Warning: Permanently added '[localhost]:61023' (ECDSA) to the list of known hosts. 2025/08/29 10:12:01 fuzzer started 2025/08/29 10:12:01 dialing manager at localhost:43077 syzkaller login: [ 59.170293] cgroup: Unknown subsys name 'net' [ 59.237387] cgroup: Unknown subsys name 'cpuset' [ 59.268331] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:12:12 syscalls: 2214 2025/08/29 10:12:12 code coverage: enabled 2025/08/29 10:12:12 comparison tracing: enabled 2025/08/29 10:12:12 extra coverage: enabled 2025/08/29 10:12:12 setuid sandbox: enabled 2025/08/29 10:12:12 namespace sandbox: enabled 2025/08/29 10:12:12 Android sandbox: enabled 2025/08/29 10:12:12 fault injection: enabled 2025/08/29 10:12:12 leak checking: enabled 2025/08/29 10:12:12 net packet injection: enabled 2025/08/29 10:12:12 net device setup: enabled 2025/08/29 10:12:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:12:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:12:12 USB emulation: enabled 2025/08/29 10:12:12 hci packet injection: enabled 2025/08/29 10:12:12 wifi device emulation: enabled 2025/08/29 10:12:12 802.15.4 emulation: enabled 2025/08/29 10:12:12 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:12:12 fetching corpus: 50, signal 23145/26620 (executing program) 2025/08/29 10:12:12 fetching corpus: 100, signal 32644/37486 (executing program) 2025/08/29 10:12:12 fetching corpus: 150, signal 42085/48040 (executing program) 2025/08/29 10:12:12 fetching corpus: 200, signal 47641/54754 (executing program) 2025/08/29 10:12:12 fetching corpus: 250, signal 52461/60650 (executing program) 2025/08/29 10:12:12 fetching corpus: 300, signal 58239/67323 (executing program) 2025/08/29 10:12:13 fetching corpus: 350, signal 62258/72272 (executing program) 2025/08/29 10:12:13 fetching corpus: 400, signal 66558/77413 (executing program) 2025/08/29 10:12:13 fetching corpus: 450, signal 70079/81700 (executing program) 2025/08/29 10:12:13 fetching corpus: 500, signal 73551/85942 (executing program) 2025/08/29 10:12:13 fetching corpus: 550, signal 77048/90097 (executing program) 2025/08/29 10:12:13 fetching corpus: 600, signal 78703/92572 (executing program) 2025/08/29 10:12:13 fetching corpus: 650, signal 82081/96525 (executing program) 2025/08/29 10:12:13 fetching corpus: 700, signal 84068/99178 (executing program) 2025/08/29 10:12:13 fetching corpus: 750, signal 85838/101662 (executing program) 2025/08/29 10:12:13 fetching corpus: 800, signal 88382/104730 (executing program) 2025/08/29 10:12:14 fetching corpus: 850, signal 89814/106906 (executing program) 2025/08/29 10:12:14 fetching corpus: 900, signal 91675/109356 (executing program) 2025/08/29 10:12:14 fetching corpus: 950, signal 93901/112058 (executing program) 2025/08/29 10:12:14 fetching corpus: 1000, signal 95888/114390 (executing program) 2025/08/29 10:12:14 fetching corpus: 1050, signal 97426/116422 (executing program) 2025/08/29 10:12:14 fetching corpus: 1100, signal 99028/118508 (executing program) 2025/08/29 10:12:14 fetching corpus: 1150, signal 100561/120482 (executing program) 2025/08/29 10:12:14 fetching corpus: 1200, signal 102591/122788 (executing program) 2025/08/29 10:12:14 fetching corpus: 1250, signal 103545/124303 (executing program) 2025/08/29 10:12:14 fetching corpus: 1300, signal 105172/126209 (executing program) 2025/08/29 10:12:15 fetching corpus: 1350, signal 105979/127538 (executing program) 2025/08/29 10:12:15 fetching corpus: 1400, signal 107278/129159 (executing program) 2025/08/29 10:12:15 fetching corpus: 1450, signal 108288/130598 (executing program) 2025/08/29 10:12:15 fetching corpus: 1500, signal 109643/132270 (executing program) 2025/08/29 10:12:15 fetching corpus: 1550, signal 110667/133670 (executing program) 2025/08/29 10:12:15 fetching corpus: 1600, signal 113323/135993 (executing program) 2025/08/29 10:12:15 fetching corpus: 1650, signal 114607/137507 (executing program) 2025/08/29 10:12:15 fetching corpus: 1700, signal 115199/138506 (executing program) 2025/08/29 10:12:15 fetching corpus: 1750, signal 116029/139635 (executing program) 2025/08/29 10:12:16 fetching corpus: 1800, signal 117415/141050 (executing program) 2025/08/29 10:12:16 fetching corpus: 1850, signal 118448/142223 (executing program) 2025/08/29 10:12:16 fetching corpus: 1900, signal 119245/143258 (executing program) 2025/08/29 10:12:16 fetching corpus: 1950, signal 120111/144376 (executing program) 2025/08/29 10:12:16 fetching corpus: 2000, signal 121072/145424 (executing program) 2025/08/29 10:12:16 fetching corpus: 2050, signal 121865/146408 (executing program) 2025/08/29 10:12:16 fetching corpus: 2100, signal 122445/147294 (executing program) 2025/08/29 10:12:16 fetching corpus: 2150, signal 124004/148618 (executing program) 2025/08/29 10:12:16 fetching corpus: 2200, signal 124743/149514 (executing program) 2025/08/29 10:12:16 fetching corpus: 2250, signal 125597/150472 (executing program) 2025/08/29 10:12:16 fetching corpus: 2300, signal 126600/151562 (executing program) 2025/08/29 10:12:17 fetching corpus: 2350, signal 127461/152458 (executing program) 2025/08/29 10:12:17 fetching corpus: 2400, signal 128380/153374 (executing program) 2025/08/29 10:12:17 fetching corpus: 2450, signal 129364/154293 (executing program) 2025/08/29 10:12:17 fetching corpus: 2500, signal 130115/155102 (executing program) 2025/08/29 10:12:17 fetching corpus: 2550, signal 130955/155950 (executing program) 2025/08/29 10:12:17 fetching corpus: 2600, signal 132746/157079 (executing program) 2025/08/29 10:12:17 fetching corpus: 2650, signal 133294/157721 (executing program) 2025/08/29 10:12:17 fetching corpus: 2700, signal 133885/158398 (executing program) 2025/08/29 10:12:17 fetching corpus: 2750, signal 134329/159013 (executing program) 2025/08/29 10:12:17 fetching corpus: 2800, signal 135654/159891 (executing program) 2025/08/29 10:12:18 fetching corpus: 2850, signal 136275/160518 (executing program) 2025/08/29 10:12:18 fetching corpus: 2900, signal 136881/161102 (executing program) 2025/08/29 10:12:18 fetching corpus: 2950, signal 137610/161731 (executing program) 2025/08/29 10:12:18 fetching corpus: 3000, signal 139070/162547 (executing program) 2025/08/29 10:12:18 fetching corpus: 3050, signal 139580/163077 (executing program) 2025/08/29 10:12:18 fetching corpus: 3100, signal 140190/163624 (executing program) 2025/08/29 10:12:18 fetching corpus: 3150, signal 140894/164135 (executing program) 2025/08/29 10:12:18 fetching corpus: 3200, signal 141568/164658 (executing program) 2025/08/29 10:12:18 fetching corpus: 3250, signal 142194/165169 (executing program) 2025/08/29 10:12:19 fetching corpus: 3300, signal 143005/165692 (executing program) 2025/08/29 10:12:19 fetching corpus: 3350, signal 143743/166209 (executing program) 2025/08/29 10:12:19 fetching corpus: 3400, signal 144212/166629 (executing program) 2025/08/29 10:12:19 fetching corpus: 3450, signal 145029/167118 (executing program) 2025/08/29 10:12:19 fetching corpus: 3500, signal 145550/167581 (executing program) 2025/08/29 10:12:19 fetching corpus: 3550, signal 146070/167971 (executing program) 2025/08/29 10:12:19 fetching corpus: 3600, signal 147056/168422 (executing program) 2025/08/29 10:12:19 fetching corpus: 3650, signal 147709/168772 (executing program) 2025/08/29 10:12:19 fetching corpus: 3700, signal 148501/169233 (executing program) 2025/08/29 10:12:19 fetching corpus: 3750, signal 149186/169585 (executing program) 2025/08/29 10:12:20 fetching corpus: 3800, signal 149760/169924 (executing program) 2025/08/29 10:12:20 fetching corpus: 3850, signal 150362/170248 (executing program) 2025/08/29 10:12:20 fetching corpus: 3900, signal 150979/170543 (executing program) 2025/08/29 10:12:20 fetching corpus: 3950, signal 151279/170787 (executing program) 2025/08/29 10:12:20 fetching corpus: 4000, signal 151737/171072 (executing program) 2025/08/29 10:12:20 fetching corpus: 4050, signal 152185/171380 (executing program) 2025/08/29 10:12:20 fetching corpus: 4100, signal 152822/171623 (executing program) 2025/08/29 10:12:20 fetching corpus: 4150, signal 153238/171759 (executing program) 2025/08/29 10:12:20 fetching corpus: 4200, signal 154117/171766 (executing program) 2025/08/29 10:12:20 fetching corpus: 4250, signal 154478/171777 (executing program) 2025/08/29 10:12:20 fetching corpus: 4300, signal 154781/171791 (executing program) 2025/08/29 10:12:21 fetching corpus: 4350, signal 155200/171798 (executing program) 2025/08/29 10:12:21 fetching corpus: 4400, signal 155577/171814 (executing program) 2025/08/29 10:12:21 fetching corpus: 4450, signal 156031/171851 (executing program) 2025/08/29 10:12:21 fetching corpus: 4500, signal 156453/171868 (executing program) 2025/08/29 10:12:21 fetching corpus: 4550, signal 156868/171923 (executing program) 2025/08/29 10:12:21 fetching corpus: 4600, signal 157228/171926 (executing program) 2025/08/29 10:12:21 fetching corpus: 4650, signal 157907/172018 (executing program) 2025/08/29 10:12:21 fetching corpus: 4700, signal 158448/172130 (executing program) 2025/08/29 10:12:21 fetching corpus: 4750, signal 158785/172140 (executing program) 2025/08/29 10:12:21 fetching corpus: 4800, signal 159227/172141 (executing program) 2025/08/29 10:12:21 fetching corpus: 4850, signal 159591/172180 (executing program) 2025/08/29 10:12:21 fetching corpus: 4900, signal 160017/172210 (executing program) 2025/08/29 10:12:21 fetching corpus: 4950, signal 160449/172213 (executing program) 2025/08/29 10:12:22 fetching corpus: 5000, signal 161051/172215 (executing program) 2025/08/29 10:12:22 fetching corpus: 5050, signal 161524/172219 (executing program) 2025/08/29 10:12:22 fetching corpus: 5100, signal 162167/172229 (executing program) 2025/08/29 10:12:22 fetching corpus: 5150, signal 162516/172247 (executing program) 2025/08/29 10:12:22 fetching corpus: 5200, signal 162941/172264 (executing program) 2025/08/29 10:12:22 fetching corpus: 5250, signal 163298/172282 (executing program) 2025/08/29 10:12:22 fetching corpus: 5300, signal 163686/172320 (executing program) 2025/08/29 10:12:22 fetching corpus: 5350, signal 164034/172352 (executing program) 2025/08/29 10:12:22 fetching corpus: 5400, signal 164554/172356 (executing program) 2025/08/29 10:12:22 fetching corpus: 5450, signal 164882/172372 (executing program) 2025/08/29 10:12:23 fetching corpus: 5500, signal 165522/172372 (executing program) 2025/08/29 10:12:23 fetching corpus: 5550, signal 167017/172372 (executing program) 2025/08/29 10:12:23 fetching corpus: 5600, signal 167425/172437 (executing program) 2025/08/29 10:12:23 fetching corpus: 5650, signal 167803/172437 (executing program) 2025/08/29 10:12:23 fetching corpus: 5700, signal 168151/172452 (executing program) 2025/08/29 10:12:23 fetching corpus: 5750, signal 168877/172550 (executing program) 