Warning: Permanently added '[localhost]:1724' (ECDSA) to the list of known hosts. 2025/08/29 08:11:40 fuzzer started 2025/08/29 08:11:40 dialing manager at localhost:43077 syzkaller login: [ 44.955908] cgroup: Unknown subsys name 'net' [ 45.000001] cgroup: Unknown subsys name 'cpuset' [ 45.015875] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:11:51 syscalls: 2214 2025/08/29 08:11:51 code coverage: enabled 2025/08/29 08:11:51 comparison tracing: enabled 2025/08/29 08:11:51 extra coverage: enabled 2025/08/29 08:11:51 setuid sandbox: enabled 2025/08/29 08:11:51 namespace sandbox: enabled 2025/08/29 08:11:51 Android sandbox: enabled 2025/08/29 08:11:51 fault injection: enabled 2025/08/29 08:11:51 leak checking: enabled 2025/08/29 08:11:51 net packet injection: enabled 2025/08/29 08:11:51 net device setup: enabled 2025/08/29 08:11:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:11:51 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:11:51 USB emulation: enabled 2025/08/29 08:11:51 hci packet injection: enabled 2025/08/29 08:11:51 wifi device emulation: enabled 2025/08/29 08:11:51 802.15.4 emulation: enabled 2025/08/29 08:11:51 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:11:51 fetching corpus: 50, signal 25941/28699 (executing program) 2025/08/29 08:11:51 fetching corpus: 100, signal 37255/40551 (executing program) 2025/08/29 08:11:51 fetching corpus: 150, signal 45164/48951 (executing program) 2025/08/29 08:11:51 fetching corpus: 200, signal 51755/55711 (executing program) 2025/08/29 08:11:51 fetching corpus: 250, signal 55406/59646 (executing program) 2025/08/29 08:11:51 fetching corpus: 300, signal 60317/64435 (executing program) 2025/08/29 08:11:52 fetching corpus: 350, signal 62938/67180 (executing program) 2025/08/29 08:11:52 fetching corpus: 400, signal 66992/70866 (executing program) 2025/08/29 08:11:52 fetching corpus: 450, signal 69095/72941 (executing program) 2025/08/29 08:11:52 fetching corpus: 500, signal 71886/75474 (executing program) 2025/08/29 08:11:52 fetching corpus: 550, signal 77169/79606 (executing program) 2025/08/29 08:11:52 fetching corpus: 600, signal 79328/81282 (executing program) 2025/08/29 08:11:52 fetching corpus: 650, signal 81470/82812 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83262 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83356 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83447 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83510 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83609 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83694 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83779 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83874 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/83951 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84033 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84122 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84207 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84286 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84370 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84461 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84544 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84637 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84738 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84824 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84910 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/84982 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85087 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85161 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85241 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85317 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85405 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85492 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85576 (executing program) 2025/08/29 08:11:53 fetching corpus: 659, signal 81990/85576 (executing program) 2025/08/29 08:11:55 starting 8 fuzzer processes 08:11:55 executing program 0: rseq(0x0, 0xfffffffffffffd88, 0x2000000002, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x18d101, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff000) write$char_usb(0xffffffffffffffff, &(0x7f00000000c0)="d22480cb27b71b8a44c2a173f3c59adca8e2e5252524886ff022a51a589eaafdd7f2a26b2d64", 0x26) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40086607, 0x0) 08:11:55 executing program 7: munmap(&(0x7f0000630000/0x800000)=nil, 0x800000) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000) 08:11:55 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$DVD_AUTH(r0, 0x1261, 0x0) 08:11:55 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:11:55 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000002440)=ANY=[]) 08:11:55 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x21030000}) [ 59.311291] audit: type=1400 audit(1756455115.420:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:11:55 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$clear(0x7, r0) 08:11:55 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a17dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 