Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:5012' (ECDSA) to the list of known hosts. 2025/09/01 11:20:07 fuzzer started 2025/09/01 11:20:08 dialing manager at localhost:35473 syzkaller login: [ 44.197128] cgroup: Unknown subsys name 'net' [ 44.266193] cgroup: Unknown subsys name 'cpuset' [ 44.281857] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:20:17 syscalls: 2214 2025/09/01 11:20:17 code coverage: enabled 2025/09/01 11:20:17 comparison tracing: enabled 2025/09/01 11:20:17 extra coverage: enabled 2025/09/01 11:20:17 setuid sandbox: enabled 2025/09/01 11:20:17 namespace sandbox: enabled 2025/09/01 11:20:17 Android sandbox: enabled 2025/09/01 11:20:17 fault injection: enabled 2025/09/01 11:20:17 leak checking: enabled 2025/09/01 11:20:17 net packet injection: enabled 2025/09/01 11:20:17 net device setup: enabled 2025/09/01 11:20:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:20:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:20:17 USB emulation: enabled 2025/09/01 11:20:17 hci packet injection: enabled 2025/09/01 11:20:17 wifi device emulation: enabled 2025/09/01 11:20:17 802.15.4 emulation: enabled 2025/09/01 11:20:17 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:20:18 fetching corpus: 46, signal 20802/24344 (executing program) 2025/09/01 11:20:18 fetching corpus: 96, signal 29520/34573 (executing program) 2025/09/01 11:20:18 fetching corpus: 146, signal 36376/42852 (executing program) 2025/09/01 11:20:18 fetching corpus: 196, signal 43131/50858 (executing program) 2025/09/01 11:20:18 fetching corpus: 246, signal 49108/57970 (executing program) 2025/09/01 11:20:18 fetching corpus: 296, signal 52884/62973 (executing program) 2025/09/01 11:20:18 fetching corpus: 346, signal 54992/66337 (executing program) 2025/09/01 11:20:18 fetching corpus: 396, signal 60622/72848 (executing program) 2025/09/01 11:20:18 fetching corpus: 446, signal 67917/80703 (executing program) 2025/09/01 11:20:18 fetching corpus: 496, signal 70720/84416 (executing program) 2025/09/01 11:20:18 fetching corpus: 546, signal 74661/89150 (executing program) 2025/09/01 11:20:18 fetching corpus: 596, signal 77715/92997 (executing program) 2025/09/01 11:20:19 fetching corpus: 646, signal 80123/96229 (executing program) 2025/09/01 11:20:19 fetching corpus: 696, signal 82358/99270 (executing program) 2025/09/01 11:20:19 fetching corpus: 746, signal 84785/102447 (executing program) 2025/09/01 11:20:19 fetching corpus: 796, signal 86181/104681 (executing program) 2025/09/01 11:20:19 fetching corpus: 846, signal 90360/109121 (executing program) 2025/09/01 11:20:19 fetching corpus: 896, signal 91972/111459 (executing program) 2025/09/01 11:20:19 fetching corpus: 946, signal 93698/113866 (executing program) 2025/09/01 11:20:19 fetching corpus: 996, signal 95889/116541 (executing program) 2025/09/01 11:20:19 fetching corpus: 1046, signal 97180/118508 (executing program) 2025/09/01 11:20:19 fetching corpus: 1096, signal 99419/121176 (executing program) 2025/09/01 11:20:19 fetching corpus: 1146, signal 100875/123241 (executing program) 2025/09/01 11:20:20 fetching corpus: 1196, signal 102314/125226 (executing program) 2025/09/01 11:20:20 fetching corpus: 1246, signal 103938/127344 (executing program) 2025/09/01 11:20:20 fetching corpus: 1296, signal 105460/129351 (executing program) 2025/09/01 11:20:20 fetching corpus: 1346, signal 106836/131185 (executing program) 2025/09/01 11:20:20 fetching corpus: 1396, signal 107712/132615 (executing program) 2025/09/01 11:20:20 fetching corpus: 1446, signal 109323/134580 (executing program) 2025/09/01 11:20:20 fetching corpus: 1496, signal 111057/136611 (executing program) 2025/09/01 11:20:20 fetching corpus: 1546, signal 112075/138122 (executing program) 2025/09/01 11:20:20 fetching corpus: 1596, signal 113040/139562 (executing program) 2025/09/01 11:20:20 fetching corpus: 1646, signal 113964/140953 (executing program) 2025/09/01 11:20:20 fetching corpus: 1696, signal 114660/142193 (executing program) 2025/09/01 11:20:21 fetching corpus: 1746, signal 115662/143596 (executing program) 2025/09/01 11:20:21 fetching corpus: 1796, signal 117119/145289 (executing program) 2025/09/01 11:20:21 fetching corpus: 1846, signal 118262/146767 (executing program) 2025/09/01 11:20:21 fetching corpus: 1896, signal 119137/148053 (executing program) 2025/09/01 11:20:21 fetching corpus: 1946, signal 120152/149392 (executing program) 2025/09/01 11:20:21 fetching corpus: 1996, signal 120963/150623 (executing program) 2025/09/01 11:20:21 fetching corpus: 2046, signal 122192/152097 (executing program) 2025/09/01 11:20:21 fetching corpus: 2096, signal 123098/153298 (executing program) 2025/09/01 11:20:21 fetching corpus: 2146, signal 123770/154359 (executing program) 2025/09/01 11:20:21 fetching corpus: 2196, signal 124442/155401 (executing program) 2025/09/01 11:20:22 fetching corpus: 2246, signal 125327/156575 (executing program) 2025/09/01 11:20:22 fetching corpus: 2296, signal 126146/157681 (executing program) 2025/09/01 11:20:22 fetching corpus: 2346, signal 127201/158867 (executing program) 2025/09/01 11:20:22 fetching corpus: 2396, signal 128082/159970 (executing program) 2025/09/01 11:20:22 fetching corpus: 2446, signal 128606/160894 (executing program) 2025/09/01 11:20:22 fetching corpus: 2496, signal 129421/161935 (executing program) 2025/09/01 11:20:22 fetching corpus: 2546, signal 130342/162987 (executing program) 2025/09/01 11:20:22 fetching corpus: 2596, signal 131012/163919 (executing program) 2025/09/01 11:20:22 fetching corpus: 2646, signal 132188/165045 (executing program) 2025/09/01 11:20:22 fetching corpus: 2696, signal 132953/165972 (executing program) 2025/09/01 11:20:22 fetching corpus: 2746, signal 133961/167021 (executing program) 2025/09/01 11:20:23 fetching corpus: 2796, signal 134704/167874 (executing program) 2025/09/01 11:20:23 fetching corpus: 2846, signal 135360/168721 (executing program) 2025/09/01 11:20:23 fetching corpus: 2896, signal 136573/169807 (executing program) 2025/09/01 11:20:23 fetching corpus: 2946, signal 137251/170627 (executing program) 2025/09/01 11:20:23 fetching corpus: 2996, signal 137808/171400 (executing program) 2025/09/01 11:20:23 fetching corpus: 3046, signal 138738/172292 (executing program) 2025/09/01 11:20:23 fetching corpus: 3096, signal 139244/172989 (executing program) 2025/09/01 11:20:23 fetching corpus: 3146, signal 140109/173791 (executing program) 2025/09/01 11:20:23 fetching corpus: 3196, signal 141081/174564 (executing program) 2025/09/01 11:20:23 fetching corpus: 3246, signal 141521/175224 (executing program) 2025/09/01 11:20:23 fetching corpus: 3296, signal 141927/175880 (executing program) 2025/09/01 11:20:23 fetching corpus: 3346, signal 142642/176599 (executing program) 2025/09/01 11:20:24 fetching corpus: 3396, signal 143219/177262 (executing program) 2025/09/01 11:20:24 fetching corpus: 3446, signal 143878/177920 (executing program) 2025/09/01 11:20:24 fetching corpus: 3496, signal 144556/178616 (executing program) 2025/09/01 11:20:24 fetching corpus: 3546, signal 145096/179201 (executing program) 2025/09/01 11:20:24 fetching corpus: 3596, signal 145627/179739 (executing program) 2025/09/01 11:20:24 fetching corpus: 3646, signal 146398/180369 (executing program) 2025/09/01 11:20:24 fetching corpus: 3696, signal 147088/181014 (executing program) 2025/09/01 11:20:24 fetching corpus: 3746, signal 147638/181561 (executing program) 2025/09/01 11:20:24 fetching corpus: 3796, signal 148067/182084 (executing program) 2025/09/01 11:20:24 fetching corpus: 3846, signal 149236/182688 (executing program) 2025/09/01 11:20:24 fetching corpus: 3896, signal 149675/183215 (executing program) 2025/09/01 11:20:24 fetching corpus: 3946, signal 150263/183748 (executing program) 2025/09/01 11:20:25 fetching corpus: 3996, signal 151022/184347 (executing program) 2025/09/01 11:20:25 fetching corpus: 4046, signal 151513/184808 (executing program) 2025/09/01 11:20:25 fetching corpus: 4096, signal 151966/185283 (executing program) 2025/09/01 11:20:25 fetching corpus: 4146, signal 152451/185741 (executing program) 2025/09/01 11:20:25 fetching corpus: 4196, signal 153041/186210 (executing program) 2025/09/01 11:20:25 fetching corpus: 4246, signal 153424/186628 (executing program) 2025/09/01 11:20:25 fetching corpus: 4296, signal 153817/187055 (executing program) 2025/09/01 11:20:25 fetching corpus: 4346, signal 154482/187497 (executing program) 2025/09/01 11:20:25 fetching corpus: 4396, signal 155210/187914 (executing program) 2025/09/01 11:20:25 fetching corpus: 4446, signal 155693/188302 (executing program) 2025/09/01 11:20:25 fetching corpus: 4496, signal 156333/188725 (executing program) 2025/09/01 11:20:26 fetching corpus: 4546, signal 156787/189095 (executing program) 2025/09/01 11:20:26 fetching corpus: 4596, signal 157514/189527 (executing program) 2025/09/01 11:20:26 fetching corpus: 4646, signal 157895/189653 (executing program) 2025/09/01 11:20:26 fetching corpus: 4696, signal 158321/189653 (executing program) 2025/09/01 11:20:26 fetching corpus: 4746, signal 158661/189661 (executing program) 2025/09/01 11:20:26 fetching corpus: 4796, signal 158958/189698 (executing program) 2025/09/01 11:20:26 fetching corpus: 4846, signal 159356/189701 (executing program) 2025/09/01 11:20:26 fetching corpus: 4896, signal 159749/189705 (executing program) 2025/09/01 11:20:26 fetching corpus: 4946, signal 160447/189706 (executing program) 2025/09/01 11:20:26 fetching corpus: 4996, signal 160739/189709 (executing program) 2025/09/01 11:20:26 fetching corpus: 5046, signal 161206/189720 (executing program) 2025/09/01 11:20:26 fetching corpus: 5096, signal 161579/189726 (executing program) 2025/09/01 11:20:27 fetching corpus: 5146, signal 162107/189737 (executing program) 2025/09/01 11:20:27 fetching corpus: 5196, signal 162389/189741 (executing program) 2025/09/01 11:20:27 fetching corpus: 5246, signal 162830/189743 (executing program) 2025/09/01 11:20:27 fetching corpus: 5296, signal 163211/189750 (executing program) 2025/09/01 11:20:27 fetching corpus: 5346, signal 163542/189752 (executing program) 2025/09/01 11:20:27 fetching corpus: 5396, signal 163961/189761 (executing program) 2025/09/01 11:20:27 fetching corpus: 5446, signal 164417/189762 (executing program) 2025/09/01 11:20:27 fetching corpus: 5496, signal 164843/189762 (executing program) 2025/09/01 11:20:27 fetching corpus: 5546, signal 165155/189766 (executing program) 2025/09/01 11:20:27 fetching corpus: 5596, signal 165450/189775 (executing program) 2025/09/01 11:20:27 fetching corpus: 5646, signal 165803/189777 (executing program) 2025/09/01 11:20:27 fetching corpus: 5696, signal 166424/189781 (executing program) 2025/09/01 11:20:27 fetching corpus: 5746, signal 167317/189811 (executing program) 2025/09/01 11:20:28 fetching corpus: 5796, signal 167696/189850 (executing program) 2025/09/01 11:20:28 fetching corpus: 5846, signal 168009/189852 (executing program) 2025/09/01 11:20:28 fetching corpus: 5896, signal 168209/189861 (executing program) 2025/09/01 11:20:28 fetching corpus: 5946, signal 168457/189870 (executing program) 2025/09/01 11:20:28 fetching corpus: 5996, signal 168746/189882 (executing program) 2025/09/01 11:20:28 fetching corpus: 6046, signal 169153/189890 (executing program) 2025/09/01 11:20:28 fetching corpus: 6096, signal 169834/189892 (executing program) 2025/09/01 11:20:28 fetching corpus: 6146, signal 170261/189897 (executing program) 2025/09/01 11:20:28 fetching corpus: 6196, signal 170922/189948 (executing program) 2025/09/01 11:20:28 fetching corpus: 6246, signal 171227/189958 (executing program) 2025/09/01 11:20:28 fetching corpus: 6296, signal 171577/189963 (executing program) 2025/09/01 11:20:28 fetching corpus: 6346, signal 172112/189969 (executing program) 2025/09/01 11:20:29 fetching corpus: 6395, signal 172632/190076 (executing program) 2025/09/01 11:20:29 fetching corpus: 6445, signal 173016/190099 (executing program) 2025/09/01 11:20:29 fetching corpus: 6495, signal 173333/190105 (executing program) 2025/09/01 11:20:29 fetching corpus: 6545, signal 173832/190109 (executing program) 2025/09/01 11:20:29 fetching corpus: 6595, signal 174124/190140 (executing program) 2025/09/01 11:20:29 fetching corpus: 6645, signal 174436/190141 (executing program) 2025/09/01 11:20:29 fetching corpus: 6695, signal 174808/190158 (executing program) 2025/09/01 11:20:29 fetching corpus: 6745, signal 175202/190161 (executing program) 2025/09/01 11:20:29 fetching corpus: 6795, signal 175631/190175 (executing program) 2025/09/01 11:20:29 fetching corpus: 6845, signal 176006/190181 (executing program) 2025/09/01 11:20:29 fetching corpus: 6895, signal 176239/190197 (executing program) 2025/09/01 11:20:29 fetching corpus: 6945, signal 176492/190210 (executing program) 2025/09/01 11:20:30 fetching corpus: 6995, signal 176929/190212 (executing program) 2025/09/01 11:20:30 fetching corpus: 7045, signal 177272/190248 (executing program) 2025/09/01 11:20:30 fetching corpus: 7095, signal 177654/190250 (executing program) 2025/09/01 11:20:30 fetching corpus: 7145, signal 177927/190255 (executing program) 2025/09/01 11:20:30 fetching corpus: 7195, signal 178670/190263 (executing program) 2025/09/01 11:20:30 fetching corpus: 7245, signal 178908/190264 (executing program) 2025/09/01 11:20:30 fetching corpus: 7295, signal 179303/190268 (executing program) 2025/09/01 11:20:30 fetching corpus: 7345, signal 179599/190273 (executing program) 2025/09/01 11:20:30 fetching corpus: 7395, signal 179904/190278 (executing program) 2025/09/01 11:20:30 fetching corpus: 7445, signal 180152/190278 (executing program) 2025/09/01 11:20:31 fetching corpus: 7495, signal 180449/190280 (executing program) 2025/09/01 11:20:31 fetching corpus: 7545, signal 180709/190281 (executing program) 2025/09/01 11:20:31 fetching corpus: 7595, signal 180954/190297 (executing program) 2025/09/01 11:20:31 fetching corpus: 7645, signal 181165/190308 (executing program) 2025/09/01 11:20:31 fetching corpus: 7695, signal 181439/190314 (executing program) 2025/09/01 11:20:31 fetching corpus: 7745, signal 181824/190326 (executing program) 2025/09/01 11:20:31 fetching corpus: 7795, signal 182134/190331 (executing program) 2025/09/01 11:20:31 fetching corpus: 7845, signal 182478/190336 (executing program) 2025/09/01 11:20:31 fetching corpus: 7895, signal 182824/190345 (executing program) 2025/09/01 11:20:31 fetching corpus: 7945, signal 183197/190353 (executing program) 2025/09/01 11:20:31 fetching corpus: 7995, signal 183510/190356 (executing program) 2025/09/01 11:20:32 fetching corpus: 8045, signal 183842/190361 (executing program) 2025/09/01 11:20:32 fetching corpus: 8095, signal 184103/190366 (executing program) 2025/09/01 11:20:32 fetching corpus: 8145, signal 185716/190374 (executing program) 2025/09/01 11:20:32 fetching corpus: 8195, signal 185989/190376 (executing program) 2025/09/01 11:20:32 fetching corpus: 8245, signal 186327/190377 (executing program) 2025/09/01 11:20:32 fetching corpus: 8295, signal 186648/190392 (executing program) 2025/09/01 11:20:32 fetching corpus: 8345, signal 187119/190416 (executing program) 2025/09/01 11:20:32 fetching corpus: 8395, signal 187466/190418 (executing program) 2025/09/01 11:20:32 fetching corpus: 8445, signal 187649/190419 (executing program) 2025/09/01 11:20:32 fetching corpus: 8445, signal 187649/190419 (executing program) 2025/09/01 11:20:34 starting 8 fuzzer processes 11:20:34 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, 0x0) 11:20:34 executing program 1: keyctl$read(0xa, 0x0, &(0x7f0000000c00)=""/246, 0xf6) 11:20:34 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) iopl(0x3) 11:20:34 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, &(0x7f0000000100)) [ 70.386981] audit: type=1400 audit(1756725634.546:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:20:34 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000)) 11:20:34 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) 11:20:34 executing program 5: r0 = io_uring_setup(0x5fff, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 11:20:34 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) nanosleep(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000280)) rt_sigtimedwait(&(0x7f00000001c0), 0x0, 0x0, 0x8) [ 