2025/08/29 10:12:23 fetching corpus: 5800, signal 169202/172559 (executing program) 2025/08/29 10:12:23 fetching corpus: 5850, signal 169621/172614 (executing program) 2025/08/29 10:12:23 fetching corpus: 5868, signal 170191/172614 (executing program) 2025/08/29 10:12:23 fetching corpus: 5868, signal 170191/172614 (executing program) 2025/08/29 10:12:25 starting 8 fuzzer processes 10:12:25 executing program 0: eventfd2(0x0, 0xc01) 10:12:25 executing program 4: syz_mount_image$tmpfs(&(0x7f0000001080), &(0x7f00000010c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001280)=[{&(0x7f0000001100)="1c", 0x1}], 0x0, &(0x7f0000001300)) 10:12:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=@getae={0x40, 0x1f, 0x1, 0x0, 0x0, {{@in=@private, 0x0, 0x2}}}, 0x40}}, 0x0) 10:12:25 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x3ffffe00}]) 10:12:25 executing program 3: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) lseek(r0, 0x0, 0x1) 10:12:25 executing program 5: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) 10:12:25 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r0, &(0x7f00000030c0)) [ 83.103192] audit: type=1400 audit(1756462345.640:7): avc: denied { execmem } for pid=281 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:12:25 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0) [ 84.186858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.193655] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.196047] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.203627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.208461] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.319694] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.323728] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.325673] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.329866] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.331559] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.332762] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.338900] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.345424] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.345467] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.350324] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.384055] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.385613] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 84.387509] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.400374] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 84.400626] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.401511] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.404766] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.407873] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.410049] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.412238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.413629] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 84.423525] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.426841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 84.431302] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 84.436730] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.448263] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 84.457935] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 84.461501] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 84.478453] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 84.482578] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.487522] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.495879] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 84.498941] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 84.510440] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.514407] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.219647] Bluetooth: hci0: command tx timeout [ 86.411213] Bluetooth: hci2: command tx timeout [ 86.412915] Bluetooth: hci1: command tx timeout [ 86.475313] Bluetooth: hci5: command tx timeout [ 86.475872] Bluetooth: hci4: command tx timeout [ 86.541196] Bluetooth: hci6: command tx timeout [ 86.541845] Bluetooth: hci3: command tx timeout [ 86.603210] Bluetooth: hci7: command tx timeout [ 88.267906] Bluetooth: hci0: command tx timeout [ 88.459453] Bluetooth: hci1: command tx timeout [ 88.459919] Bluetooth: hci2: command tx timeout [ 88.523318] Bluetooth: hci4: command tx timeout [ 88.523784] Bluetooth: hci5: command tx timeout [ 88.587863] Bluetooth: hci3: command tx timeout [ 88.588422] Bluetooth: hci6: command tx timeout [ 88.651369] Bluetooth: hci7: command tx timeout [ 90.316296] Bluetooth: hci0: command tx timeout [ 90.507210] Bluetooth: hci1: command tx timeout [ 90.507668] Bluetooth: hci2: command tx timeout [ 90.572088] Bluetooth: hci4: command tx timeout [ 90.572525] Bluetooth: hci5: command tx timeout [ 90.635247] Bluetooth: hci6: command tx timeout [ 90.635762] Bluetooth: hci3: command tx timeout [ 90.699231] Bluetooth: hci7: command tx timeout [ 92.363213] Bluetooth: hci0: command tx timeout [ 92.555439] Bluetooth: hci2: command tx timeout [ 92.556113] Bluetooth: hci1: command tx timeout [ 92.619260] Bluetooth: hci5: command tx timeout [ 92.619902] Bluetooth: hci4: command tx timeout [ 92.683720] Bluetooth: hci3: command tx timeout [ 92.684379] Bluetooth: hci6: command tx timeout [ 92.747292] Bluetooth: hci7: command tx timeout [ 