executing program) 2025/09/01 10:41:02 fetching corpus: 2847, signal 137689/166128 (executing program) 2025/09/01 10:41:02 fetching corpus: 2897, signal 138487/166840 (executing program) 2025/09/01 10:41:02 fetching corpus: 2947, signal 139410/167678 (executing program) 2025/09/01 10:41:03 fetching corpus: 2997, signal 140140/168393 (executing program) 2025/09/01 10:41:03 fetching corpus: 3047, signal 141270/169199 (executing program) 2025/09/01 10:41:03 fetching corpus: 3097, signal 141873/169845 (executing program) 2025/09/01 10:41:03 fetching corpus: 3147, signal 142786/170575 (executing program) 2025/09/01 10:41:03 fetching corpus: 3197, signal 143408/171170 (executing program) 2025/09/01 10:41:03 fetching corpus: 3247, signal 143864/171724 (executing program) 2025/09/01 10:41:03 fetching corpus: 3297, signal 144386/172304 (executing program) 2025/09/01 10:41:03 fetching corpus: 3347, signal 145478/173013 (executing program) 2025/09/01 10:41:03 fetching corpus: 3397, signal 145928/173591 (executing program) 2025/09/01 10:41:03 fetching corpus: 3447, signal 146347/174120 (executing program) 2025/09/01 10:41:03 fetching corpus: 3497, signal 146924/174628 (executing program) 2025/09/01 10:41:04 fetching corpus: 3547, signal 147461/175153 (executing program) 2025/09/01 10:41:04 fetching corpus: 3597, signal 148166/175672 (executing program) 2025/09/01 10:41:04 fetching corpus: 3647, signal 148992/176263 (executing program) 2025/09/01 10:41:04 fetching corpus: 3697, signal 149568/176756 (executing program) 2025/09/01 10:41:04 fetching corpus: 3747, signal 150454/177260 (executing program) 2025/09/01 10:41:04 fetching corpus: 3797, signal 150977/177692 (executing program) 2025/09/01 10:41:04 fetching corpus: 3847, signal 151539/178147 (executing program) 2025/09/01 10:41:04 fetching corpus: 3897, signal 152158/178591 (executing program) 2025/09/01 10:41:04 fetching corpus: 3947, signal 152548/179007 (executing program) 2025/09/01 10:41:04 fetching corpus: 3997, signal 153168/179430 (executing program) 2025/09/01 10:41:04 fetching corpus: 4047, signal 153613/179827 (executing program) 2025/09/01 10:41:04 fetching corpus: 4097, signal 153979/180188 (executing program) 2025/09/01 10:41:04 fetching corpus: 4147, signal 154341/180538 (executing program) 2025/09/01 10:41:05 fetching corpus: 4197, signal 154685/180863 (executing program) 2025/09/01 10:41:05 fetching corpus: 4247, signal 155011/181210 (executing program) 2025/09/01 10:41:05 fetching corpus: 4297, signal 155406/181544 (executing program) 2025/09/01 10:41:05 fetching corpus: 4347, signal 155782/181890 (executing program) 2025/09/01 10:41:05 fetching corpus: 4397, signal 156174/182201 (executing program) 2025/09/01 10:41:05 fetching corpus: 4447, signal 157372/182441 (executing program) 2025/09/01 10:41:05 fetching corpus: 4497, signal 158116/182442 (executing program) 2025/09/01 10:41:05 fetching corpus: 4547, signal 158575/182445 (executing program) 2025/09/01 10:41:05 fetching corpus: 4597, signal 159252/182460 (executing program) 2025/09/01 10:41:05 fetching corpus: 4647, signal 159752/182463 (executing program) 2025/09/01 10:41:05 fetching corpus: 4697, signal 160275/182467 (executing program) 2025/09/01 10:41:05 fetching corpus: 4747, signal 160593/182490 (executing program) 2025/09/01 10:41:06 fetching corpus: 4797, signal 161077/182496 (executing program) 2025/09/01 10:41:06 fetching corpus: 4847, signal 161447/182520 (executing program) 2025/09/01 10:41:06 fetching corpus: 4897, signal 161837/182523 (executing program) 2025/09/01 10:41:06 fetching corpus: 4947, signal 162243/182536 (executing program) 2025/09/01 10:41:06 fetching corpus: 4997, signal 162737/182539 (executing program) 2025/09/01 10:41:06 fetching corpus: 5047, signal 163012/182553 (executing program) 2025/09/01 10:41:06 fetching corpus: 5097, signal 163391/182563 (executing program) 2025/09/01 10:41:06 fetching corpus: 5147, signal 163755/182566 (executing program) 2025/09/01 10:41:06 fetching corpus: 5197, signal 164097/182574 (executing program) 2025/09/01 10:41:06 fetching corpus: 5247, signal 164424/182578 (executing program) 2025/09/01 10:41:07 fetching corpus: 5297, signal 164866/182585 (executing program) 2025/09/01 10:41:07 fetching corpus: 5347, signal 165079/182597 (executing program) 2025/09/01 10:41:07 fetching corpus: 5397, signal 165545/182601 (executing program) 2025/09/01 10:41:07 fetching corpus: 5447, signal 166026/182607 (executing program) 2025/09/01 10:41:07 fetching corpus: 5497, signal 166434/182613 (executing program) 2025/09/01 10:41:07 fetching corpus: 5547, signal 166863/182620 (executing program) 2025/09/01 10:41:07 fetching corpus: 5597, signal 167244/182662 (executing program) 2025/09/01 10:41:07 fetching corpus: 5647, signal 167455/182668 (executing program) 2025/09/01 10:41:07 fetching corpus: 5697, signal 167790/182672 (executing program) 2025/09/01 10:41:07 fetching corpus: 5747, signal 168268/182674 (executing program) 2025/09/01 10:41:07 fetching corpus: 5797, signal 168595/182678 (executing program) 2025/09/01 10:41:08 fetching corpus: 5847, signal 168825/182686 (executing program) 2025/09/01 10:41:08 fetching corpus: 5897, signal 169058/182703 (executing program) 2025/09/01 10:41:08 fetching corpus: 5947, signal 169492/182710 (executing program) 2025/09/01 10:41:08 fetching corpus: 5997, signal 169972/182733 (executing program) 2025/09/01 10:41:08 fetching corpus: 6046, signal 170295/182745 (executing program) 2025/09/01 10:41:08 fetching corpus: 6096, signal 170657/182749 (executing program) 2025/09/01 10:41:08 fetching corpus: 6146, signal 170985/182755 (executing program) 2025/09/01 10:41:08 fetching corpus: 6196, signal 171270/182757 (executing program) 2025/09/01 10:41:08 fetching corpus: 6246, signal 171676/182784 (executing program) 2025/09/01 10:41:08 fetching corpus: 6296, signal 172029/182787 (executing program) 2025/09/01 10:41:08 fetching corpus: 6346, signal 172486/182790 (executing program) 2025/09/01 10:41:09 fetching corpus: 6396, signal 172764/182795 (executing program) 2025/09/01 10:41:09 fetching corpus: 6446, signal 173038/182801 (executing program) 2025/09/01 10:41:09 fetching corpus: 6496, signal 173351/182801 (executing program) 2025/09/01 10:41:09 fetching corpus: 6546, signal 173602/182855 (executing program) 2025/09/01 10:41:09 fetching corpus: 6596, signal 174080/182876 (executing program) 2025/09/01 10:41:09 fetching corpus: 6646, signal 174454/182878 (executing program) 2025/09/01 10:41:09 fetching corpus: 6696, signal 174805/182905 (executing program) 2025/09/01 10:41:09 fetching corpus: 6746, signal 175194/182929 (executing program) 2025/09/01 10:41:09 fetching corpus: 6796, signal 175573/182929 (executing program) 2025/09/01 10:41:09 