71.594659] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.599218] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.601656] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.604858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.608227] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.610574] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.616413] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.618163] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.622084] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.624541] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.717524] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.723794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.725927] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.729797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.731957] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.760090] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.761903] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.765153] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.770111] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.771730] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.776566] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.777732] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.778931] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.782496] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.786567] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.788712] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.790534] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.793898] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.794017] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.802401] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.810411] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.812613] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.820104] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.822386] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.823950] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.851006] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.855053] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.857789] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.896263] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.902140] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.687904] Bluetooth: hci0: command tx timeout [ 73.688815] Bluetooth: hci1: command tx timeout [ 73.752378] Bluetooth: hci2: command tx timeout [ 73.879416] Bluetooth: hci5: command tx timeout [ 73.879934] Bluetooth: hci4: command tx timeout [ 73.880687] Bluetooth: hci6: command tx timeout [ 73.881122] Bluetooth: hci3: command tx timeout [ 74.007484] Bluetooth: hci7: command tx timeout [ 75.735417] Bluetooth: hci1: command tx timeout [ 75.735560] Bluetooth: hci0: command tx timeout [ 75.799451] Bluetooth: hci2: command tx timeout [ 75.927393] Bluetooth: hci3: command tx timeout [ 75.927571] Bluetooth: hci6: command tx timeout [ 75.927831] Bluetooth: hci4: command tx timeout [ 75.928731] Bluetooth: hci5: command tx timeout [ 76.055381] Bluetooth: hci7: command tx timeout [ 77.783361] Bluetooth: hci0: command tx timeout [ 77.783804] Bluetooth: hci1: command tx timeout [ 77.847422] Bluetooth: hci2: command tx timeout [ 77.975477] Bluetooth: hci6: command tx timeout [ 77.975886] Bluetooth: hci5: command tx timeout [ 77.976268] Bluetooth: hci3: command tx timeout [ 77.977394] Bluetooth: hci4: command tx timeout [ 78.103453] Bluetooth: hci7: command tx timeout [ 79.832354] Bluetooth: hci1: command tx timeout [ 79.832803] Bluetooth: hci0: command tx timeout [ 79.895349] Bluetooth: hci2: command tx timeout [ 80.023399] Bluetooth: hci4: command tx timeout [ 80.025331] Bluetooth: hci3: command tx timeout [ 80.025721] Bluetooth: hci5: command tx timeout [ 80.026103] Bluetooth: hci6: command tx timeout [ 80.151357] Bluetooth: hci7: command tx timeout [ 109.095440] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.096084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.270274] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.270899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:14 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) [ 110.118108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.118806] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:14 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) 11:21:14 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) [ 110.287436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.288031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:14 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) 11:21:14 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) [ 110.750779] audit: type=1400 audit(1756725674.901:8): avc: denied { open } for pid=3749 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.764752] audit: type=1400 audit(1756725674.901:9): avc: denied { kernel } for pid=3749 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:21:14 executing program 4: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f0000000280)="0fa1ef837cdc69f9724030b98d007e16dd33fc3ff52b92e803e3ff13f6442ba769f6c9c8e7fb10094148206c2d6e9dd5b49f7693b54e1fa8411aa98cc9353518cdd9085c4a2e3f65079657c5a37a132664c29305f79f8ecbcd59365f39bae789706a65f922eeb50fad942eca76af0c2c9599b1a72f235193019de6166d1de79a22c98260091d86c5d1f12a8e6d905c301d", 0x91}], 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0x36}], 0x1}}], 0x1, 0x0) 11:21:15 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x80000}], 0x1, 0x1000, 0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 11:21:15 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x80000}], 0x1, 0x1000, 0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 111.592926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.593750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.806354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.806986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.952483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.953106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.066269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.067209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.100635] random: crng reseeded on system resumption [ 112.107965] random: crng reseeded on system resumption [ 112.158469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.159065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.178112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.179825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.931084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.931783] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.970963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.971584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.006621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.007240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.045787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.046390] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.076176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.076790] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.121811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.122556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:17 executing program 0: syz_emit_ethernet(0x8a, &(0x7f0000000280)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, {[@sack={0x5, 0x2a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @mss={0x2, 0x4}, @sack={0x5, 0xa, [0x0, 0x0]}, @eol, @exp_fastopen={0xfe, 0x14, 0xf989, "693eac2f92176761115a9413fec6e056"}, @mss={0x2, 0x4}]}}}}}}}, 0x0) 11:21:17 executing program 5: r0 = io_uring_setup(0x5fff, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 11:21:17 executing program 2: setresgid(0xee01, 0xee01, 0xee01) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000b00), 0x28, 0x0) 11:21:17 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="90aa43646add8f24879febf43971599392c04daafaad102be80336f0e66d6b50c80194fa4e4fc47d60a22ebc1c1569b7002c593c6457ff7b53fc273d96a33cb4b7df85cf5d05b532121d741dabf3ea03d1c04c7fafd72f197c7603c170c42e5214c75a6c9b764010e264b853d8473e1d8f714af53384b1039da9d437fdb18bbf6712e9dc97301ce66f5c0c7fc0f508352ce55c5228c2e5e0de035ebd", 0x9c}, {&(0x7f0000000180)="8614d7bce96c5ebeeb30ac8f0b9bcaf1bb5950729c899a5ff877e0b6405b6ce79bbca3c5e364a90736a6fd778144", 