60.562548] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.566192] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.568025] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.570543] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.572318] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.574267] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.581946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.584232] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.586936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.588744] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.590099] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.591774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.594041] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.595740] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.597444] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.608696] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.611691] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.619071] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.624873] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.629582] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.632953] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 60.633844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 60.636614] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.640016] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 60.641777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.654826] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 60.662399] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 60.666566] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.673036] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 60.678557] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 60.681821] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 60.693837] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 60.707524] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 60.718723] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 60.722341] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 60.724002] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 60.727899] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 60.737991] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 60.746744] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 60.755334] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 62.648502] Bluetooth: hci1: command tx timeout [ 62.710998] Bluetooth: hci3: command tx timeout [ 62.711065] Bluetooth: hci0: command tx timeout [ 62.711888] Bluetooth: hci2: command tx timeout [ 62.711941] Bluetooth: hci4: command tx timeout [ 62.838974] Bluetooth: hci7: command tx timeout [ 62.839021] Bluetooth: hci6: command tx timeout [ 62.840800] Bluetooth: hci5: command tx timeout [ 64.694461] Bluetooth: hci1: command tx timeout [ 64.758428] Bluetooth: hci4: command tx timeout [ 64.758889] Bluetooth: hci2: command tx timeout [ 64.758948] Bluetooth: hci3: command tx timeout [ 64.760148] Bluetooth: hci0: command tx timeout [ 64.886507] Bluetooth: hci5: command tx timeout [ 64.887126] Bluetooth: hci7: command tx timeout [ 64.887640] Bluetooth: hci6: command tx timeout [ 66.742614] Bluetooth: hci1: command tx timeout [ 66.806440] Bluetooth: hci0: command tx timeout [ 66.806553] Bluetooth: hci4: command tx timeout [ 66.806901] Bluetooth: hci2: command tx timeout [ 66.808000] Bluetooth: hci3: command tx timeout [ 66.934439] Bluetooth: hci6: command tx timeout [ 66.934465] Bluetooth: hci7: command tx timeout [ 66.934902] Bluetooth: hci5: command tx timeout [ 68.790485] Bluetooth: hci1: command tx timeout [ 68.854589] Bluetooth: hci3: command tx timeout [ 68.855535] Bluetooth: hci4: command tx timeout [ 68.856331] Bluetooth: hci0: command tx timeout [ 68.856509] Bluetooth: hci2: command tx timeout [ 68.982746] Bluetooth: hci7: command tx timeout [ 68.982784] Bluetooth: hci6: command tx timeout [ 68.983605] Bluetooth: hci5: command tx timeout [ 102.097155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.098379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.248367] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.248995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.490181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.490949] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.722740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.723452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.820028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.820660] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.885906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.886685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.216919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.217816] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.224611] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.225887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.394768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.395754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.523074] loop2: detected capacity change from 0 to 1 [ 103.627041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.628247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.691190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.691983] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.751222] syz-executor.0 (3849) used greatest stack depth: 24328 bytes left 08:12:39 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$clear(0x7, r0) [ 