fetching corpus: 6846, signal 175866/182946 (executing program) 2025/09/01 10:41:09 fetching corpus: 6896, signal 176153/182958 (executing program) 2025/09/01 10:41:09 fetching corpus: 6946, signal 176463/182960 (executing program) 2025/09/01 10:41:10 fetching corpus: 6996, signal 176710/182963 (executing program) 2025/09/01 10:41:10 fetching corpus: 7046, signal 177354/183113 (executing program) 2025/09/01 10:41:10 fetching corpus: 7096, signal 177582/183116 (executing program) 2025/09/01 10:41:10 fetching corpus: 7146, signal 177963/183133 (executing program) 2025/09/01 10:41:10 fetching corpus: 7196, signal 178388/183134 (executing program) 2025/09/01 10:41:10 fetching corpus: 7246, signal 178656/183170 (executing program) 2025/09/01 10:41:10 fetching corpus: 7296, signal 178961/183175 (executing program) 2025/09/01 10:41:10 fetching corpus: 7346, signal 179320/183184 (executing program) 2025/09/01 10:41:10 fetching corpus: 7396, signal 179627/183190 (executing program) 2025/09/01 10:41:10 fetching corpus: 7446, signal 179849/183190 (executing program) 2025/09/01 10:41:10 fetching corpus: 7496, signal 180278/183220 (executing program) 2025/09/01 10:41:10 fetching corpus: 7532, signal 180441/183220 (executing program) 2025/09/01 10:41:10 fetching corpus: 7532, signal 180441/183220 (executing program) 2025/09/01 10:41:13 starting 8 fuzzer processes 10:41:13 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) fstatfs(r0, &(0x7f0000000080)=""/141) 10:41:13 executing program 2: syz_open_dev$evdev(&(0x7f0000000440), 0x0, 0x0) 10:41:13 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x103483) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) io_submit(r1, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 10:41:13 executing program 4: r0 = epoll_create1(0x0) epoll_pwait2(r0, &(0x7f00000004c0)=[{}], 0x1, &(0x7f0000000500)={0x0, 0x3938700}, &(0x7f0000000540), 0x8) [ 78.734384] audit: type=1400 audit(1756723273.438:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:41:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)={0x34, 0x15, 0x1, 0x0, 0x0, "", [@nested={0x23, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="8dfd178807e9c14f81b3770fc6fd57eb68e153abc10dc3", @generic]}]}, 0x34}], 0x1}, 0x0) 10:41:13 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x572, &(0x7f0000000140)=0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) io_submit(r0, 0x2, &(0x7f00000001c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 10:41:13 executing program 5: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) 10:41:13 executing program 7: r0 = syz_init_net_socket$802154_dgram(0x24, 0x3, 0x2f) close_range(0xffffffffffffffff, r0, 0x0) [ 79.871546] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.875686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.878245] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.882270] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.885476] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.938975] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.945811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.950001] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.955391] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.964317] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.077401] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.079791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.081577] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.084440] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.086661] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.232787] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.237690] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.242179] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.257604] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.265421] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.281574] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.282879] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.287754] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.297583] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.303754] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.307515] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.308960] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.311478] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.319652] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.321294] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.324189] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.325519] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.327272] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.332213] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.342384] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.347264] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.349560] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.354744] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.367474] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.401690] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.906505] Bluetooth: hci0: command tx timeout [ 82.033076] Bluetooth: hci1: command tx timeout [ 82.162075] Bluetooth: hci2: command tx timeout [ 82.353082] Bluetooth: hci3: command tx timeout [ 82.417099] Bluetooth: hci6: command tx timeout [ 82.417260] Bluetooth: hci7: command tx timeout [ 82.481483] Bluetooth: hci5: command tx timeout [ 82.481504] Bluetooth: hci4: command tx timeout [ 83.953499] Bluetooth: hci0: command tx timeout [ 84.082144] Bluetooth: hci1: command tx timeout [ 84.209616] Bluetooth: hci2: command tx timeout [ 84.402367] Bluetooth: hci3: command tx timeout [ 84.465247] Bluetooth: hci6: command tx timeout [ 84.465331] Bluetooth: hci7: command tx timeout [ 84.529089] Bluetooth: hci5: command tx timeout [ 84.531237] Bluetooth: hci4: command tx timeout [ 86.001169] Bluetooth: hci0: command tx timeout [ 86.131084] Bluetooth: hci1: command tx timeout [ 86.258066] Bluetooth: hci2: command tx timeout [ 86.449082] Bluetooth: hci3: command tx timeout [ 86.513117] Bluetooth: hci6: command tx timeout [ 86.514789] Bluetooth: hci7: command tx timeout [ 86.577111] Bluetooth: hci4: command tx timeout [ 86.577156] Bluetooth: hci5: command tx timeout [ 88.049223] Bluetooth: hci0: command tx timeout [ 88.177172] Bluetooth: hci1: command tx timeout [ 88.306050] Bluetooth: hci2: command tx timeout [ 88.497101] Bluetooth: hci3: command tx timeout [ 88.561134] Bluetooth: hci7: command tx timeout [ 88.561157] Bluetooth: hci6: command tx timeout [ 88.625120] Bluetooth: hci4: command tx timeout [ 88.626145] Bluetooth: hci5: command tx timeout [ 