0x2e}, {&(0x7f0000000200)="dfecf8cd45f23a3b4424d2696a5b8393b28a5f4816cb98dbd2ec0486f9bb6556226ba709e25087eedb29e95374b95339779df356fbb26b8899a541358a29497c3892e8e208a49b751c442a7590639b0cd21dc4e8058278480b71a277ad6ce99caf8b61b4d3133ec7290109a02d56ad3b89f88e1455410fe4b10e4e9deee8557f7636ebbc1817358ba584d856e3ffabd717", 0x91}, {&(0x7f00000002c0)="bbed49d6c172cc5d8e39568f7213f073bd2005221f8354f31d84a8844904e95d005dc342c2061a0e833563cadbe5867f1d1fc32c7751876c", 0x38}, {&(0x7f0000000300)="a316b9bad8f289a625d558960d76d9e71010c97844c5e7dc12eb0b0e696ff62c6c73570cf8948b95f13c7c088001c8a5f6a4c3b327f2c33eee736feaa1f803f8abc8c009c8a7058290aa1f70c253d74c658a1bfb61f71bf4d73d6f35221162ae9ea153159dc06144bb08ec332d", 0x6d}, {&(0x7f0000000380)="2209074c5d1357bcf0312026f82569b03def14e70df4e753bd9866fdc8c1d803975f7df0e92843203f4ec2d1427eb8cef2d0c74113b436cd0ca99186c2db2362c6e491e2c6a0587a4e01f7abeb2d982bbaea53c51043b70329c516de6be8a34d56d1c4522621bf243abd2ede1c258fcd51dec2d86dd35f4e", 0x78}], 0x6}}, {{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000680)="3fd3cde59cf5204e2a7dd0bac322a24c4cdc1e9492b422d87e28e5f2716a770a4cda179e252f9a1b1525c6d1f12106b4a4be1ddfd4d000ef84cb67e52f927863174d04babdb1f6957d0a512b5e7d96469fee412b3a654f88a26141de88ceb8cb006b232d94e3ba1132cbac7bd46f049b162b58bab07294b86ea17f10d4698f416752c73077353f20074527ab7193f7b5db7763fb94a2bb07adbf15620d31ee13390f91451326ee56d7e029334a3dc05a6105b14f7d494f6d8894c38d972e0d649e3440beaa916499553140bc5613c6d370f5e7e4ca756c4f07c001f503a3672f8545d38951f0d69fec91bc43232499bdcd13e7a8675d05fe6fdfcb8213be98a4ef5252ad5740e673d3fb9155600956337c8ea4b707a08cb85c0ecf8e3bda062ada1e342981fa8a5935967a4b47eafe0150c99004b476af97d5fbdddc14e192e543b47e1f5331f49660c94c36f9372836a04b6a488aabbb2f60b67d13c9c48ed9ad190f31de2e6ef2448a6f1c0aa8ad814e996c681f0a89fcea0132dbafeee319445e439e6268cdd2260e9a676f51bf804736701a5e6aca4bfba38dab83415c1f12a49ee9c72ba0e3e19cbcad345253c15cc8a370abb31e279906cc501e703295b7c7c927fae2de63a55cd8dc436904a797e338d645712212345266b48024291b5f0d49238aaa8ee4ea955a73a0b30d25d7b6eccb870e12e8d02730decec356ba2e2b8637f4c302f4bb19c0024cce48613b1cffa0bc8da770715bbe4067f60e61f9c9eda9fa7101f1a2cb15512827a1972557b4b0fed05cbc197d77196aaa706883d32419d153e321957080d137cbdb1b218d3d6924c59ff44d0e548923e4a968096e30073eaaf9e6ac317141366b11dab5cbaea1e50006ed1a2a7de08682b2fa5b66389197ba259e22b0d324fcb5a388d7623e176f6258519d8ef4caf9e8b5d7ce4cf02ecb54ff48554dcfec281a87fc0e54d0d84f16b44244227a447ced1d532c80f6385465c450f24582a0c0230b48c0108179998f9a4d04246dad45d3ab6bf95f14b00c859129585bfdd84878da0593c209ddc646b13ca3fff868a58fc6463469fbfff17564e9c8f95b7a1c8e1eb8c0df7b038043308b897fa757305a33e6967bdaa9312126fca2b11815532ec97f56e1aeb81f67c109b1a3c119f48f5726ddf8e105a0d46f484ed5c09a3d03683d7b6b7b8b77d651520161f29490d06fca6e733a95aa0b3873f0df64b4927a1825f6ae2538a8ca6256f57bc0ad1b3d96ebf9eaf5309c705a3c839575c4cb858303c4eb6aec084751fb99ff8de7058e9be63c5581914964f9b91beac4ed01221f562239947ada878360ffd36198b1b7f334161d85ae07be09f9cdb43e85ec2a6e6ced98e81542de62ae522420318fa43c50a704afe4e26761c15b9f8cdcfe0454f2a26a79721ad7d08ccde6068119a597eca931abd009672992d860ad2cbaf950230fd8d9a6b20f9cfef0954a7aeb4e23d67f890775e55fa7d5e7625beac13401cac9ce521f1b53345b4f086699397c4a288d9f053863ad4bab9e0c1762cd02b42edcc9c46814b2bc40707eb48f5e94be966902a26f4e7acb0d6cc1633f63d831aae76e14f722517baacfaf1fccaaa1db11eee45820a9aabb05220bcce8d4bdd4bb43ad9af400f92c73b9fbaee06f3ced07d6e8053c3feb68e76c1ad1c5b2e1aabd7479bfa557e95946c86f74e8d2ab8b29c45240d325d36e309171159704c292a900c4bf6baf0dab23244a95c5079f25c9d2252a80d0687d845f25491de7322c14b2e51c1f473bb9ff504f6a86c5b4db223e939845c7191f26da9cd22f9ba1a1a541790afbe7bdaa6eb453a42919d84c7ca305102e0c76608e4372350a9df797e4e60103a10480acacfa540fa1be6ca0fa29dd7e5ea5ac7d8cb64de0ae111382ddea977dcb7f15e9efaa9675bcf19348e897d8c8b5de799c853accf9d11e7d4c7f76e40523b37f05558c1319949996bfc826c1174518494e1e5ce7c473fb742132f39c9d77876ab36da8e324c1772ce3b1b424b33bc870417b497a96ebe4d879697252747d13913e69485fae619522ac1931af0f69b0905c49262c230762ead081d7ea8ae89d882963ab511e30d49aae8b94f6f45bdc09492fb9990f614a8ba3e9b53d1232c721641784ec0c4fac831968693477658340f4d4e9143d6ca9e40afe5cd30e72cd4b791efa3b3483e78fd6b8c2c62811b9f0b77722f3d9915488443a158c1b530c6f25b2b364a4c5aeda473ee896e5e6096641084c87310ea5125f4365a350993575394a72bdcffa54a8002b0f96688633a8a8c24f58c330b641b758c0717f7ac57b778c1a8446e4204153cc097d59eb825a55edb7e8fedac99a60899679e132994ca49e26c280fef0459dafd1f8d50024d316527ac045f1c32b5ac07b788dc7ee85b1b2f9fd09f57fa36ee36b15c2c3f7df9eab2bac9e113ac7cd938745a631bb2c3a2cf946f9cea93dfcbf66300b3492598d4b6e7839f3eda956f2382eeaf554097d022a677a7f9d38927ad2ba7a511e3009d03156b1bf3057408de228dace4edd87bc445dfd0f17340dcf509ca633463b7b0b8f0fd239457938d67c8132d81e6514dbc2b8b9e130795217603f0cebbb89f484d7fd818cf8daeefa2404b52c21c2659158b60df6c281359dd6fde917b2559c13e744ed6b9bf54d41a519924f44dd165d16f482dd0802be5b5dd19f8cf1250abbff4f8ee4dcb7263ace0c1f5e6c2e075042c689bc476a958a6715d886df16d95beb07719211722388464ec355160ec2c0e9f07d37850c14f298432e6c408a0aeb7ef2ce2772cc22e5c771387642fc342abe444137a8f98ff3559f8abf7b094a9613bdbaf442cb6fef5c04a7929f46c6362f9239b11fd15b0a16ec6ab3659684c67cc1535f5717a105cc47378de25d995130e0b746e2dd70713cf1928b5fab26ade968655ffae8b5e5b9db8544bc709e275dae40a7d4f404cccc71dd0ee26894ce75d219036cd46207547271d30d20a07870e44c2d0f1143572f9c69396d15974ea69523b6dacc7f9171e470b6622c74964e1bc8d4fa71ae0f08cd2b4b40fb553950ef85d6654c3dd3e77824abfb16d7be1fa4153dbe24f60ed1b4f328c4ad3753d773d42fcea6adfa2eb7ae0efc18614c18bb01c53a129e321eafd5f7fdbed11219ac2033793c64d56318bef3e7b7172470c5d7ee69c6992b63215dbad197eaeb13bc1e0bd20882266d36d2240c1fa7715994bbaa39df7a41e73205cc66b59841f77584fcdc7991d682a4b4583816497dc386b6d202c6fa0d1b8f0a2f6d8008c5fecef2f20daf70f8b6e3234db799d720f4e2360e9df6a81c15c40f189d4abc0c9f97a12d512ae63dfbb76631175f6abf35ef51b63cff4e35c2cfc38f0416f0d2ce21a47d84509f2580096bb816f4d2dcaca3a53beae89bd02d1818b6f1de3804a521550e4d32482a913aa64ab155d717f109d0b64fb7649d13f464e035f09aafbba1300d18ad1e1b1287e114eb293f8f09e56a96b1034483f717cf6163982b489005269dbb8753434cb0ff1ad4141be7069b8a28363898c1a602a4af19f2731774ffa9b3a68f016738827fc9e9d8e72cb29d7965756793e93b45bdb23be57a9379cb26cd1d5d68c190ab871bda2876823174ad0a09f16b2a1ab011f4e34302c87092ae299f25abc17f53054d2ba1abc60940069aec9da3c59841a29e560230eaddaed679d90de60421bc57af5e6481eb9fd948c1ffac35fd29666accc89c26e781884fa8cdde041b7cfa5da6ed9e6821b28668865af5c2dc171294ca633da2bc441103a023a0cd55acb35dd527900595b2e5c9290252ff159c6e4988b245234cea0b0d3d8ab2bfb80f84c87100d6680b9307ce401f5b044eb77cc04e2a8378e6252d9c45633195b56868cd328ed72e7a6459da200f69975b1178fc40152a4d6cd78b71f075730b7f3acbaea0c6f1b092bb893c68d79d9dd21b2bab4477212bbfa086cd480c2361c2a1ea53b9ca9d31934e7a9160dfbb8f867066a285d9ac3b8f2e51a726476dc6ce42d8a4f9acfa68728d478117ef38500ee2dd0ed6e4158dbf83284bd9a36fc310fc6b66aebdfe73897f99591059544ecd372688bd64f7a6786124d6253a9083b8a2ddbea3e2121aea6e375b516fc7ec1fab8629ca27f56367f0a5797635cbee79bf3a5f4c633b5d969e7b20a096ccbde21abccbfb1fe39ca42c54131a54e98ffbcc03a061e81d05593c3bc14a3cd8e78188d314cc88f1a8372d", 0xbc9}], 0x1}}], 0x2, 0x0) close(r0) 11:21:17 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x80000}], 0x1, 0x1000, 0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 11:21:17 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000)) 11:21:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x1) 11:21:17 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, &(0x7f0000000100)) [ 113.329036] random: crng reseeded on system resumption 11:21:17 executing program 0: madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x66) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8) 11:21:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73663a186000088001000440000004f801002000400003000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1800}, {&(0x7f0000010400)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x2000}, {&(0x7f0000010500)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100037e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200037e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200037e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200037e970325132510000e9703251070064000000", 0x120, 