103.867755] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.868946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.929212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.930580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.026617] loop2: detected capacity change from 0 to 1 [ 104.074869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.076182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.095210] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.095870] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.200603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.201222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.335724] audit: type=1400 audit(1756455160.444:8): avc: denied { open } for pid=3904 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.339818] audit: type=1400 audit(1756455160.445:9): avc: denied { kernel } for pid=3904 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:12:40 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x21030000}) 08:12:40 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$clear(0x7, r0) 08:12:40 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:40 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a17dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:12:40 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000002440)=ANY=[]) 08:12:40 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$DVD_AUTH(r0, 0x1261, 0x0) 08:12:40 executing program 7: munmap(&(0x7f0000630000/0x800000)=nil, 0x800000) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000) 08:12:40 executing program 0: rseq(0x0, 0xfffffffffffffd88, 0x2000000002, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x18d101, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff000) write$char_usb(0xffffffffffffffff, &(0x7f00000000c0)="d22480cb27b71b8a44c2a173f3c59adca8e2e5252524886ff022a51a589eaafdd7f2a26b2d64", 0x26) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40086607, 0x0) 08:12:40 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x21030000}) [ 104.542730] loop2: detected capacity change from 0 to 1 08:12:40 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a17dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:12:40 executing program 7: munmap(&(0x7f0000630000/0x800000)=nil, 0x800000) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000) 08:12:40 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$clear(0x7, r0) 08:12:40 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000002440)=ANY=[]) 08:12:40 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x21030000}) 08:12:40 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$DVD_AUTH(r0, 0x1261, 0x0) 08:12:40 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a17dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:12:40 executing program 7: munmap(&(0x7f0000630000/0x800000)=nil, 0x800000) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000) 08:12:40 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000002440)=ANY=[]) 08:12:40 executing program 6: rseq(0x0, 0xfffffffffffffd88, 0x2000000002, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x18d101, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff000) write$char_usb(0xffffffffffffffff, &(0x7f00000000c0)="d22480cb27b71b8a44c2a173f3c59adca8e2e5252524886ff022a51a589eaafdd7f2a26b2d64", 0x26) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40086607, 0x0) 08:12:40 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$DVD_AUTH(r0, 0x1261, 0x0) 08:12:40 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:40 executing program 4: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:40 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$DVD_AUTH(r0, 0x1261, 0x0) [ 104.889118] Oops: general protection fault, probably for non-canonical address 0xdffffc0060000000: 0000 [#1] SMP KASAN NOPTI [ 104.890220] KASAN: probably user-memory-access in range [0x0000000300000000-0x0000000300000007] [ 104.890979] CPU: 0 UID: 0 PID: 3953 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 104.892363] Tainted: [W]=WARN [ 104.893157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.894802] RIP: 0010:apply_wqattrs_cleanup.part.0+0xbd/0x2b0 [ 104.896430] Code: dd 28 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 95 01 00 00 48 8b 5c dd 28 48 85 db 74 41 e8 8a af 32 00 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a6 01 00 00 48 8b 3b e8 50 a8 7c 03 48 89 df [ 104.900380] RSP: 0018:ffff888044fc76b8 EFLAGS: 00010216 [ 104.900806] RAX: 0000000060000000 RBX: 0000000300000000 RCX: ffffc90003c17000 [ 104.901378] RDX: 0000000000040000 RSI: ffffffff814137f6 RDI: ffff88800d87d330 [ 104.901941] RBP: ffff88800d87d300 R08: 0000000000000001 R09: ffffed10089f8ec7 [ 104.902502] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000 [ 104.903065] R13: fffffbfff0b0a4ac R14: ffffffffffffffff R15: 0000000000000001 [ 104.903627] FS: 00007fd1a2734700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 104.904265] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.904726] CR2: 00007ffeddbe4ff8 CR3: 0000000044e15000 CR4: 0000000000350ef0 [ 104.905295] Call Trace: [ 104.905504] [ 104.905687] apply_workqueue_attrs_locked+0xa1/0xf0 [ 104.906093] __alloc_workqueue+0x1065/0x1820 [ 104.906457] alloc_workqueue_noprof+0xc7/0x200 [ 104.906826] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 104.907236] ? lock_release+0xc8/0x290 [ 104.907551] loop_configure+0xf73/0x1590 [ 104.907884] ? lock_release+0xc8/0x290 [ 104.908197] ? __is_insn_slot_addr+0x140/0x290 [ 