115.200444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.201386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.425686] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.426399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.579488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.580148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.742101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.742758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.880109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.880746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.926458] audit: type=1400 audit(1756723310.632:8): avc: denied { open } for pid=3864 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 115.934215] audit: type=1400 audit(1756723310.632:9): avc: denied { kernel } for pid=3864 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 115.982701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.983390] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.058311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.058957] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.095839] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.096623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.168184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.168827] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.235066] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.235696] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.298400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.299058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.344146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.344794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.433891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.435036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.501759] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.502876] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.535994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.536713] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.610185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.610824] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:41:51 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'lo\x00', &(0x7f00000001c0)=@ethtool_gstrings={0x1b, 0x8}}) 10:41:51 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000000)) r0 = clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000003d40)}, 0x58) r1 = getpgrp(r0) migrate_pages(r1, 0x4, &(0x7f0000000040)=0x7, &(0x7f0000000080)=0x9) r2 = gettid() tgkill(0x0, r2, 0x0) gettid() tgkill(0x0, 0x0, 0x0) clone3(&(0x7f0000001400)={0x2000000, 0x0, 0x0, &(0x7f0000000280), {0xc}, &(0x7f0000000340)=""/72, 0x48, 0x0, &(0x7f00000013c0)}, 0x58) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2c081) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 10:41:51 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x103483) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) io_submit(r1, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 10:41:51 executing program 7: openat$sr(0xffffffffffffff9c, 0x0, 0x800, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) io_setup(0x9, &(0x7f0000000100)) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, &(0x7f0000000040)=@chain) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) 10:41:51 executing program 6: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x10000000) 10:41:51 executing program 5: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) 10:41:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)={0x34, 0x15, 0x1, 0x0, 0x0, "", [@nested={0x23, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="8dfd178807e9c14f81b3770fc6fd57eb68e153abc10dc3", @generic]}]}, 0x34}], 0x1}, 0x0) 10:41:51 executing program 4: r0 = epoll_create1(0x0) epoll_pwait2(r0, &(0x7f00000004c0)=[{}], 0x1, &(0x7f0000000500)={0x0, 0x3938700}, &(0x7f0000000540), 0x8) 10:41:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)={0x34, 0x15, 0x1, 0x0, 0x0, "", [@nested={0x23, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="8dfd178807e9c14f81b3770fc6fd57eb68e153abc10dc3", @generic]}]}, 0x34}], 0x1}, 0x0) 10:41:51 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x103483) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) io_submit(r1, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 10:41:51 executing program 7: openat$sr(0xffffffffffffff9c, 0x0, 0x800, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) io_setup(0x9, &(0x7f0000000100)) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, &(0x7f0000000040)=@chain) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) 10:41:51 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) finit_module(r0, 0x0, 0x0) 10:41:51 executing program 6: shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000)=""/173) [ 117.001164] kmemleak: Found object by alias at 0x607f1a63e67c [ 117.001185] CPU: 1 UID: 0 PID: 3923 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 117.001207] Tainted: [W]=WARN [ 117.001211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.001219] Call Trace: [ 117.001224] [ 117.001229] dump_stack_lvl+0xca/0x120 [ 117.001261] __lookup_object+0x94/0xb0 [ 117.001280] delete_object_full+0x27/0x70 [ 117.001297] free_percpu+0x30/0x1160 [ 117.001315] ? arch_uprobe_clear_state+0x16/0x140 [ 117.001336] futex_hash_free+0x38/0xc0 [ 117.001351] mmput+0x2d3/0x390 [ 117.001371] do_exit+0x79d/0x2970 [ 117.001385] ? signal_wake_up_state+0x85/0x120 [ 117.001402] ? zap_other_threads+0x2b9/0x3a0 [ 117.001418] ? __pfx_do_exit+0x10/0x10 [ 117.001431] ? do_group_exit+0x1c3/0x2a0 [ 117.001445] ? lock_release+0xc8/0x290 [ 117.001463] do_group_exit+0xd3/0x2a0 [ 117.001479] __x64_sys_exit_group+0x3e/0x50 [ 117.001493] x64_sys_call+0x18c5/0x18d0 [ 117.001510] do_syscall_64+0xbf/0x360 [ 117.001524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.001536] RIP: 0033:0x7faac3f92b19 [ 117.001545] Code: Unable to access opcode bytes at 0x7faac3f92aef. [ 117.001551] RSP: 002b:00007fffd5fd9cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.001563] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007faac3f92b19 [ 117.001572] RDX: 00007faac3f4572b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.001579] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 117.001587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.001594] R13: 0000000000000001 R14: 0000000000000001 R15: 00007fffd5fd9dc0 [ 117.001609] [ 117.001614] kmemleak: Object (percpu) 0x607f1a63e678 (size 8): [ 117.001621] kmemleak: comm "syz-executor.2", pid 3906, jiffies 4294783715 [ 117.001628] kmemleak: min_count = 1 [ 117.001632] kmemleak: count = 0 [ 117.001636] kmemleak: flags = 0x21 [ 117.001640] kmemleak: checksum = 0 [ 117.001644] kmemleak: backtrace: [ 