120.405874] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.406571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.617291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.617922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.809178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.809785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.951534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.952451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:13:03 executing program 4: syz_mount_image$tmpfs(&(0x7f0000001080), &(0x7f00000010c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001280)=[{&(0x7f0000001100)="1c", 0x1}], 0x0, &(0x7f0000001300)) 10:13:03 executing program 4: syz_mount_image$tmpfs(&(0x7f0000001080), &(0x7f00000010c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001280)=[{&(0x7f0000001100)="1c", 0x1}], 0x0, &(0x7f0000001300)) 10:13:03 executing program 4: syz_mount_image$tmpfs(&(0x7f0000001080), &(0x7f00000010c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001280)=[{&(0x7f0000001100)="1c", 0x1}], 0x0, &(0x7f0000001300)) 10:13:03 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080), 0x4) 10:13:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080), 0x4) 10:13:04 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) lseek(r0, 0x2, 0x0) 10:13:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080), 0x4) 10:13:04 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) lseek(r0, 0x2, 0x0) [ 122.096457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.097030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.192943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.193882] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.362303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.362928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.564510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.565434] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.097718] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.099061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.192204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.192802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.376328] audit: type=1400 audit(1756462385.912:8): avc: denied { open } for pid=3892 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.382742] audit: type=1400 audit(1756462385.914:9): avc: denied { kernel } for pid=3892 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.389826] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 123.416494] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 123.508518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.509161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.579468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.580101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.644659] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.645287] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.695942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.696559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.743461] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.744062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.765882] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.766768] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.767488] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.768114] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 00 00 00 00 40 00 [ 123.768846] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.784114] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.785571] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.786162] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.786769] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 00 40 00 00 40 00 [ 123.787399] critical target error, dev sr0, sector 256 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.792106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.793008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.799486] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.800350] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.800922] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.801643] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 00 80 00 00 40 00 [ 123.802370] critical target error, dev sr0, sector 512 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.816563] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.817383] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.817958] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.818575] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 00 c0 00 00 40 00 [ 123.819198] critical target error, dev sr0, sector 768 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.830891] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.831794] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.832413] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.833016] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 00 00 00 40 00 [ 123.833626] critical target error, dev sr0, sector 1024 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.849512] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.850426] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.851051] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.851907] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 40 00 00 40 00 [ 