104.908572] ? kernel_text_address+0x5b/0xc0 [ 104.908928] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 104.909368] ? __kernel_text_address+0xd/0x40 [ 104.909738] ? unwind_get_return_address+0x59/0xa0 [ 104.910136] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 104.910566] ? __pfx_loop_configure+0x10/0x10 [ 104.910930] ? __lock_acquire+0x694/0x1b70 [ 104.911270] ? lock_acquire+0x15e/0x2f0 [ 104.911592] ? avc_has_extended_perms+0x107/0xf20 [ 104.911988] ? find_held_lock+0x2b/0x80 [ 104.912310] ? avc_has_extended_perms+0x23b/0xf20 [ 104.912705] ? lock_release+0xc8/0x290 [ 104.913027] lo_ioctl+0x66d/0x1c70 [ 104.913319] ? __pfx_lo_ioctl+0x10/0x10 [ 104.913640] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 104.914055] ? lock_acquire+0x15e/0x2f0 [ 104.914374] ? __virt_addr_valid+0x1c6/0x5d0 [ 104.914733] ? find_held_lock+0x2b/0x80 [ 104.915054] ? __virt_addr_valid+0x2e8/0x5d0 [ 104.915412] ? lock_release+0xc8/0x290 [ 104.915731] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 104.916152] ? percpu_is_read_locked+0x100/0x1d0 [ 104.916537] ? __fget_files+0x34/0x3b0 [ 104.916850] ? find_held_lock+0x2b/0x80 [ 104.917179] ? __fget_files+0x203/0x3b0 [ 104.917498] ? __pfx_lo_ioctl+0x10/0x10 [ 104.917816] blkdev_ioctl+0x27c/0x6c0 [ 104.918130] ? __pfx_blkdev_ioctl+0x10/0x10 [ 104.918482] ? selinux_file_ioctl+0xb9/0x280 [ 104.918838] ? __pfx_blkdev_ioctl+0x10/0x10 [ 104.919187] __x64_sys_ioctl+0x18f/0x210 [ 104.919518] do_syscall_64+0xbf/0x360 [ 104.919831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.920244] RIP: 0033:0x7fd1a51be8d7 [ 104.920541] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 104.922035] RSP: 002b:00007fd1a2733f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.922656] RAX: ffffffffffffffda RBX: 00007fd1a5208970 RCX: 00007fd1a51be8d7 [ 104.923243] RDX: 0000000000000003 RSI: 0000000000004c00 RDI: 0000000000000004 [ 104.923828] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 104.924412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 104.924995] R13: 0000000000000003 R14: 00000000200002e0 R15: 0000000000000004 [ 104.925592] [ 104.925788] Modules linked in: [ 104.926303] ---[ end trace 0000000000000000 ]--- [ 104.927764] RIP: 0010:apply_wqattrs_cleanup.part.0+0xbd/0x2b0 [ 104.928263] Code: dd 28 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 95 01 00 00 48 8b 5c dd 28 48 85 db 74 41 e8 8a af 32 00 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a6 01 00 00 48 8b 3b e8 50 a8 7c 03 48 89 df [ 104.930705] RSP: 0018:ffff888044fc76b8 EFLAGS: 00010216 [ 104.931229] RAX: 0000000060000000 RBX: 0000000300000000 RCX: ffffc90003c17000 [ 104.931876] RDX: 0000000000040000 RSI: ffffffff814137f6 RDI: ffff88800d87d330 [ 104.932621] RBP: ffff88800d87d300 R08: 0000000000000001 R09: ffffed10089f8ec7 [ 104.933365] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000 [ 104.934095] R13: fffffbfff0b0a4ac R14: ffffffffffffffff R15: 0000000000000001 [ 104.934706] FS: 00007fd1a2734700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 104.935385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.935870] CR2: 00007ffeddbe4ff8 CR3: 0000000044e15000 CR4: 0000000000350ef0 [ 104.980824] loop2: detected capacity change from 0 to 1 [ 105.053927] kmemleak: Found object by alias at 0x607f1a6381bc [ 105.053950] CPU: 1 UID: 0 PID: 3955 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.053970] Tainted: [D]=DIE, [W]=WARN [ 105.053974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.053982] Call Trace: [ 105.053986] [ 105.053990] dump_stack_lvl+0xca/0x120 [ 105.054018] __lookup_object+0x94/0xb0 [ 105.054034] delete_object_full+0x27/0x70 [ 105.054049] free_percpu+0x30/0x1160 [ 105.054066] ? arch_uprobe_clear_state+0x16/0x140 [ 105.054084] futex_hash_free+0x38/0xc0 [ 105.054098] mmput+0x2d3/0x390 [ 105.054116] do_exit+0x79d/0x2970 [ 105.054129] ? signal_wake_up_state+0x85/0x120 [ 105.054149] ? zap_other_threads+0x2b9/0x3a0 [ 105.054163] ? __pfx_do_exit+0x10/0x10 [ 105.054176] ? lock_release+0x1c7/0x290 [ 105.054190] do_group_exit+0xd3/0x2a0 [ 105.054204] __x64_sys_exit_group+0x3e/0x50 [ 105.054217] x64_sys_call+0x18c5/0x18d0 [ 105.054232] do_syscall_64+0xbf/0x360 [ 105.054243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.054255] RIP: 0033:0x7fbc0eb64b19 [ 105.054263] Code: Unable to access opcode bytes at 0x7fbc0eb64aef. [ 105.054269] RSP: 002b:00007ffd8a8bb018 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 105.054280] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fbc0eb64b19 [ 105.054288] RDX: 00007fbc0eb1772b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 105.054295] RBP: 0000000000000000 R08: 0000001b2d125d90 R09: 0000000000000000 [ 105.054302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.054309] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd8a8bb100 [ 105.054320] [ 105.054324] kmemleak: Object (percpu) 0x607f1a6381b8 (size 8): [ 105.054330] kmemleak: comm "syz-executor.4", pid 3953, jiffies 4294771774 [ 105.054338] kmemleak: min_count = 1 [ 105.054341] kmemleak: count = 0 [ 105.054345] kmemleak: flags = 0x21 [ 105.054349] kmemleak: checksum = 0 [ 105.054353] kmemleak: backtrace: [ 105.054357] pcpu_alloc_noprof+0x87a/0x1170 [ 105.054372] __alloc_workqueue+0x74b/0x1820 [ 105.054389] alloc_workqueue_noprof+0xc7/0x200 [ 105.054399] loop_configure+0xf73/0x1590 [ 105.054413] lo_ioctl+0x66d/0x1c70 [ 105.054425] blkdev_ioctl+0x27c/0x6c0 [ 105.054443] __x64_sys_ioctl+0x18f/0x210 [ 105.054458] do_syscall_64+0xbf/0x360 [ 105.054466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.070336] ================================================================== [ 105.073009] BUG: KASAN: slab-use-after-free in __mutex_lock+0xc72/0x1020 [ 105.073568] Read of size 4 at addr ffff88800a7f52b4 by task systemd-udevd/114 [ 105.074134] [ 105.074281] CPU: 0 UID: 0 PID: 114 Comm: systemd-udevd Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.074301] Tainted: [D]=DIE, [W]=WARN [ 105.074306] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.074314] Call Trace: [ 105.074318] [ 105.074323] dump_stack_lvl+0xca/0x120 [ 105.074344] print_report+0xcb/0x610 [ 105.074361] ? __virt_addr_valid+0x100/0x5d0 [ 105.074380] ? __mutex_lock+0xc72/0x1020 [ 105.074396] ? __mutex_lock+0xc72/0x1020 [ 105.074411] kasan_report+0xca/0x100 [ 105.074427] ? __mutex_lock+0xc72/0x1020 [ 105.074444] __mutex_lock+0xc72/0x1020 [ 105.074460] ? lo_open+0x4e/0xe0 [ 105.074473] ? trace_contention_end+0xca/0x110 [ 105.074490] ? __pfx___mutex_lock+0x10/0x10 [ 105.074507] ? __pfx___mutex_lock+0x10/0x10 [ 105.074525] lo_open+0x4e/0xe0 [ 105.074536] ? __pfx_lo_open+0x10/0x10 [ 105.074547] blkdev_get_whole+0x97/0x290 [ 105.074560] bdev_open+0x2c7/0xe40 [ 105.074573] blkdev_open+0x277/0x400 [ 105.074587] do_dentry_open+0x71c/0x1420 [ 105.074601] ? __pfx_blkdev_open+0x10/0x10 [ 105.074615] vfs_open+0x82/0x3f0 [ 105.074629] ? may_open+0x1f3/0x420 [ 105.074647] path_openat+0x1c3f/0x2880 [ 105.074660] ? stack_trace_save+0x8e/0xc0 [ 105.074675] ? __pfx_path_openat+0x10/0x10 [ 105.074686] ? stack_depot_save_flags+0x2c/0xa20 [ 105.074699] ? __x64_sys_readlinkat+0xb7/0x100 [ 105.074716] ? do_syscall_64+0xbf/0x360 [ 105.074728] do_filp_open+0x1e8/0x450 [ 105.074739] ? __pfx_do_filp_open+0x10/0x10 [ 105.074751] ? lock_acquire+0x18c/0x2f0 [ 105.074767] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 105.074782] ? lock_release+0x1c7/0x290 [ 105.074796] ? alloc_fd+0x2c1/0x560 [ 105.074808] do_sys_openat2+0x104/0x1b0 [ 105.074823] ? __pfx_do_sys_openat2+0x10/0x10 [ 105.074839] ? __pfx___seccomp_filter+0x10/0x10 [ 105.074857] __x64_sys_openat+0x142/0x200 [ 105.074873] ? __pfx___x64_sys_openat+0x10/0x10 [ 105.074890] ? __secure_computing+0x18d/0x290 [ 105.074906] do_syscall_64+0xbf/0x360 [ 105.074916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.074928] RIP: 0033:0x7fbb6ea17767 [ 105.074937] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 [ 105.074949] RSP: 002b:00007ffe9aaf7a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 105.074961] RAX: ffffffffffffffda RBX: 00007ffe9aaf7b40 RCX: 00007fbb6ea17767 [ 105.074969] RDX: 00000000000a0800 RSI: 000055e5093eb380 RDI: 00000000ffffff9c [ 105.074976] RBP: 000055e5093eb380 R08: 000055e4c8e65540 R09: 00007fbb6e9fdbe0 [ 105.074984] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800 [ 105.074992] R13: 000055e4c8e6589f R14: 00007ffe9aaf7b00 R15: 000055e5093f6450 [ 105.075003] [ 105.075008] [ 105.095474] Allocated by task 3952: [ 105.095761] kasan_save_stack+0x24/0x50 [ 105.096080] kasan_save_track+0x14/0x30 [ 105.096398] __kasan_slab_alloc+0x59/0x70 [ 105.096732] kmem_cache_alloc_node_noprof+0x21a/0x690 [ 105.097156] copy_process+0x461/0x73c0 [ 105.097467] kernel_clone+0xea/0x7f0 [ 105.097766] __do_sys_clone+0xce/0x120 [ 105.098080] do_syscall_64+0xbf/0x360 [ 105.098382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.098792] [ 105.098930] Freed by task 3966: [ 105.099198] kasan_save_stack+0x24/0x50 [ 105.099516] kasan_save_track+0x14/0x30 [ 105.099838] __kasan_save_free_info+0x3a/0x60 [ 105.100193] __kasan_slab_free+0x3f/0x50 [ 105.100523] kmem_cache_free+0x2a1/0x540 [ 105.100844] rcu_core+0x7c8/0x1800 [ 105.101141] handle_softirqs+0x1b1/0x770 [ 105.101476] __irq_exit_rcu+0xc4/0x100 [ 105.101793] irq_exit_rcu+0x9/0x20 [ 105.102084] sysvec_apic_timer_interrupt+0x70/0x80 [ 105.102479] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 105.102888] [ 105.103027] Last potentially related work creation: [ 105.103416] kasan_save_stack+0x24/0x50 [ 105.103736] kasan_record_aux_stack+0x89/0xa0 [ 105.104091] __call_rcu_common.constprop.0+0x70/0x960 [ 105.104502] delayed_put_task_struct+0xde/0x260 [ 105.104874] rcu_core+0x7c8/0x1800 [ 105.105167] handle_softirqs+0x1b1/0x770 [ 105.105496] run_ksoftirqd+0x2e/0x60 [ 105.105799] smpboot_thread_fn+0x41d/0x9d0 [ 105.106143] kthread+0x3c8/0x740 [ 105.106419] ret_from_fork+0x34b/0x430 [ 105.106740] ret_from_fork_asm+0x1a/0x30 [ 105.107067] [ 105.107204] Second to last potentially related work creation: [ 105.107660] kasan_save_stack+0x24/0x50 [ 105.107979] kasan_record_aux_stack+0x89/0xa0 [ 105.108335] __call_rcu_common.constprop.0+0x70/0x960 [ 105.108744] put_task_struct_rcu_user+0x75/0xc0 [ 105.109118] __schedule+0xe86/0x3590 [ 105.109434] schedule+0xdb/0x390 [ 105.109719] worker_thread+0x156/0xe90 [ 105.110045] kthread+0x3c8/0x740 [ 105.110331] ret_from_fork+0x34b/0x430 [ 105.110657] ret_from_fork_asm+0x1a/0x30 [ 105.110997] [ 105.111136] The buggy address belongs to the object at ffff88800a7f5280 [ 105.111136] which belongs to the cache task_struct of size 6784 [ 105.112144] The buggy address is located 52 bytes inside of [ 105.112144] freed 6784-byte region [ffff88800a7f5280, ffff88800a7f6d00) [ 105.113116] [ 105.113252] The buggy address belongs to the physical page: [ 105.113693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa7f0 [ 