117.001647] pcpu_alloc_noprof+0x87a/0x1170 [ 117.001664] xfrm_state_init+0x1a5/0x640 [ 117.001675] xfrm_net_init+0x1a3/0xb20 [ 117.001687] ops_init+0x1e1/0x650 [ 117.001698] setup_net+0x10d/0x320 [ 117.001707] copy_net_ns+0x2e3/0x650 [ 117.001717] create_new_namespaces+0x3f6/0xab0 [ 117.001735] copy_namespaces+0x45c/0x580 [ 117.001750] copy_process+0x2649/0x73c0 [ 117.001760] kernel_clone+0xea/0x7f0 [ 117.001771] __do_sys_clone3+0x1f5/0x280 [ 117.001781] do_syscall_64+0xbf/0x360 [ 117.001791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.007403] kmemleak: Cannot insert 0x607f1a63e67c into the object search tree (overlaps existing) [ 117.007434] CPU: 0 UID: 0 PID: 3926 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 117.007468] Tainted: [W]=WARN [ 117.007475] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.007487] Call Trace: [ 117.007494] [ 117.007511] dump_stack_lvl+0xca/0x120 [ 117.007553] __link_object+0x190/0x210 [ 117.007586] __create_object+0x48/0x80 [ 117.007619] pcpu_alloc_noprof+0x87a/0x1170 [ 117.007663] ioctx_alloc+0x39d/0x1e10 [ 117.007695] ? lock_acquire+0x15e/0x2f0 [ 117.007720] ? __might_fault+0xe0/0x190 [ 117.007746] ? find_held_lock+0x2b/0x80 [ 117.007779] ? __pfx_ioctx_alloc+0x10/0x10 [ 117.007804] ? lock_release+0xc8/0x290 [ 117.007829] ? __might_fault+0xe0/0x190 [ 117.007859] __x64_sys_io_setup+0xc8/0x1f0 [ 117.007887] do_syscall_64+0xbf/0x360 [ 117.007910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.007933] RIP: 0033:0x7fa1a7961b19 [ 117.007949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.007969] RSP: 002b:00007fa1a4ed7188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 117.007991] RAX: ffffffffffffffda RBX: 00007fa1a7a74f60 RCX: 00007fa1a7961b19 [ 117.008005] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000009 [ 117.008018] RBP: 00007fa1a79bbf6d R08: 0000000000000000 R09: 0000000000000000 [ 117.008031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.008043] R13: 00007ffd86743f9f R14: 00007fa1a4ed7300 R15: 0000000000022000 [ 117.008073] [ 117.008590] kmemleak: Kernel memory leak detector disabled [ 117.008598] kmemleak: Object (percpu) 0x607f1a63e678 (size 8): [ 117.008611] kmemleak: comm "syz-executor.2", pid 3906, jiffies 4294783715 [ 117.008624] kmemleak: min_count = 1 [ 117.008631] kmemleak: count = 0 [ 117.008638] kmemleak: flags = 0x21 [ 117.008645] kmemleak: checksum = 0 [ 117.008651] kmemleak: backtrace: [ 117.008657] pcpu_alloc_noprof+0x87a/0x1170 [ 117.008687] xfrm_state_init+0x1a5/0x640 [ 117.008706] xfrm_net_init+0x1a3/0xb20 [ 117.008728] ops_init+0x1e1/0x650 [ 117.008745] setup_net+0x10d/0x320 [ 117.008762] copy_net_ns+0x2e3/0x650 [ 117.008779] create_new_namespaces+0x3f6/0xab0 [ 117.008810] copy_namespaces+0x45c/0x580 [ 117.008838] copy_process+0x2649/0x73c0 [ 117.008858] kernel_clone+0xea/0x7f0 [ 117.008876] __do_sys_clone3+0x1f5/0x280 [ 117.008907] do_syscall_64+0xbf/0x360 [ 117.008925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.073982] kmemleak: Found object by alias at 0x607f1a63e67c [ 117.074000] CPU: 1 UID: 0 PID: 3891 Comm: kworker/1:3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 117.074022] Tainted: [W]=WARN [ 117.074026] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.074034] Workqueue: events free_ioctx [ 117.074056] Call Trace: [ 117.074060] [ 117.074066] dump_stack_lvl+0xca/0x120 [ 117.074090] __lookup_object+0x94/0xb0 [ 117.074107] delete_object_full+0x27/0x70 [ 117.074124] free_percpu+0x30/0x1160 [ 117.074146] free_ioctx+0x3e/0x70 [ 117.074159] process_one_work+0x8e1/0x19c0 [ 117.074182] ? __pfx_process_one_work+0x10/0x10 [ 117.074196] ? move_linked_works+0x172/0x270 [ 117.074217] ? assign_work+0x196/0x240 [ 117.074233] worker_thread+0x67e/0xe90 [ 117.074248] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.074266] ? __pfx_worker_thread+0x10/0x10 [ 117.074282] kthread+0x3c8/0x740 [ 117.074296] ? __pfx_kthread+0x10/0x10 [ 117.074308] ? ret_from_fork+0x23/0x430 [ 117.074328] ? lock_release+0xc8/0x290 [ 117.074344] ? __pfx_kthread+0x10/0x10 [ 117.074358] ret_from_fork+0x34b/0x430 [ 117.074375] ? __pfx_kthread+0x10/0x10 [ 117.074388] ret_from_fork_asm+0x1a/0x30 [ 117.074413] [ 117.074417] kmemleak: Object (percpu) 0x607f1a63e678 (size 8): [ 117.074424] kmemleak: comm "syz-executor.2", pid 3906, jiffies 4294783715 [ 117.074432] kmemleak: min_count = 1 [ 117.074436] kmemleak: count = 0 [ 117.074440] kmemleak: flags = 0x21 [ 117.074444] kmemleak: checksum = 0 [ 117.074448] kmemleak: backtrace: [ 117.074451] pcpu_alloc_noprof+0x87a/0x1170 [ 117.074467] xfrm_state_init+0x1a5/0x640 [ 117.074478] xfrm_net_init+0x1a3/0xb20 [ 117.074491] ops_init+0x1e1/0x650 [ 117.074501] setup_net+0x10d/0x320 [ 117.074510] copy_net_ns+0x2e3/0x650 [ 117.074520] create_new_namespaces+0x3f6/0xab0 [ 117.074537] copy_namespaces+0x45c/0x580 [ 117.074552] copy_process+0x2649/0x73c0 [ 117.074564] kernel_clone+0xea/0x7f0 [ 117.074574] __do_sys_clone3+0x1f5/0x280 [ 117.074585] do_syscall_64+0xbf/0x360 [ 117.074596] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:41:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)={0x34, 0x15, 0x1, 0x0, 0x0, "", [@nested={0x23, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="8dfd178807e9c14f81b3770fc6fd57eb68e153abc10dc3", @generic]}]}, 0x34}], 0x1}, 0x0) 10:41:51 executing program 4: r0 = epoll_create1(0x0) epoll_pwait2(r0, &(0x7f00000004c0)=[{}], 0x1, &(0x7f0000000500)={0x0, 0x3938700}, &(0x7f0000000540), 0x8) 10:41:51 executing program 5: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) 10:41:51 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) writev(r0, &(0x7f00000025c0)=[{&(0x7f0000000480)="8b68f60e9b394a", 0x7}], 0x1) 10:41:51 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) finit_module(r0, 0x0, 0x0) 10:41:51 executing program 7: openat$sr(0xffffffffffffff9c, 0x0, 0x800, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) io_setup(0x9, &(0x7f0000000100)) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, &(0x7f0000000040)=@chain) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) 10:41:51 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x103483) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) io_submit(r1, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 10:41:51 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000000)) r0 = clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000003d40)}, 0x58) r1 = getpgrp(r0) migrate_pages(r1, 0x4, &(0x7f0000000040)=0x7, &(0x7f0000000080)=0x9) r2 = gettid() tgkill(0x0, r2, 0x0) gettid() tgkill(0x0, 0x0, 0x0) clone3(&(0x7f0000001400)={0x2000000, 0x0, 0x0, &(0x7f0000000280), {0xc}, &(0x7f0000000340)=""/72, 0x48, 0x0, &(0x7f00000013c0)}, 0x58) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2c081) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 