0x2800}, {&(0x7f0000010700)="2e20202020202020202020100037e970325132510000e97032510300000000002e2e202020202020202020100037e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200037e970325132510000e970325104001a040000", 0x80, 0x43000}, {&(0x7f0000010800)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x83000}, {&(0x7f0000010d00)='syzkallers\x00'/32, 0x20, 0xc3000}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x143000}], 0x0, &(0x7f0000010f00)) 11:21:17 executing program 5: r0 = io_uring_setup(0x5fff, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 11:21:17 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_trace', 0x0, 0x0) pread64(r0, &(0x7f0000000000)=""/42, 0x2a, 0x0) 11:21:17 executing program 2: timer_create(0x1, &(0x7f00000001c0)={0x0, 0xb, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x77359400}, {0x0, 0x989680}}, 0x0) 11:21:17 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000)) 11:21:17 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, &(0x7f0000000100)) 11:21:17 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x80000}], 0x1, 0x1000, 0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 113.545726] random: crng reseeded on system resumption [ 113.549464] loop1: detected capacity change from 0 to 5168 11:21:17 executing program 0: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) fremovexattr(r0, &(0x7f0000000080)=@random={'security.', '\x00'}) 11:21:17 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) read(r0, 0x0, 0x0) [ 113.581144] kmemleak: Found object by alias at 0x607f1a63e30c [ 113.581169] CPU: 0 UID: 0 PID: 3945 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.581188] Tainted: [W]=WARN [ 113.581192] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.581199] Call Trace: [ 113.581203] [ 113.581208] dump_stack_lvl+0xca/0x120 [ 113.581239] __lookup_object+0x94/0xb0 [ 113.581257] delete_object_full+0x27/0x70 [ 113.581274] free_percpu+0x30/0x1160 [ 113.581292] ? arch_uprobe_clear_state+0x16/0x140 [ 113.581313] futex_hash_free+0x38/0xc0 [ 113.581328] mmput+0x2d3/0x390 [ 113.581347] do_exit+0x79d/0x2970 [ 113.581361] ? signal_wake_up_state+0x85/0x120 [ 113.581378] ? zap_other_threads+0x2b9/0x3a0 [ 113.581394] ? __pfx_do_exit+0x10/0x10 [ 113.581407] ? do_group_exit+0x1c3/0x2a0 [ 113.581421] ? lock_release+0xc8/0x290 [ 113.581439] do_group_exit+0xd3/0x2a0 [ 113.581454] __x64_sys_exit_group+0x3e/0x50 [ 113.581468] x64_sys_call+0x18c5/0x18d0 [ 113.581485] do_syscall_64+0xbf/0x360 [ 113.581499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.581511] RIP: 0033:0x7f888ece4b19 [ 113.581520] Code: Unable to access opcode bytes at 0x7f888ece4aef. [ 113.581525] RSP: 002b:00007ffeaab149b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 113.581537] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f888ece4b19 [ 113.581545] RDX: 00007f888ec9772b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 113.581553] RBP: 0000000000000000 R08: 0000001b2d622e70 R09: 0000000000000000 [ 113.581560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.581567] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffeaab14aa0 [ 113.581583] [ 113.581587] kmemleak: Object (percpu) 0x607f1a63e308 (size 8): [ 113.581594] kmemleak: comm "syz-executor.1", pid 3946, jiffies 4294780405 [ 113.581601] kmemleak: min_count = 1 [ 113.581605] kmemleak: count = 0 [ 113.581609] kmemleak: flags = 0x21 [ 113.581613] kmemleak: checksum = 0 [ 113.581617] kmemleak: backtrace: [ 113.581621] pcpu_alloc_noprof+0x87a/0x1170 [ 113.581637] __alloc_workqueue+0x74b/0x1820 [ 113.581655] alloc_workqueue_noprof+0xc7/0x200 [ 113.581665] loop_configure+0xf73/0x1590 [ 113.581680] lo_ioctl+0x66d/0x1c70 [ 113.581693] blkdev_ioctl+0x27c/0x6c0 [ 113.581704] __x64_sys_ioctl+0x18f/0x210 [ 113.581720] do_syscall_64+0xbf/0x360 [ 113.581729] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:21:17 executing program 5: r0 = io_uring_setup(0x5fff, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 11:21:17 executing program 1: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f00000015c0)={{}, {}, [], {}, [], {0x8}}, 0x24, 0x0) [ 113.637593] kmemleak: Found object by alias at 0x607f1a63e964 [ 113.637610] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.637629] Tainted: [W]=WARN [ 113.637633] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.637641] Call Trace: [ 113.637645] [ 113.637650] dump_stack_lvl+0xca/0x120 [ 113.637675] __lookup_object+0x94/0xb0 [ 113.637693] delete_object_full+0x27/0x70 [ 113.637710] free_percpu+0x30/0x1160 [ 113.637727] ? arch_uprobe_clear_state+0x16/0x140 [ 113.637748] futex_hash_free+0x38/0xc0 [ 113.637763] mmput+0x2d3/0x390 [ 113.637782] do_exit+0x79d/0x2970 [ 113.637799] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.637813] ? __pfx_do_exit+0x10/0x10 [ 113.637828] ? find_held_lock+0x2b/0x80 [ 113.637846] ? get_signal+0x835/0x2340 [ 113.637867] do_group_exit+0xd3/0x2a0 [ 113.637882] get_signal+0x2315/0x2340 [ 113.637900] ? put_task_stack+0xd2/0x240 [ 113.637915] ? __pfx_get_signal+0x10/0x10 [ 113.637931] ? __schedule+0xe91/0x3590 [ 113.637953] arch_do_signal_or_restart+0x80/0x790 [ 113.637971] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 113.637989] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.638002] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.638014] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.638033] exit_to_user_mode_loop+0x8b/0x110 [ 113.638047] do_syscall_64+0x2f7/0x360 [ 113.638060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.638072] RIP: 0033:0x7f5d7b856b19 [ 113.638081] Code: Unable to access opcode bytes at 0x7f5d7b856aef. [ 113.638087] RSP: 002b:00007f5d78dcc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.638103] RAX: 0000000000000001 RBX: 00007f5d7b969f68 RCX: 00007f5d7b856b19 [ 113.638111] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5d7b969f6c [ 113.638118] RBP: 00007f5d7b969f60 R08: 000000000000000e R09: 0000000000000000 [ 113.638125] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d7b969f6c [ 113.638133] R13: 00007ffd035eb11f R14: 00007f5d78dcc300 R15: 0000000000022000 [ 113.638149] [ 113.638153] kmemleak: Object (percpu) 0x607f1a63e960 (size 8): [ 113.638160] kmemleak: comm "syz-executor.1", pid 3946, jiffies 4294780425 [ 113.638167] kmemleak: min_count = 1 [ 113.638171] kmemleak: count = 0 [ 113.638174] kmemleak: flags = 0x21 [ 113.638178] kmemleak: checksum = 0 [ 113.638182] kmemleak: backtrace: [ 113.638185] pcpu_alloc_noprof+0x87a/0x1170 [ 113.638201] percpu_ref_init+0x37/0x400 [ 113.638212] wb_get_create+0x25b/0x1120 [ 113.638223] __inode_attach_wb+0x159/0xc70 [ 113.638237] __folio_mark_dirty+0x908/0xcd0 [ 113.638251] mark_buffer_dirty+0x316/0x3a0 [ 113.638268] fat_set_state+0x227/0x360 [ 113.638284] fat_fill_super+0x2669/0x3fd0 [ 113.638299] get_tree_bdev_flags+0x38a/0x620 [ 113.638311] vfs_get_tree+0x93/0x340 [ 113.638326] path_mount+0x132d/0x1dd0 [ 113.638339] __x64_sys_mount+0x27b/0x300 [ 113.638350] do_syscall_64+0xbf/0x360 [ 113.638360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.671175] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI [ 113.672101] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 113.672759] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.674576] Tainted: [W]=WARN [ 113.675342] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.676908] RIP: 0010:__queue_work+0x202/0x1240 [ 113.678320] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 113.681738] RSP: 0018:ffff8880164ff6b0 EFLAGS: 00010056 [ 113.682132] RAX: 0000000000000000 RBX: ffff88800cfbf518 RCX: ffffffff8141f51d [ 113.682654] RDX: ffff88801b960000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 113.683175] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 113.683703] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 113.684222] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888017312800 [ 113.684743] FS: 0000555555f9a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.685331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.685757] CR2: 000055559507fc58 CR3: 000000003833a000 CR4: 0000000000350ef0 [ 113.686277] Call Trace: [ 113.686471] [ 113.686643] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.686998] queue_work_on+0xd0/0xe0 [ 113.687281] loop_queue_rq+0x5c8/0x1180 [ 