123.852523] critical target error, dev sr0, sector 1280 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.867713] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.868524] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.869108] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.869730] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 80 00 00 40 00 [ 123.870355] critical target error, dev sr0, sector 1536 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.881944] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.882698] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.883305] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.883934] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 c0 00 00 40 00 [ 123.884545] critical target error, dev sr0, sector 1792 op 0x1:(WRITE) flags 0x8800 phys_seg 32 prio class 2 [ 123.893501] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.894274] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.894851] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.895477] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 02 00 00 00 40 00 [ 123.896094] critical target error, dev sr0, sector 2048 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 123.909861] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 123.910631] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 123.911217] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 123.911832] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 02 40 00 00 40 00 [ 123.912451] critical target error, dev sr0, sector 2304 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 10:13:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=@getae={0x40, 0x1f, 0x1, 0x0, 0x0, {{@in=@private, 0x0, 0x2}}}, 0x40}}, 0x0) 10:13:07 executing program 0: eventfd2(0x0, 0xc01) 10:13:07 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x3ffffe00}]) 10:13:07 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) lseek(r0, 0x2, 0x0) 10:13:07 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r0, &(0x7f00000030c0)) 10:13:07 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0) 10:13:07 executing program 3: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) lseek(r0, 0x0, 0x1) 10:13:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080), 0x4) [ 125.491435] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. 10:13:08 executing program 3: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) lseek(r0, 0x0, 0x1) 10:13:08 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2201, &(0x7f0000002040)) 10:13:08 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r0, &(0x7f00000030c0)) 10:13:08 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) lseek(r0, 0x2, 0x0) 10:13:08 executing program 0: eventfd2(0x0, 0xc01) 10:13:09 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=@getae={0x40, 0x1f, 0x1, 0x0, 0x0, {{@in=@private, 0x0, 0x2}}}, 0x40}}, 0x0) 10:13:09 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x3ffffe00}]) 10:13:09 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2201, &(0x7f0000002040)) 10:13:09 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x9}) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0) syz_io_uring_complete(r1) 10:13:09 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r0, &(0x7f00000030c0)) 10:13:09 executing program 0: eventfd2(0x0, 0xc01) 10:13:09 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0) 10:13:09 executing program 3: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) lseek(r0, 0x0, 0x1) [ 127.524090] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. 10:13:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=@getae={0x40, 0x1f, 0x1, 0x0, 0x0, {{@in=@private, 0x0, 0x2}}}, 0x40}}, 0x0) 10:13:10 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000e00)) 10:13:10 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/address_bits', 0x0, 0x0) read$snapshot(r0, &(0x7f0000000000)=""/86, 0x56) 10:13:10 executing program 7: arch_prctl$ARCH_GET_GS(0x1021, &(0x7f0000000140)) [ 127.621530] kmemleak: Found object by alias at 0x607f1a63966c [ 127.621558] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.621591] Tainted: [W]=WARN [ 127.621597] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.621609] Call Trace: [ 127.621616] [ 127.621624] dump_stack_lvl+0xca/0x120 [ 127.621663] __lookup_object+0x94/0xb0 [ 127.621692] delete_object_full+0x27/0x70 [ 127.621721] free_percpu+0x30/0x1160 [ 127.621749] ? arch_uprobe_clear_state+0x16/0x140 [ 127.621784] futex_hash_free+0x38/0xc0 [ 127.621809] mmput+0x2d3/0x390 [ 127.621842] do_exit+0x79d/0x2970 [ 127.621866] ? signal_wake_up_state+0x85/0x120 [ 127.621893] ? zap_other_threads+0x2b9/0x3a0 [ 127.621921] ? __pfx_do_exit+0x10/0x10 [ 127.621944] ? do_group_exit+0x1c3/0x2a0 [ 127.621969] ? lock_release+0xc8/0x290 [ 127.621999] do_group_exit+0xd3/0x2a0 [ 127.622025] __x64_sys_exit_group+0x3e/0x50 [ 127.622050] x64_sys_call+0x18c5/0x18d0 [ 127.622077] do_syscall_64+0xbf/0x360 [ 127.622097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.622118] RIP: 0033:0x7fb673f30b19 [ 127.622142] Code: Unable to access opcode bytes at 0x7fb673f30aef. [ 127.622151] RSP: 002b:00007ffd61053d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 127.622171] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fb673f30b19 [ 127.622185] RDX: 00007fb673ee372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 