10:41:51 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) writev(r0, &(0x7f00000025c0)=[{&(0x7f0000000480)="8b68f60e9b394a", 0x7}], 0x1) 10:41:51 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:51 executing program 3: pselect6(0x40, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 10:41:51 executing program 7: openat$sr(0xffffffffffffff9c, 0x0, 0x800, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) io_setup(0x9, &(0x7f0000000100)) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, &(0x7f0000000040)=@chain) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) 10:41:51 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) finit_module(r0, 0x0, 0x0) 10:41:51 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) writev(r0, &(0x7f00000025c0)=[{&(0x7f0000000480)="8b68f60e9b394a", 0x7}], 0x1) 10:41:51 executing program 4: r0 = epoll_create1(0x0) epoll_pwait2(r0, &(0x7f00000004c0)=[{}], 0x1, &(0x7f0000000500)={0x0, 0x3938700}, &(0x7f0000000540), 0x8) 10:41:52 executing program 5: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) 10:41:52 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) writev(r0, &(0x7f00000025c0)=[{&(0x7f0000000480)="8b68f60e9b394a", 0x7}], 0x1) 10:41:52 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000000)) r0 = clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000003d40)}, 0x58) r1 = getpgrp(r0) migrate_pages(r1, 0x4, &(0x7f0000000040)=0x7, &(0x7f0000000080)=0x9) r2 = gettid() tgkill(0x0, r2, 0x0) gettid() tgkill(0x0, 0x0, 0x0) clone3(&(0x7f0000001400)={0x2000000, 0x0, 0x0, &(0x7f0000000280), {0xc}, &(0x7f0000000340)=""/72, 0x48, 0x0, &(0x7f00000013c0)}, 0x58) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2c081) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 10:41:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:52 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:52 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) finit_module(r0, 0x0, 0x0) [ 117.657692] kmemleak: Automatic memory scanning thread ended 10:41:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:52 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[]) umount2(&(0x7f0000000080)='./file0\x00', 0x0) 10:41:52 executing program 5: futex(0x0, 0x8, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0) 10:41:52 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:52 executing program 0: openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) select(0x40, &(0x7f0000000080)={0x8}, 0x0, 0x0, 0x0) 10:41:52 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000000)) r0 = clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000003d40)}, 0x58) r1 = getpgrp(r0) migrate_pages(r1, 0x4, &(0x7f0000000040)=0x7, &(0x7f0000000080)=0x9) r2 = gettid() tgkill(0x0, r2, 0x0) gettid() tgkill(0x0, 0x0, 0x0) clone3(&(0x7f0000001400)={0x2000000, 0x0, 0x0, &(0x7f0000000280), {0xc}, &(0x7f0000000340)=""/72, 0x48, 0x0, &(0x7f00000013c0)}, 0x58) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2c081) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 10:41:52 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0x0, 0xb}, 0x8) 10:41:52 executing program 7: r0 = semget(0x3, 0x3, 0x644) semctl$IPC_RMID(r0, 0x0, 0x0) 10:41:52 executing program 0: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0) keyctl$read(0xb, r1, &(0x7f0000000040)=""/4, 0x4) 10:41:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617402020801000240008000f8", 0x16}], 0x0, &(0x7f0000010d00)) 10:41:52 executing program 7: prctl$PR_SET_KEEPCAPS(0x8, 0x1) 10:41:53 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, "fefb4a9a3b67b8053cc55f1c42469de3c566f8"}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfb) 10:41:53 executing program 4: msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000000)=""/126) [ 118.378712] Oops: general protection fault, probably for non-canonical address 0xdffffc0002bda860: 0000 [#1] SMP KASAN NOPTI [ 118.379738] KASAN: probably user-memory-access in range [0x0000000015ed4300-0x0000000015ed4307] [ 118.380659] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.382691] Tainted: [W]=WARN [ 118.383274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.384741] RIP: 0010:__queue_work+0x202/0x1240 [ 118.385704] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 118.388558] RSP: 0018:ffff888047d273f0 EFLAGS: 00010016 [ 118.389432] RAX: 0000000002bda860 RBX: ffff888045205018 RCX: ffffc90006437000 [ 118.390661] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 118.391227] RBP: 0000000015ed4300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 118.391788] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 118.392349] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044f38800 [ 118.392923] FS: 00007f859a7d9700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 118.393558] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.394022] CR2: 0000001b2cf28000 CR3: 000000001c7a3000 CR4: 0000000000350ef0 [ 118.394590] Call Trace: [ 118.394798] [ 118.394993] ? find_held_lock+0x2b/0x80 [ 118.395320] queue_work_on+0xd0/0xe0 [ 118.395621] loop_queue_rq+0x5c8/0x1180 [ 118.395944] __blk_mq_issue_directly+0xd5/0x260 [ 118.396322] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 118.396744] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 118.397178] blk_mq_request_issue_directly+0x11c/0x1e0 [ 118.397592] blk_mq_issue_direct+0x192/0x640 [ 118.397946] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 118.398363] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 118.398735] ? read_tsc+0x9/0x20 [ 118.399015] ? ktime_get+0x16d/0x270 [ 118.399318] ? trace_block_plug+0x149/0x1b0 [ 118.399662] ? blk_add_rq_to_plug+0x234/0x550 [ 118.400019] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 118.400427] ? blk_mq_submit_bio+0x4fd/0x2220 [ 118.400787] __blk_flush_plug+0x25c/0x460 [ 118.401125] ? __pfx___blk_flush_plug+0x10/0x10 [ 118.401497] __submit_bio+0x480/0x5b0 [ 118.401804] ? __pfx___submit_bio+0x10/0x10 [ 118.402148] ? read_tsc+0x9/0x20 [ 118.402425] ? ktime_get+0x16d/0x270 [ 118.402729] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 118.403121] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 118.403549] submit_bio_noacct+0x359/0x1350 [ 118.403894] __bread_gfp+0x18b/0x3c0 [ 118.404199] fat_fill_super+0x5e1/0x3fd0 [ 118.404534] ? __pfx_setup+0x10/0x10 [ 118.404832] ? __pfx_fat_fill_super+0x10/0x10 [ 118.405203] ? snprintf+0xbe/0x100 [ 118.405500] ? __pfx_snprintf+0x10/0x10 [ 118.405825] ? find_held_lock+0x2b/0x80 [ 118.406150] ? setup_bdev_super+0x2ed/0x6e0 [ 118.406506] ? set_blocksize+0x1b4/0x470 [ 118.406832] ? lock_release+0xc8/0x290 [ 118.407149] ? sb_set_blocksize+0x177/0x1c0 [ 118.407489] ? setup_bdev_super+0x31f/0x6e0 [ 