113.687591] __blk_mq_issue_directly+0xd5/0x260 [ 113.687945] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 113.688338] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 113.688735] blk_mq_request_issue_directly+0x11c/0x1e0 [ 113.689122] blk_mq_issue_direct+0x192/0x640 [ 113.689455] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 113.689849] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 113.690198] ? read_tsc+0x9/0x20 [ 113.690465] ? ktime_get+0x16d/0x270 [ 113.690748] ? trace_block_plug+0x149/0x1b0 [ 113.691071] ? blk_add_rq_to_plug+0x234/0x550 [ 113.691410] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 113.691794] ? blk_mq_submit_bio+0x4fd/0x2220 [ 113.692130] __blk_flush_plug+0x25c/0x460 [ 113.692439] ? __pfx___blk_flush_plug+0x10/0x10 [ 113.692784] ? bio_associate_blkg_from_css+0x4fe/0x1380 [ 113.693184] __submit_bio+0x480/0x5b0 [ 113.693468] ? __pfx___submit_bio+0x10/0x10 [ 113.693792] ? read_tsc+0x9/0x20 [ 113.694051] ? ktime_get+0x16d/0x270 [ 113.694332] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 113.694695] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 113.695096] submit_bio_noacct+0x359/0x1350 [ 113.695422] __sync_dirty_buffer+0x176/0x380 [ 113.695756] fat_set_state+0x22f/0x360 [ 113.696054] fat_put_super+0x3f/0xc0 [ 113.696338] ? __pfx_fat_put_super+0x10/0x10 [ 113.696670] generic_shutdown_super+0x15a/0x4a0 [ 113.697029] kill_block_super+0x3b/0x90 [ 113.697332] deactivate_locked_super+0xbf/0x1a0 [ 113.697678] deactivate_super+0xb1/0xd0 [ 113.697974] cleanup_mnt+0x2df/0x430 [ 113.698264] task_work_run+0x172/0x280 [ 113.698558] ? __pfx_task_work_run+0x10/0x10 [ 113.698889] ? __x64_sys_umount+0x114/0x190 [ 113.699210] ? __pfx___x64_sys_umount+0x10/0x10 [ 113.699568] exit_to_user_mode_loop+0xef/0x110 [ 113.699910] do_syscall_64+0x2f7/0x360 [ 113.700202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.700585] RIP: 0033:0x7f378f60bf87 [ 113.700861] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.702177] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.702730] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.703248] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.703784] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.704303] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.704821] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.705343] [ 113.705518] Modules linked in: [ 113.705760] ---[ end trace 0000000000000000 ]--- [ 113.706104] RIP: 0010:__queue_work+0x202/0x1240 [ 113.706452] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 113.707771] RSP: 0018:ffff8880164ff6b0 EFLAGS: 00010056 [ 113.708161] RAX: 0000000000000000 RBX: ffff88800cfbf518 RCX: ffffffff8141f51d [ 113.708680] RDX: ffff88801b960000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 113.709199] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 113.709718] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 113.710236] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888017312800 [ 113.710756] FS: 0000555555f9a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.711342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.711775] CR2: 000055559507fc58 CR3: 000000003833a000 CR4: 0000000000350ef0 [ 113.712296] note: syz-executor.1[281] exited with irqs disabled [ 113.712876] note: syz-executor.1[281] exited with preempt_count 1 [ 113.713363] ------------[ cut here ]------------ [ 113.713708] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.1/281 [ 113.714369] Modules linked in: [ 113.714629] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.716228] Tainted: [D]=DIE, [W]=WARN [ 113.716998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.717665] RIP: 0010:do_exit+0x1c36/0x2970 [ 113.718009] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 113.719437] RSP: 0018:ffff8880164ffe40 EFLAGS: 00010293 [ 113.719854] RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff813b2727 [ 113.720620] RDX: ffff88801b960000 RSI: ffffffff813b42d5 RDI: ffff88801b9611e8 [ 113.721173] RBP: ffff88801b960000 R08: 0000000000000001 R09: fffffbfff0f126d8 [ 113.721738] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 113.722305] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 113.722856] FS: 0000555555f9a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.723526] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 11:21:17 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000)) [ 113.724172] CR2: 000055559507fc58 CR3: 000000003833a000 CR4: 0000000000350ef0 [ 113.725017] Call Trace: [ 113.725218] [ 113.725410] ? _printk+0xbe/0xf0 [ 113.725763] ? __pfx__printk+0x10/0x10 [ 113.726130] ? __pfx_do_exit+0x10/0x10 [ 113.726451] make_task_dead+0x174/0x3b0 [ 113.726755] ? do_syscall_64+0x2f7/0x360 [ 113.727062] rewind_stack_and_make_dead+0x16/0x20 [ 113.727453] RIP: 0033:0x7f378f60bf87 [ 113.727733] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.729220] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.729799] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.730384] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.731002] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.731552] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.732076] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.732626] [ 113.732807] irq event stamp: 162192 [ 113.733075] hardirqs last enabled at (162191): [] ktime_get+0x1c7/0x270 [ 113.733700] hardirqs last disabled at (162192): [] _raw_spin_lock_irq+0x42/0x50 [ 113.734540] softirqs last enabled at (162178): [] handle_softirqs+0x50c/0x770 [ 113.735190] softirqs last disabled at (161863): [] __irq_exit_rcu+0xc4/0x100 [ 113.735852] ---[ end trace 0000000000000000 ]--- [ 113.736201] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 113.736871] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 281, name: syz-executor.1 [ 113.737502] preempt_count: 0, expected: 0 [ 113.737807] RCU nest depth: 2, expected: 0 [ 113.738115] INFO: lockdep is turned off. 11:21:17 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000480)=[&(0x7f0000000180)={0x0, 0x0, 0x8, 0x1, 0x0, r0, 0x0, 0x19000}]) [ 113.738431] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.738451] Tainted: [D]=DIE, [W]=WARN [ 113.738455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.738461] Call Trace: [ 113.738465] [ 113.738469] dump_stack_lvl+0xfa/0x120 [ 113.738493] __might_resched+0x2f3/0x510 [ 113.738507] exit_signals+0x25/0x940 [ 113.738526] do_exit+0x2db/0x2970 [ 113.738539] ? _printk+0xbe/0xf0 [ 113.738551] ? __pfx__printk+0x10/0x10 [ 113.738565] ? __pfx_do_exit+0x10/0x10 [ 113.738580] make_task_dead+0x174/0x3b0 [ 113.738593] ? do_syscall_64+0x2f7/0x360 [ 113.738604] rewind_stack_and_make_dead+0x16/0x20 [ 113.738620] RIP: 0033:0x7f378f60bf87 [ 113.738628] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.738639] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.738650] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.738657] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.738665] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.738672] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.738679] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.738690] [ 113.756639] random: crng reseeded on system resumption [ 113.765772] kmemleak: Found object by alias at 0x607f1a63e30c [ 113.765784] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.765803] Tainted: [D]=DIE, [W]=WARN [ 113.765807] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.765813] Call Trace: [ 113.765817] [ 113.765821] dump_stack_lvl+0xca/0x120 [ 113.765839] __lookup_object+0x94/0xb0 [ 113.765856] delete_object_full+0x27/0x70 [ 113.765872] free_percpu+0x30/0x1160 [ 113.765889] ? arch_uprobe_clear_state+0x16/0x140 [ 113.765907] futex_hash_free+0x38/0xc0 [ 113.765921] mmput+0x2d3/0x390 [ 113.765938] do_exit+0x79d/0x2970 [ 113.765951] ? lock_acquire+0x18c/0x2f0 [ 113.765966] ? __pfx_do_exit+0x10/0x10 [ 113.765979] ? do_raw_spin_lock+0x123/0x260 [ 113.765994] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.766011] do_group_exit+0xd3/0x2a0 [ 113.766025] get_signal+0x2315/0x2340 [ 113.766042] ? put_task_stack+0xd2/0x240 [ 113.766054] ? __pfx_get_signal+0x10/0x10 [ 113.766071] ? __schedule+0xe91/0x3590 [ 113.766088] arch_do_signal_or_restart+0x80/0x790 [ 