105.114307] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 105.114905] memcg:ffff88800d302181 [ 105.115184] flags: 0x100000000000040(head|node=0|zone=1) [ 105.115612] page_type: f5(slab) [ 105.115880] raw: 0100000000000040 ffff888008ff7640 dead000000000100 dead000000000122 [ 105.116489] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88800d302181 [ 105.117102] head: 0100000000000040 ffff888008ff7640 dead000000000100 dead000000000122 [ 105.117732] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88800d302181 [ 105.118369] head: 0100000000000003 ffffea000029fc01 00000000ffffffff 00000000ffffffff [ 105.119005] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 105.119638] page dumped because: kasan: bad access detected [ 105.120098] [ 105.120239] Memory state around the buggy address: [ 105.120638] ffff88800a7f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.121230] ffff88800a7f5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.121820] >ffff88800a7f5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.122405] ^ [ 105.122794] ffff88800a7f5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.123370] ffff88800a7f5380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.123940] ================================================================== 08:12:42 executing program 0: rseq(0x0, 0xfffffffffffffd88, 0x2000000002, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x18d101, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff000) write$char_usb(0xffffffffffffffff, &(0x7f00000000c0)="d22480cb27b71b8a44c2a173f3c59adca8e2e5252524886ff022a51a589eaafdd7f2a26b2d64", 0x26) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40086607, 0x0) 08:12:42 executing program 6: rseq(0x0, 0xfffffffffffffd88, 0x2000000002, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x18d101, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff000) write$char_usb(0xffffffffffffffff, &(0x7f00000000c0)="d22480cb27b71b8a44c2a173f3c59adca8e2e5252524886ff022a51a589eaafdd7f2a26b2d64", 0x26) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40086607, 0x0) 08:12:42 executing program 4: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:42 executing program 7: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:42 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$DVD_AUTH(r0, 0x1261, 0x0) 08:12:42 executing program 3: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:42 executing program 1: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) 08:12:42 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x82, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x8}, {&(0x7f00000000c0)="5781f5ceb1b7", 0x6}, {&(0x7f0000000100)="a0755b32b128c5ce6f08f906d154f45f57178b85054944ec579f9b31eb1a2ce595ec9ab0284699fb43d821610e00db85ffc15ba4ae800b2f5310f677fbaee2ee0d05824b2484592d0e93a1a9f8bfd8b5f49cdb125086f6bf44e12958f5adf0fe54e4a977d620019d02067e14", 0x6c, 0x33}, {&(0x7f0000000180)="e84fc5902db5b7c64bf941be9934cee70c475248f5695a71b4b46fa98a2d3c1055772c5432932e1736a28c0afcbcf09bcb1aa5fcf6e258b5f1fa1b8a20570bf8e191ccd64d5dbb46dd52a980efa294a59062c24f5accac6414ed42d647780df95e261f8053271a54ad40f4423fae7a97ad4d372c08cf2fc82ca4edbda6fb58ddf70d968402f07869dbdd15ef7f8848a397d2f5db08646a88e8ca89856bbddbb9e71edabf2c24d90fc091d2bf13be07ef80649c70c263315be1c508beed8c2ba05a29e9175f54af44e908da1c9c55248472f8586b9541d5a30d4df608ac788cfb45c4e9c3ff858bde23908e7e36ac2f210720", 0xf2, 0x100}], 0x80000, &(0x7f0000000300)={[{@fat=@debug}], [{@fsname={'fsname', 0x3d, '-(*,.:}],\x13\\\'(.'}}, {@subj_role={'subj_role', 0x3d, '-['}}, {@appraise_type}, {@fowner_lt={'fowner<', 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '/'}}, {@smackfshat={'smackfshat', 0x3d, '&&]:'}}, {@obj_user={'obj_user', 0x3d, ')'}}]}) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, 0x3f7, 0x20, 0x70bd2d, 0x25dfdbfe, {0x7, 0x7, './file1', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x20044801) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1) socket$netlink(0x10, 0x3, 0x5) syz_io_uring_setup(0x659c, &(0x7f00000009c0)={0x0, 0x412c, 0x0, 0x1, 0x74, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000c00)=@IORING_OP_WRITEV={0x2, 0x1, 0x4004, @fd=r1, 0x5, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="2564e06b976eec48ffb89efef670302cfe5a283f9911d29bd3601595151771a541fc6312ab32dd016439afe83dca4b01de395d7bc09b70c0a6ff51a688767588307f1c375b734032c0fd9ef7d67e96c10b1a3d4b211236cd50475a3fc0f3a843577a81ce5d4c92799df79d24df0729f3bcbacc605c733201b9c705b1ef69ac6145e98d341c16db73d81ed1b02d5922db072b66054fd1a2bd09b882a12393205a168075bd6585c1bd225e1444a6a6d4d9dadefa1736626329ce0df2e1cc15abadd5e2caa228ce1deab7", 0xc9}], 0x1, 0x5, 0x1}, 0x101) setgroups(0x5, &(0x7f0000000ec0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) [ 106.047647] loop2: detected capacity change from 0 to 1 [ 106.055172] BUG: unable to handle page fault for address: ffffed10212c935e [ 106.055779] #PF: supervisor read access in kernel mode [ 106.056179] #PF: error_code(0x0000) - not-present page [ 106.056578] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 106.057011] Oops: Oops: 0000 [#2] SMP KASAN NOPTI [ 106.057390] CPU: 0 UID: 0 PID: 3990 Comm: syz-executor.5 Tainted: G B D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 106.058298] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 106.058680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.059306] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.059675] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.061053] RSP: 