118.407838] get_tree_bdev_flags+0x38a/0x620 [ 118.408190] ? __pfx_vfat_fill_super+0x10/0x10 [ 118.408556] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 118.408954] ? cap_capable+0xdb/0x3b0 [ 118.409264] ? security_capable+0x2f/0x90 [ 118.409597] vfs_get_tree+0x93/0x340 [ 118.409902] path_mount+0x132d/0x1dd0 [ 118.410213] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.410631] ? __pfx_path_mount+0x10/0x10 [ 118.410962] ? kmem_cache_free+0x2a1/0x540 [ 118.411298] ? putname.part.0+0x11b/0x160 [ 118.411633] ? getname_flags.part.0+0x1c6/0x540 [ 118.412006] ? putname.part.0+0x11b/0x160 [ 118.412338] __x64_sys_mount+0x27b/0x300 [ 118.412661] ? __pfx___x64_sys_mount+0x10/0x10 [ 118.413037] do_syscall_64+0xbf/0x360 [ 118.413345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.413751] RIP: 0033:0x7f859d26504a [ 118.414050] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.415478] RSP: 002b:00007f859a7d8fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 118.416074] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f859d26504a [ 118.416633] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f859a7d9000 [ 118.417206] RBP: 00007f859a7d9040 R08: 00007f859a7d9040 R09: 0000000020000000 [ 118.417763] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 118.418324] R13: 0000000020000100 R14: 00007f859a7d9000 R15: 0000000020010d00 [ 118.418886] [ 118.419079] Modules linked in: [ 118.419340] ---[ end trace 0000000000000000 ]--- [ 118.419711] RIP: 0010:__queue_work+0x202/0x1240 [ 118.420087] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 118.421517] RSP: 0018:ffff888047d273f0 EFLAGS: 00010016 [ 118.421939] RAX: 0000000002bda860 RBX: ffff888045205018 RCX: ffffc90006437000 [ 118.422496] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 118.423053] RBP: 0000000015ed4300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 118.423613] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 118.424173] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044f38800 [ 118.424735] FS: 00007f859a7d9700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 118.425385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.425847] CR2: 0000001b2cf28000 CR3: 000000001c7a3000 CR4: 0000000000350ef0 [ 118.426420] note: syz-executor.5[4008] exited with irqs disabled [ 118.427031] note: syz-executor.5[4008] exited with preempt_count 1 [ 118.427581] ------------[ cut here ]------------ [ 118.427959] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.5/4008 [ 118.429292] Modules linked in: [ 118.429567] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.430647] Tainted: [D]=DIE, [W]=WARN [ 118.430974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.431772] RIP: 0010:do_exit+0x1c36/0x2970 [ 118.432197] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 118.433712] RSP: 0018:ffff888047d27e40 EFLAGS: 00010212 [ 118.434203] RAX: 000000000003b881 RBX: 0000000000000200 RCX: ffffc90006437000 [ 118.434927] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff8880162aad68 [ 118.435560] RBP: ffff8880162a9b80 R08: 0000000000000001 R09: fffffbfff0f126d8 [ 118.436186] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 118.436758] R13: 0000000000002710 R14: dffffc0002bda860 R15: 0000000000000000 [ 118.437402] FS: 00007f859a7d9700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 118.438102] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.438570] CR2: 0000001b2cf28000 CR3: 000000001c7a3000 CR4: 0000000000350ef0 [ 118.439201] Call Trace: [ 118.439416] [ 118.439601] ? _printk+0xbe/0xf0 [ 118.439884] ? __pfx__printk+0x10/0x10 [ 118.440275] ? __pfx_do_exit+0x10/0x10 [ 118.440601] make_task_dead+0x174/0x3b0 [ 118.440931] ? do_syscall_64+0xbf/0x360 [ 118.441315] rewind_stack_and_make_dead+0x16/0x20 [ 118.441714] RIP: 0033:0x7f859d26504a [ 118.442075] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.443578] RSP: 002b:00007f859a7d8fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 118.444248] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f859d26504a [ 118.445081] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f859a7d9000 [ 118.445652] RBP: 00007f859a7d9040 R08: 00007f859a7d9040 R09: 0000000020000000 [ 118.446469] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 118.447103] R13: 0000000020000100 R14: 00007f859a7d9000 R15: 0000000020010d00 [ 118.447697] [ 118.447889] irq event stamp: 1344 [ 118.448230] hardirqs last enabled at (1343): [] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 118.449001] hardirqs last disabled at (1344): [] _raw_spin_lock_irq+0x42/0x50 [ 118.449775] softirqs last enabled at (1334): [] handle_softirqs+0x50c/0x770 [ 118.450530] softirqs last disabled at (1015): [] __irq_exit_rcu+0xc4/0x100 [ 118.451261] ---[ end trace 0000000000000000 ]--- [ 118.451641] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 118.452404] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4008, name: syz-executor.5 [ 118.453131] preempt_count: 0, expected: 0 [ 118.453460] RCU nest depth: 2, expected: 0 [ 118.453793] INFO: lockdep is turned off. [ 118.454173] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.454192] Tainted: [D]=DIE, [W]=WARN [ 118.454197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.454203] Call Trace: [ 118.454207] [ 118.454211] dump_stack_lvl+0xfa/0x120 [ 118.454236] __might_resched+0x2f3/0x510 [ 118.454250] exit_signals+0x25/0x940 [ 118.454269] do_exit+0x2db/0x2970 [ 118.454282] ? _printk+0xbe/0xf0 [ 118.454294] ? __pfx__printk+0x10/0x10 [ 118.454308] ? __pfx_do_exit+0x10/0x10 [ 118.454323] make_task_dead+0x174/0x3b0 [ 118.454336] ? do_syscall_64+0xbf/0x360 [ 118.454347] rewind_stack_and_make_dead+0x16/0x20 [ 118.454363] RIP: 0033:0x7f859d26504a [ 118.454371] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.454382] RSP: 002b:00007f859a7d8fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 118.454394] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f859d26504a [ 118.454402] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f859a7d9000 [ 118.454409] RBP: 00007f859a7d9040 R08: 00007f859a7d9040 R09: 0000000020000000 [ 118.454417] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 118.454424] R13: 0000000020000100 R14: 00007f859a7d9000 R15: 0000000020010d00 [ 118.454435] 10:41:53 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, 0x0, 0x1, 0x5, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x80000021) 10:41:53 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0}, {@in6=@private2, 0x0, 0x6c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 10:41:53 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x114a460b, 0x4) 10:41:53 executing program 6: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001bc0)}, 0x58) 10:41:53 executing program 