113.766106] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 113.766122] ? __x64_sys_futex+0x1c9/0x4d0 [ 113.766134] ? __x64_sys_futex+0x1d2/0x4d0 [ 113.766148] ? __pfx_snapshot_ioctl+0x10/0x10 [ 113.766160] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.766173] ? selinux_file_ioctl+0xb9/0x280 [ 113.766190] exit_to_user_mode_loop+0x8b/0x110 [ 113.766202] do_syscall_64+0x2f7/0x360 [ 113.766213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.766225] RIP: 0033:0x7f888ece4b19 [ 113.766233] Code: Unable to access opcode bytes at 0x7f888ece4aef. [ 113.766238] RSP: 002b:00007f888c25a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.766249] RAX: 0000000000000001 RBX: 00007f888edf7f68 RCX: 00007f888ece4b19 [ 113.766257] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f888edf7f6c [ 113.766264] RBP: 00007f888edf7f60 R08: 000000000000000e R09: 0000000000000000 [ 113.766271] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f888edf7f6c [ 113.766278] R13: 00007ffeaab1478f R14: 00007f888c25a300 R15: 0000000000022000 [ 113.766294] [ 113.766297] kmemleak: Object (percpu) 0x607f1a63e308 (size 8): [ 113.766305] kmemleak: comm "syz-executor.5", pid 3958, jiffies 4294780504 [ 113.766312] kmemleak: min_count = 1 [ 113.766316] kmemleak: count = 0 [ 113.766320] kmemleak: flags = 0x21 [ 113.766324] kmemleak: checksum = 0 [ 113.766328] kmemleak: backtrace: [ 113.766331] pcpu_alloc_noprof+0x87a/0x1170 [ 113.766347] percpu_ref_init+0x37/0x400 [ 113.766358] io_uring_setup+0x44c/0x2000 [ 113.766371] __x64_sys_io_uring_setup+0xc8/0x170 [ 113.766382] do_syscall_64+0xbf/0x360 [ 113.766392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.824213] ================================================================== [ 113.824782] BUG: KASAN: stack-out-of-bounds in blk_mq_flush_plug_list+0x4d6/0x5b0 [ 113.825357] Read of size 2 at addr ffff8880164ffb42 by task syz-executor.1/281 [ 113.825895] [ 113.826029] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.826048] Tainted: [D]=DIE, [W]=WARN [ 113.826053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.826060] Call Trace: [ 113.826064] [ 113.826068] dump_stack_lvl+0xca/0x120 [ 113.826087] print_report+0xcb/0x610 [ 113.826104] ? __virt_addr_valid+0x100/0x5d0 [ 113.826123] ? blk_mq_flush_plug_list+0x4d6/0x5b0 [ 113.826135] ? blk_mq_flush_plug_list+0x4d6/0x5b0 [ 113.826148] kasan_report+0xca/0x100 [ 113.826164] ? blk_mq_flush_plug_list+0x4d6/0x5b0 [ 113.826178] blk_mq_flush_plug_list+0x4d6/0x5b0 [ 113.826190] ? __pfx___smp_call_single_queue+0x10/0x10 [ 113.826211] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.826227] ? __pfx_select_task_rq_fair+0x10/0x10 [ 113.826242] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 113.826255] ? do_raw_spin_unlock+0x53/0x220 [ 113.826271] __blk_flush_plug+0x25c/0x460 [ 113.826284] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.826299] ? lock_acquire+0x18c/0x2f0 [ 113.826313] ? __pfx___blk_flush_plug+0x10/0x10 [ 113.826323] ? lock_acquire+0x18c/0x2f0 [ 113.826336] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.826351] schedule+0x2b9/0x390 [ 113.826367] synchronize_rcu_expedited+0x353/0x420 [ 113.826382] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 113.826395] ? __pfx_autoremove_wake_function+0x10/0x10 [ 113.826410] ? __virt_addr_valid+0x100/0x5d0 [ 113.826429] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 113.826447] ? shrink_dentry_list+0x1a/0x650 [ 113.826464] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 113.826480] namespace_unlock+0x4b6/0x810 [ 113.826500] ? __pfx_namespace_unlock+0x10/0x10 [ 113.826518] ? do_raw_spin_lock+0x123/0x260 [ 113.826533] ? __pfx_umount_tree+0x10/0x10 [ 113.826548] ? lock_acquire+0x18c/0x2f0 [ 113.826562] ? lock_release+0x1c7/0x290 [ 113.826575] put_mnt_ns+0xf5/0x120 [ 113.826590] free_nsproxy+0x3a/0x400 [ 113.826609] switch_task_namespaces+0xe2/0x100 [ 113.826627] do_exit+0x841/0x2970 [ 113.826640] ? _printk+0xbe/0xf0 [ 113.826653] ? __pfx__printk+0x10/0x10 [ 113.826667] ? __pfx_do_exit+0x10/0x10 [ 113.826682] make_task_dead+0x174/0x3b0 [ 113.826695] ? do_syscall_64+0x2f7/0x360 [ 113.826707] rewind_stack_and_make_dead+0x16/0x20 [ 113.826723] RIP: 0033:0x7f378f60bf87 [ 113.826731] Code: Unable to access opcode bytes at 0x7f378f60bf5d. [ 113.826737] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.826748] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.826756] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.826764] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.826772] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.826779] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.826790] [ 113.826794] [ 113.846485] The buggy address belongs to stack of task syz-executor.1/281 [ 113.846978] and is located at offset 26 in frame: [ 113.847336] __blk_flush_plug+0x0/0x460 [ 113.847639] [ 113.847769] This frame has 1 object: [ 113.848044] [32, 48) 'callbacks' [ 113.848051] [ 113.848437] The buggy address belongs to the physical page: [ 113.848847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x164ff [ 113.849423] flags: 0x100000000000000(node=0|zone=1) [ 113.849790] page_type: f9(unknown) [ 113.850058] raw: 0100000000000000 0000000000000000 ffffea0000593fc8 0000000000000000 [ 113.850624] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000 [ 113.851186] page dumped because: kasan: bad access detected [ 113.851602] [ 113.851738] Memory state around the buggy address: [ 113.852096] ffff8880164ffa00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 113.852624] ffff8880164ffa80: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 113.853153] >ffff8880164ffb00: 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 [ 113.853680] ^ [ 113.854075] ffff8880164ffb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 113.854602] ffff8880164ffc00: f1 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 113.855133] ================================================================== [ 113.855930] BUG: unable to handle page fault for address: ffffffff81522048 [ 113.856508] #PF: supervisor write access in kernel mode [ 113.856896] #PF: error_code(0x0003) - permissions violation [ 113.857307] PGD 5a8b067 P4D 5a8b067 PUD 5a8c063 PMD 14001a1 [ 113.857742] Oops: Oops: 0003 [#2] SMP KASAN NOPTI [ 113.858100] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.858960] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 113.859328] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.859931] RIP: 0010:blk_mq_dispatch_list+0x257/0x12c0 [ 113.860329] Code: 59 37 ff 4c 89 e2 48 8b 44 24 70 48 c1 ea 03 4c 89 64 24 70 80 3c 2a 00 0f 85 60 0e 00 00 48 8d 7b 50 48 8d 4c 24 68 48 89 fa <48> 89 4b 48 48 c1 ea 03 80 3c 2a 00 0f 85 2e 0e 00 00 48 89 c2 48 [ 113.861648] RSP: 0018:ffff8880164ff920 EFLAGS: 00010246 [ 113.862037] RAX: ffff8880164ff988 RBX: ffffffff81522000 RCX: ffff8880164ff988 [ 113.862558] RDX: ffffffff81522050 RSI: ffffffff823c9d50 RDI: ffffffff81522050 [ 113.863077] RBP: dffffc0000000000 R08: 0000000000000001 R09: fffffbfff0f12690 [ 113.863604] R10: 00000000000000d9 R11: 0000000000000001 R12: ffffffff81522048 [ 113.864122] R13: 8948535554415541 R14: ffff8880164ffb18 R15: 0000000000000000 [ 113.864645] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.865235] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.865663] CR2: ffffffff81522048 CR3: 0000000041d9f000 CR4: 0000000000350ef0 [ 113.866184] Call Trace: [ 113.866378] [ 113.866550] ? end_report+0x7e/0x150 [ 113.866834] ? __pfx_blk_mq_dispatch_list+0x10/0x10 [ 113.867204] ? do_raw_spin_lock+0x48/0x260 [ 113.867531] blk_mq_flush_plug_list+0x12a/0x5b0 [ 113.867884] ? __pfx___smp_call_single_queue+0x10/0x10 [ 113.868279] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.868632] ? __pfx_select_task_rq_fair+0x10/0x10 [ 113.868998] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 113.869383] ? do_raw_spin_unlock+0x53/0x220 [ 113.869717] __blk_flush_plug+0x25c/0x460 [ 113.870024] ? lock_acquire+0x18c/0x2f0 [ 113.870324] ? __pfx___blk_flush_plug+0x10/0x10 [ 113.870670] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.871063] schedule+0x2b9/0x390 [ 113.871330] synchronize_rcu_expedited+0x353/0x420 [ 113.871701] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 113.872101] ? __pfx_autoremove_wake_function+0x10/0x10 [ 113.872496] ? __virt_addr_valid+0x100/0x5d0 [ 113.872831] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 113.873180] ? shrink_dentry_list+0x1a/0x650 [ 113.873513] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 113.873915] namespace_unlock+0x4b6/0x810 [ 113.874231] ? __pfx_namespace_unlock+0x10/0x10 [ 113.874584] ? do_raw_spin_lock+0x123/0x260 [ 113.874912] ? __pfx_umount_tree+0x10/0x10 [ 113.875230] ? lock_acquire+0x18c/0x2f0 [ 113.875536] ? lock_release+0x1c7/0x290 [ 113.875837] put_mnt_ns+0xf5/0x120 [ 113.876107] free_nsproxy+0x3a/0x400 [ 113.876393] switch_task_namespaces+0xe2/0x100 [ 113.876742] do_exit+0x841/0x2970 [ 113.877013] ? _printk+0xbe/0xf0 [ 113.877271] ? __pfx__printk+0x10/0x10 [ 113.877564] ? __pfx_do_exit+0x10/0x10 [ 113.877858] make_task_dead+0x174/0x3b0 [ 113.878157] ? do_syscall_64+0x2f7/0x360 [ 113.878464] rewind_stack_and_make_dead+0x16/0x20 [ 113.878826] RIP: 0033:0x7f378f60bf87 [ 113.879102] Code: Unable to access opcode bytes at 0x7f378f60bf5d. [ 113.879575] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.880136] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.880686] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.881236] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.881787] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.882337] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.882892] [ 113.883079] Modules linked in: [ 113.883334] CR2: ffffffff81522048 [ 113.883612] ---[ end trace 0000000000000000 ]--- [ 113.883983] RIP: 0010:__queue_work+0x202/0x1240 [ 113.884353] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 113.885758] RSP: 0018:ffff8880164ff6b0 EFLAGS: 00010056 [ 113.886168] RAX: 0000000000000000 RBX: ffff88800cfbf518 RCX: ffffffff8141f51d [ 113.886717] RDX: ffff88801b960000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 113.887265] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 113.887822] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 113.888371] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888017312800 [ 113.888919] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.889540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.889992] CR2: ffffffff81522048 CR3: 0000000041d9f000 CR4: 0000000000350ef0 [ 113.890543] note: syz-executor.1[281] exited with irqs disabled [ 113.891123] Fixing recursive fault but reboot is needed! [ 113.891647] BUG: scheduling while atomic: syz-executor.1/281/0x00000000 [ 113.892164] INFO: lockdep is turned off. [ 113.892494] Modules linked in: [ 113.892753] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.892776] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 113.892780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.892788] Call Trace: [ 113.892792] [ 113.892797] dump_stack_lvl+0xfa/0x120 [ 113.892815] __schedule_bug+0xb9/0x100 [ 113.892828] __schedule+0x24f3/0x3590 [ 113.892844] ? __pfx_vprintk_emit+0x10/0x10 [ 113.892862] ? free_nsproxy+0x3a/0x400 [ 113.892879] ? __pfx___schedule+0x10/0x10 [ 113.892894] ? do_raw_spin_lock+0x123/0x260 [ 113.892910] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.892925] ? lock_acquire+0x18c/0x2f0 [ 113.892938] ? lock_release+0x1c7/0x290 [ 113.892951] ? do_task_dead+0x3e/0x110 [ 113.892966] do_task_dead+0xdc/0x110 [ 113.892979] make_task_dead+0x373/0x3b0 [ 113.892992] ? do_syscall_64+0x2f7/0x360 [ 113.893004] rewind_stack_and_make_dead+0x16/0x20 [ 113.893019] RIP: 0033:0x7f378f60bf87 [ 113.893027] Code: Unable to access opcode bytes at 0x7f378f60bf5d. [ 113.893033] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.893044] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.893051] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.893058] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.893066] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.893073] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.893084] [ 113.893088] ------------[ cut here ]------------ [ 113.904542] Voluntary context switch within RCU read-side critical section! [ 113.904641] WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xa96/0x1b00, CPU#0: syz-executor.1/281 [ 113.905969] Modules linked in: [ 113.906227] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.907138] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 113.907532] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.908164] RIP: 0010:rcu_note_context_switch+0xa96/0x1b00 [ 113.908603] Code: 00 00 00 65 48 8b 3d 41 dc 27 06 e8 84 11 fd ff e9 1a f8 ff ff c6 05 2e 4a e4 04 01 90 48 c7 c7 a0 8a c9 84 e8 0b 39 dd ff 90 <0f> 0b 90 90 e9 3a f6 ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea [ 113.909994] RSP: 0018:ffff8880164ffd38 EFLAGS: 00010082 [ 113.910407] RAX: 0000000000000000 RBX: ffff88806ce37d00 RCX: ffffffff8139de70 [ 113.910956] RDX: ffff88801b960000 RSI: ffffffff8139de7e RDI: 0000000000000001 [ 113.911515] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d9c4801 [ 113.912063] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801b960000 [ 113.912612] R13: 0000000000000000 R14: ffff88801b960000 R15: ffffffff84c5d520 [ 113.913163] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.913784] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.914232] CR2: ffffffff81522048 CR3: 0000000041d9f000 CR4: 0000000000350ef0 [ 113.914784] Call Trace: [ 113.914988] [ 113.915169] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.915584] ? dump_stack_lvl+0x113/0x120 [ 113.915916] __schedule+0x217/0x3590 [ 113.916215] ? __pfx_vprintk_emit+0x10/0x10 [ 113.916559] ? free_nsproxy+0x3a/0x400 [ 113.916870] ? __pfx___schedule+0x10/0x10 [ 113.917203] ? do_raw_spin_lock+0x123/0x260 [ 113.917544] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.917915] ? lock_acquire+0x18c/0x2f0 [ 113.918229] ? lock_release+0x1c7/0x290 [ 113.918545] ? do_task_dead+0x3e/0x110 [ 113.918855] do_task_dead+0xdc/0x110 [ 113.919153] make_task_dead+0x373/0x3b0 [ 113.919474] ? do_syscall_64+0x2f7/0x360 [ 113.919797] rewind_stack_and_make_dead+0x16/0x20 [ 113.920181] RIP: 0033:0x7f378f60bf87 [ 113.920473] Code: Unable to access opcode bytes at 0x7f378f60bf5d. [ 113.920949] RSP: 002b:00007ffe415aaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.921535] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f378f60bf87 [ 113.922085] RDX: 00007ffe415aafb9 RSI: 000000000000000a RDI: 00007ffe415aafb0 [ 113.922635] RBP: 00007ffe415aafb0 R08: 00000000ffffffff R09: 00007ffe415aad80 [ 113.923185] R10: 0000555555f9bc7b R11: 0000000000000246 R12: 00007f378f664105 [ 113.923741] R13: 00007ffe415ac070 R14: 0000555555f9bc20 R15: 00007ffe415ac0b0 [ 113.924303] [ 113.924489] irq event stamp: 162192 [ 113.924768] hardirqs last enabled at (162191): [] ktime_get+0x1c7/0x270 [ 113.925410] hardirqs last disabled at (162192): [] _raw_spin_lock_irq+0x42/0x50 [ 113.926124] softirqs last enabled at (162178): [] handle_softirqs+0x50c/0x770 [ 113.926776] softirqs last disabled at (161863): [] __irq_exit_rcu+0xc4/0x100 [ 113.927426] ---[ end trace 0000000000000000 ]--- VM DIAGNOSIS: 11:21:17 Registers: info registers vcpu 0 RAX=000000000000006f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880164ff008 R8 =0000000000000000 R9 =ffffed100165e046 R10=000000000000006f R11=3034323178304952 R12=000000000000006f R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555555f9a400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055559507fc58 CR3=000000003833a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff8136de9d RDX=ffff888015999b80 RSI=0000000000000800 RDI=0000000000000000 RBP=000000000df5ba40 RSP=ffff888017047d48 R8 =000000005eb0d041 R9 =ffff88806c049d60 R10=0000000000080000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000800 R14=ffff88800df5ba40 R15=ffffea000037d680 RIP=ffffffff8173f158 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fea9ef8d8c0 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fea9f4bfac0 CR3=000000000b7f2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000007fea9f003000 XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffffff0f0e0d0c0b0a0908 XMM03=0000000000000000737265646c6f682f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055efaec19a60000055efaebca340 XMM06=000055efaebf3ab00000000000000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000