0018:ffff88801acdf800 EFLAGS: 00010212 [ 106.061458] RAX: 1ffff110212c935e RBX: ffff888109649900 RCX: ffffc90004a1e000 [ 106.061997] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109649af0 [ 106.062537] RBP: ffff88801acdfa70 R08: ffff88806ce31340 R09: ffffe8ffffc151b8 [ 106.063076] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 106.063616] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 106.064156] FS: 00007fbc0c0da700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 106.064764] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.065220] CR2: ffffed10212c935e CR3: 00000000453ce000 CR4: 0000000000350ef0 [ 106.065759] Call Trace: [ 106.065960] [ 106.066138] ? perf_swevent_event+0x63/0x3f0 [ 106.066489] ? __pfx_perf_tp_event+0x10/0x10 [ 106.066837] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 106.067222] ? perf_swevent_event+0x63/0x3f0 [ 106.067568] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 106.067958] ? perf_swevent_event+0x63/0x3f0 [ 106.068303] ? perf_tp_event+0x807/0xe70 [ 106.068626] ? __pfx_perf_tp_event+0x10/0x10 [ 106.068970] ? perf_ctx_unlock+0x73/0x160 [ 106.069293] ? __perf_install_in_context+0x503/0xb90 [ 106.069685] ? do_raw_spin_unlock+0x53/0x220 [ 106.070035] ? perf_trace_run_bpf_submit+0xef/0x180 [ 106.070423] perf_trace_run_bpf_submit+0xef/0x180 [ 106.070802] perf_trace_lock+0x337/0x5d0 [ 106.071130] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.071490] ? get_futex_key+0x592/0x14a0 [ 106.071810] ? futex_ref_get+0x114/0x300 [ 106.072123] ? futex_hash+0x15c/0x390 [ 106.072419] lock_release+0x1ab/0x290 [ 106.072719] ? futex_hash+0x15c/0x390 [ 106.073016] futex_ref_get+0x119/0x300 [ 106.073324] ? futex_hash+0x15c/0x390 [ 106.073620] futex_hash+0x70/0x390 [ 106.073899] futex_wake+0x143/0x540 [ 106.074187] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.074543] ? __pfx___mutex_lock+0x10/0x10 [ 106.074882] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 106.075288] ? __pfx_futex_wake+0x10/0x10 [ 106.075617] ? lock_release+0x1c7/0x290 [ 106.075927] ? fd_install+0x1f0/0x660 [ 106.076225] do_futex+0x26d/0x370 [ 106.076499] ? __pfx_do_futex+0x10/0x10 [ 106.076810] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 106.077223] ? count_memcg_events+0x32b/0x420 [ 106.077578] __x64_sys_futex+0x1c9/0x4d0 [ 106.077898] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.078253] ? xfd_validate_state+0x55/0x180 [ 106.078605] do_syscall_64+0xbf/0x360 [ 106.078903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.079297] RIP: 0033:0x7fbc0eb64b19 [ 106.079585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 106.080953] RSP: 002b:00007fbc0c0da218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.081533] RAX: ffffffffffffffda RBX: 00007fbc0ec77f68 RCX: 00007fbc0eb64b19 [ 106.082072] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbc0ec77f6c [ 106.082612] RBP: 00007fbc0ec77f60 R08: 000000000000000e R09: 0000000000000000 [ 106.083151] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbc0ec77f6c [ 106.083691] R13: 00007ffd8a8badef R14: 00007fbc0c0da300 R15: 0000000000022000 [ 106.084242] [ 106.084427] Modules linked in: [ 106.084677] CR2: ffffed10212c935e [ 106.084945] ---[ end trace 0000000000000000 ]--- [ 106.085308] RIP: 0010:apply_wqattrs_cleanup.part.0+0xbd/0x2b0 [ 106.085761] Code: dd 28 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 95 01 00 00 48 8b 5c dd 28 48 85 db 74 41 e8 8a af 32 00 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a6 01 00 00 48 8b 3b e8 50 a8 7c 03 48 89 df [ 106.087134] RSP: 0018:ffff888044fc76b8 EFLAGS: 00010216 [ 106.087541] RAX: 0000000060000000 RBX: 0000000300000000 RCX: ffffc90003c17000 [ 106.088079] RDX: 0000000000040000 RSI: ffffffff814137f6 RDI: ffff88800d87d330 [ 106.088618] RBP: ffff88800d87d300 R08: 0000000000000001 R09: ffffed10089f8ec7 [ 106.089159] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000 [ 106.089699] R13: fffffbfff0b0a4ac R14: ffffffffffffffff R15: 0000000000000001 [ 106.090251] FS: 00007fbc0c0da700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 106.090861] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.091304] CR2: ffffed10212c935e CR3: 00000000453ce000 CR4: 0000000000350ef0 [ 106.091847] note: syz-executor.5[3990] exited with irqs disabled [ 106.092315] BUG: unable to handle page fault for address: ffffed10212c935e [ 106.092838] #PF: supervisor read access in kernel mode [ 106.093241] #PF: error_code(0x0000) - not-present page [ 106.093634] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 106.094063] Oops: Oops: 0000 [#3] SMP KASAN NOPTI [ 106.094435] CPU: 0 UID: 0 PID: 3990 Comm: syz-executor.5 Tainted: G B D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 106.095330] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 106.095711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.096329] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.096690] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.098057] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 106.098462] RAX: 1ffff110212c935e RBX: ffff888109649900 RCX: 0000000000000002 [ 106.098999] RDX: ffff888043f65280 RSI: ffffffff818995b7 RDI: ffff888109649af0 [ 106.099537] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc151b8 [ 106.100074] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 106.100611] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 