4: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x191880, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) shmctl$SHM_LOCK(0xffffffffffffffff, 0xb) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180)={0x3, 'veth0_to_bond\x00', {0x5}, 0x3}) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x34, 0x0, &(0x7f00000023c0)) r1 = shmget(0x1, 0x1000, 0x200, &(0x7f0000cea000/0x1000)=nil) shmat(r1, &(0x7f0000995000/0x3000)=nil, 0x7000) 10:41:53 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) dup(0xffffffffffffffff) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f00000003c0)=ANY=[]) 10:41:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617402020801000240008000f8", 0x16}], 0x0, &(0x7f0000010d00)) 10:41:53 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0x0, 0xb}, 0x8) [ 119.282384] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 10:41:54 executing program 7: clock_gettime(0xb, &(0x7f0000014ac0)) 10:41:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617402020801000240008000f8", 0x16}], 0x0, &(0x7f0000010d00)) 10:41:54 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() setresgid(0xee00, 0xee00, 0x0) sendmsg$netlink(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)={0x10}, 0x10}], 0x1, &(0x7f0000002bc0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20}, 0x0) 10:41:54 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0x0, 0xb}, 0x8) 10:41:54 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) dup2(r0, r1) 10:41:54 executing program 0: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x191880, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) shmctl$SHM_LOCK(0xffffffffffffffff, 0xb) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180)={0x3, 'veth0_to_bond\x00', {0x5}, 0x3}) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x34, 0x0, &(0x7f00000023c0)) r1 = shmget(0x1, 0x1000, 0x200, &(0x7f0000cea000/0x1000)=nil) shmat(r1, &(0x7f0000995000/0x3000)=nil, 0x7000) 10:41:54 executing program 4: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x191880, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) shmctl$SHM_LOCK(0xffffffffffffffff, 0xb) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180)={0x3, 'veth0_to_bond\x00', {0x5}, 0x3}) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x34, 0x0, &(0x7f00000023c0)) r1 = shmget(0x1, 0x1000, 0x200, &(0x7f0000cea000/0x1000)=nil) shmat(r1, &(0x7f0000995000/0x3000)=nil, 0x7000) [ 119.411383] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4043 comm=syz-executor.6 [ 119.424751] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4043 comm=syz-executor.6 [ 119.444892] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#2] SMP KASAN NOPTI [ 119.446516] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 119.447727] CPU: 1 UID: 0 PID: 4048 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.449431] Tainted: [D]=DIE, [W]=WARN [ 119.449983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.451152] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 119.451854] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 119.454430] RSP: 0018:ffff888047b87780 EFLAGS: 00010012 [ 119.455193] RAX: 00200000000000b0 RBX: ffff888045bea581 RCX: ffffc9000ae5c000 [ 119.456201] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 119.457229] RBP: ffff888047b879f0 R08: ffff88806cf31340 R09: ffffe8ffffd16678 [ 119.458256] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 119.459266] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.460278] FS: 00007efee6ef1700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.461431] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.462276] CR2: 00007fff22f9dda8 CR3: 0000000044f2e000 CR4: 0000000000350ef0 [ 119.463298] Call Trace: [ 119.463676] [ 119.464015] ? __pfx_perf_tp_event+0x10/0x10 [ 119.464677] ? __asan_memcpy+0x3d/0x60 [ 119.465258] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 119.466154] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 119.467090] ? kvm_sched_clock_read+0x16/0x30 [ 119.467775] ? local_clock_noinstr+0xf/0xc0 [ 119.468406] ? ctx_sched_in+0x134/0x9b0 [ 119.469002] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 119.469739] ? perf_swevent_event+0x63/0x3f0 [ 119.470382] ? css_rstat_updated+0x1b8/0x4d0 [ 119.471044] ? __pfx_css_rstat_updated+0x10/0x10 [ 119.471753] ? __anon_inode_getfile+0xe1/0x280 [ 119.472424] ? __do_sys_perf_event_open+0x18cb/0x2c20 [ 119.473193] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.473933] ? trace_pelt_se_tp+0xdf/0x130 [ 119.474562] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.475293] perf_trace_run_bpf_submit+0xef/0x180 [ 119.476006] perf_trace_preemptirq_template+0x259/0x430 [ 119.476772] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.477619] ? check_preempt_wakeup_fair+0x406/0x950 [ 119.478367] ? wakeup_preempt+0x140/0x2a0 [ 119.478969] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 119.479713] trace_irq_enable.constprop.0+0xa6/0x100 [ 119.480454] trace_hardirqs_on+0x26/0x40 [ 119.481054] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 119.481769] try_to_wake_up+0x8ae/0x11d0 [ 119.482370] ? __pfx_try_to_wake_up+0x10/0x10 [ 119.483030] ? plist_del+0x122/0x270 [ 119.483581] ? __futex_unqueue+0xda/0x1c0 [ 119.484192] wake_up_q+0xa1/0x130 [ 119.484711] futex_wake+0x47e/0x540 [ 119.485269] ? __pfx_futex_wake+0x10/0x10 [ 119.485878] ? lock_release+0x1c7/0x290 [ 119.486467] ? lock_release+0x1c7/0x290 [ 119.487048] ? fd_install+0x1f0/0x660 [ 119.487610] do_futex+0x26d/0x370 [ 119.488134] ? __pfx_do_futex+0x10/0x10 [ 119.488711] __x64_sys_futex+0x1c9/0x4d0 [ 119.489315] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.490170] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.490829] ? xfd_validate_state+0x55/0x180 [ 119.491484] do_syscall_64+0xbf/0x360 [ 119.492041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.492782] RIP: 0033:0x7efee997bb19 [ 119.493348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.495920] RSP: 002b:00007efee6ef1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.497032] RAX: ffffffffffffffda RBX: 00007efee9a8ef68 RCX: 00007efee997bb19 [ 119.498052] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efee9a8ef6c [ 119.499068] RBP: 00007efee9a8ef60 R08: 000000000000000e R09: 0000000000000000 [ 119.500084] R10: 0000000000000004 R11: 0000000000000246 R12: 00007efee9a8ef6c [ 119.501113] R13: 00007fffd790cbcf R14: 00007efee6ef1300 R15: 0000000000022000 [ 119.502131] [ 119.502478] Modules linked in: [ 119.502958] ---[ end trace 0000000000000000 ]--- [ 119.503634] RIP: 0010:__queue_work+0x202/0x1240 [ 119.504320] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 119.506922] RSP: 0018:ffff888047d273f0 EFLAGS: 00010016 [ 119.507691] RAX: 0000000002bda860 RBX: ffff888045205018 RCX: ffffc90006437000 [ 