106.101153] FS: 00007fbc0c0da700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 106.101760] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.102199] CR2: ffffed10212c935e CR3: 00000000453ce000 CR4: 0000000000350ef0 [ 106.102739] Call Trace: [ 106.102938] [ 106.103110] ? perf_trace_lock+0xb5/0x5d0 [ 106.103433] ? __pfx_perf_tp_event+0x10/0x10 [ 106.103775] ? lock_release+0x1c7/0x290 [ 106.104082] ? perf_trace_lock+0xb5/0x5d0 [ 106.104402] ? ieee80211_get_buffered_bc+0x55e/0x890 [ 106.104792] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.105149] ? trace_rcu_utilization+0x26/0x190 [ 106.105512] ? rcu_sched_clock_irq+0x7a0/0x2b40 [ 106.105873] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.106228] ? perf_trace_lock+0xb5/0x5d0 [ 106.106548] ? perf_trace_lock+0xb5/0x5d0 [ 106.106866] ? kvm_sched_clock_read+0x16/0x30 [ 106.107214] ? sched_clock+0x37/0x60 [ 106.107505] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.107859] ? kvm_sched_clock_read+0x16/0x30 [ 106.108207] ? sched_clock+0x37/0x60 [ 106.108498] ? sched_clock_cpu+0x6c/0x4e0 [ 106.108821] ? perf_trace_run_bpf_submit+0xef/0x180 [ 106.109213] perf_trace_run_bpf_submit+0xef/0x180 [ 106.109588] perf_trace_lock+0x337/0x5d0 [ 106.109904] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.110258] ? check_preempt_wakeup_fair+0x406/0x950 [ 106.110650] ? hrtimer_interrupt+0x114/0x830 [ 106.110988] lock_release+0x1ab/0x290 [ 106.111285] ktime_get_update_offsets_now+0xab/0x3c0 [ 106.111674] ? hrtimer_interrupt+0x114/0x830 [ 106.112016] hrtimer_interrupt+0x114/0x830 [ 106.112340] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 106.112712] ? trace_csd_function_exit+0x134/0x190 [ 106.113095] ? __flush_smp_call_function_queue+0x443/0x740 [ 106.113525] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 106.113922] sysvec_apic_timer_interrupt+0x6b/0x80 [ 106.114300] [ 106.114475] [ 106.114653] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 106.115059] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 106.115420] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 106.116780] RSP: 0018:ffff88801acdff28 EFLAGS: 00000246 [ 106.117189] RAX: 0000000000000001 RBX: ffff888043f65280 RCX: ffffffff817c2b86 [ 106.117724] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 106.118261] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 106.118796] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888043f65280 [ 106.119340] R13: 0000000000000009 R14: ffff88801acdf7e0 R15: 0000000000000000 [ 106.119881] ? trace_irq_enable.constprop.0+0x26/0x100 [ 106.120281] ? make_task_dead+0x214/0x3b0 [ 106.120603] ? make_task_dead+0x214/0x3b0 [ 106.120921] ? do_syscall_64+0xbf/0x360 [ 106.121230] rewind_stack_and_make_dead+0x16/0x20 [ 106.121602] RIP: 0033:0x7fbc0eb64b19 [ 106.121887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 106.123254] RSP: 002b:00007fbc0c0da218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.123826] RAX: ffffffffffffffda RBX: 00007fbc0ec77f68 RCX: 00007fbc0eb64b19 [ 106.124363] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbc0ec77f6c [ 106.124900] RBP: 00007fbc0ec77f60 R08: 000000000000000e R09: 0000000000000000 [ 106.125447] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbc0ec77f6c [ 106.125984] R13: 00007ffd8a8badef R14: 00007fbc0c0da300 R15: 0000000000022000 [ 106.126527] [ 106.126708] Modules linked in: [ 106.126956] CR2: ffffed10212c935e [ 106.127219] ---[ end trace 0000000000000000 ]--- [ 106.127577] RIP: 0010:apply_wqattrs_cleanup.part.0+0xbd/0x2b0 [ 106.128024] Code: dd 28 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 95 01 00 00 48 8b 5c dd 28 48 85 db 74 41 e8 8a af 32 00 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a6 01 00 00 48 8b 3b e8 50 a8 7c 03 48 89 df [ 106.129390] RSP: 0018:ffff888044fc76b8 EFLAGS: 00010216 [ 106.129793] RAX: 0000000060000000 RBX: 0000000300000000 RCX: ffffc90003c17000 [ 106.130329] RDX: 0000000000040000 RSI: ffffffff814137f6 RDI: ffff88800d87d330 [ 106.130867] RBP: ffff88800d87d300 R08: 0000000000000001 R09: ffffed10089f8ec7 [ 106.131405] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000 [ 106.131941] R13: fffffbfff0b0a4ac R14: ffffffffffffffff R15: 0000000000000001 [ 106.132481] FS: 00007fbc0c0da700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 106.133090] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.133532] CR2: ffffed10212c935e CR3: 00000000453ce000 CR4: 0000000000350ef0 [ 106.134071] Kernel panic - not syncing: Fatal exception in interrupt [ 106.134649] Kernel Offset: disabled [ 106.134926] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:12:41 Registers: info registers vcpu 0 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888044fc7008 R8 =0000000000000000 R9 =ffffed100140e046 R10=0000000000000062 R11=313030203a504952 R12=0000000000000062 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd1a2734700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffeddbe4ff8 CR3=0000000044e15000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff88800a559b80 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880165cf6f8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556ead5400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2ffff55018 CR3=00000000428a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=0000000000000000048f6f1a25695368 XMM02=00000000000000000000000000000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000