119.508713] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 119.509743] RBP: 0000000015ed4300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 119.510757] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 119.511771] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044f38800 [ 119.512803] FS: 00007efee6ef1700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.513958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.514788] CR2: 00007fff22f9dda8 CR3: 0000000044f2e000 CR4: 0000000000350ef0 [ 119.515808] note: syz-executor.4[4048] exited with irqs disabled [ 119.516791] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#3] SMP KASAN NOPTI [ 119.518393] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 119.519602] CPU: 1 UID: 0 PID: 4048 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.521303] Tainted: [D]=DIE, [W]=WARN [ 119.521850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.523012] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 119.523704] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 119.526291] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 119.527056] RAX: 00200000000000b0 RBX: ffff888045bea581 RCX: ffffffff8189a55c [ 119.528066] RDX: ffff888016cf8000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 119.529097] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16678 [ 119.530111] R10: 0000000000000000 R11: ffff888016dcf498 R12: dffffc0000000000 [ 119.531127] R13: 0100000000000000 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 119.532146] FS: 00007efee6ef1700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.533293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.534128] CR2: 00007fff22f9dda8 CR3: 0000000044f2e000 CR4: 0000000000350ef0 [ 119.535145] Call Trace: [ 119.535528] [ 119.535852] ? __pfx_perf_tp_event+0x10/0x10 [ 119.536503] ? do_raw_spin_lock+0x123/0x260 [ 119.537142] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 119.537825] ? lock_acquire+0x18c/0x2f0 [ 119.538413] ? lock_release+0x1c7/0x290 [ 119.539005] ? do_raw_spin_unlock+0x53/0x220 [ 119.539661] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 119.540400] ? try_to_wake_up+0x128/0x11d0 [ 119.541029] ? do_raw_spin_lock+0x123/0x260 [ 119.541670] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 119.542359] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.543091] perf_trace_run_bpf_submit+0xef/0x180 [ 119.543810] perf_trace_preemptirq_template+0x259/0x430 [ 119.544590] ? read_tsc+0x9/0x20 [ 119.545107] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.545953] ? clockevents_program_event+0x135/0x360 [ 119.546704] ? tick_program_event+0xac/0x140 [ 119.547344] ? handle_softirqs+0x16e/0x770 [ 119.547979] trace_irq_enable.constprop.0+0xa6/0x100 [ 119.548721] trace_hardirqs_on+0x26/0x40 [ 119.549339] handle_softirqs+0x16e/0x770 [ 119.549950] __irq_exit_rcu+0xc4/0x100 [ 119.550537] irq_exit_rcu+0x9/0x20 [ 119.551072] sysvec_apic_timer_interrupt+0x70/0x80 [ 119.551801] [ 119.552130] [ 119.552464] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 119.553250] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 119.553937] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 119.556547] RSP: 0018:ffff888047b87f28 EFLAGS: 00000246 [ 119.557337] RAX: 0000000000000001 RBX: ffff888016cf8000 RCX: ffffffff817c3ab6 [ 119.558358] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 119.559394] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 119.560418] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888016cf8000 [ 119.561436] R13: 0000000000000000 R14: e01ffc00000000b0 R15: 0000000000000000 [ 119.562460] ? trace_irq_enable.constprop.0+0x26/0x100 [ 119.563217] ? make_task_dead+0x214/0x3b0 [ 119.563819] ? make_task_dead+0x214/0x3b0 [ 119.564419] ? do_syscall_64+0xbf/0x360 [ 119.565005] rewind_stack_and_make_dead+0x16/0x20 [ 119.565709] RIP: 0033:0x7efee997bb19 [ 119.566248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.568830] RSP: 002b:00007efee6ef1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.569917] RAX: ffffffffffffffda RBX: 00007efee9a8ef68 RCX: 00007efee997bb19 [ 119.570927] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efee9a8ef6c [ 119.571936] RBP: 00007efee9a8ef60 R08: 000000000000000e R09: 0000000000000000 [ 119.572952] R10: 0000000000000004 R11: 0000000000000246 R12: 00007efee9a8ef6c [ 119.573976] R13: 00007fffd790cbcf R14: 00007efee6ef1300 R15: 0000000000022000 [ 119.574995] [ 119.575337] Modules linked in: [ 119.575810] ---[ end trace 0000000000000000 ]--- [ 119.576483] RIP: 0010:__queue_work+0x202/0x1240 [ 119.577182] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 119.579743] RSP: 0018:ffff888047d273f0 EFLAGS: 00010016 [ 119.580506] RAX: 0000000002bda860 RBX: ffff888045205018 RCX: ffffc90006437000 [ 119.581532] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 119.582546] RBP: 0000000015ed4300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 119.583568] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 119.584579] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044f38800 [ 119.585602] FS: 00007efee6ef1700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.586759] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.587595] CR2: 00007fff22f9dda8 CR3: 0000000044f2e000 CR4: 0000000000350ef0 [ 119.588608] Kernel panic - not syncing: Fatal exception in interrupt [ 119.589793] Kernel Offset: disabled [ 119.590318] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:41:53 Registers: info registers vcpu 0 RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047d26d48 R8 =0000000000000000 R9 =ffffed10016d6046 R10=0000000000000000 R11=3034323178304952 R12=0000000000000005 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f859a7d9700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cf28000 CR3=000000001c7a3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000004e46bc421c RBX=0000000000000000 RCX=00000000000006e0 RDX=000000000000004e RSI=ffff88806cf238c0 RDI=000000000002b8f7 RBP=ffff88806cf238c0 RSP=ffff88806cf08ed8 R8 =0000000000000001 R9 =0000000000000000 R10=000000000007cb13 R11=00000000000211d1 R12=000000000002b8f7 R13=0000000000000000 R14=0000000000000000 R15=ffff88806cf28080 RIP=ffffffff81327f55 RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f88ab7988c0 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000000000e CR3=000000000e524000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffff0000000000000000 XMM02=00000000736563697665642f7379732f XMM03=00000000000000006c6175747269762f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055f5f32381d0000055f5f325d7c0 XMM06=000055f5f320f2400000000200000003 XMM07=00000000000000000000000000000000 XMM08=6e753c007325732575253a5d73255b00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000