127.622197] RBP: 0000000000000000 R08: 0000001b2dd23600 R09: 0000000000000000 [ 127.622210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.622222] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd61053e80 [ 127.622250] [ 127.622257] kmemleak: Object (percpu) 0x607f1a639668 (size 8): [ 127.622268] kmemleak: comm "syz-executor.2", pid 3962, jiffies 4294794359 [ 127.622281] kmemleak: min_count = 1 [ 127.622288] kmemleak: count = 0 [ 127.622294] kmemleak: flags = 0x21 [ 127.622301] kmemleak: checksum = 0 [ 127.622308] kmemleak: backtrace: [ 127.622313] pcpu_alloc_noprof+0x87a/0x1170 [ 127.622340] percpu_ref_init+0x37/0x400 [ 127.622371] ioctx_alloc+0x368/0x1e10 [ 127.622392] __x64_sys_io_setup+0xc8/0x1f0 [ 127.622413] do_syscall_64+0xbf/0x360 [ 127.622429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.771699] scsi_io_completion_action: 362 callbacks suppressed [ 128.771799] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.774101] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.775204] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.776329] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1d 00 00 00 40 00 [ 128.777419] blk_print_req_error: 362 callbacks suppressed [ 128.777432] critical target error, dev sr0, sector 29696 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.793683] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.795291] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.797037] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.798428] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1d 40 00 00 40 00 [ 128.799756] critical target error, dev sr0, sector 29952 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.815589] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.817248] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.818573] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.819889] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1d 80 00 00 40 00 [ 128.821263] critical target error, dev sr0, sector 30208 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.838566] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.840109] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.841541] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.842785] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1d c0 00 00 40 00 [ 128.843899] critical target error, dev sr0, sector 30464 op 0x1:(WRITE) flags 0x8800 phys_seg 32 prio class 2 [ 128.856963] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.858396] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.861332] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.863666] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1e 00 00 00 40 00 [ 128.864894] critical target error, dev sr0, sector 30720 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.882213] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.883037] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.883679] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.884354] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1e 40 00 00 40 00 [ 128.884984] critical target error, dev sr0, sector 30976 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.896375] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.897188] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.897784] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.898441] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1e 80 00 00 40 00 [ 128.899071] critical target error, dev sr0, sector 31232 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.908547] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.909362] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.909964] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.910613] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1e c0 00 00 40 00 [ 128.911269] critical target error, dev sr0, sector 31488 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.917848] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.918678] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.919309] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.919963] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1f 00 00 00 40 00 [ 128.920608] critical target error, dev sr0, sector 31744 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 [ 128.933640] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 128.934454] sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] [ 128.935061] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code [ 128.935725] sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1f 40 00 00 40 00 [ 128.936408] critical target error, dev sr0, sector 32000 op 0x1:(WRITE) flags 0xc800 phys_seg 32 prio class 2 10:13:12 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x9}) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0) syz_io_uring_complete(r1) 10:13:12 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @dev}, {0x2, 0x0, @empty=0xfffffffe}}) 10:13:12 executing program 7: arch_prctl$ARCH_GET_GS(0x1021, &(0x7f0000000140)) 10:13:12 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000e00)) 10:13:12 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x3ffffe00}]) 10:13:12 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0) 10:13:12 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/address_bits', 0x0, 0x0) read$snapshot(r0, &(0x7f0000000000)=""/86, 0x56) 10:13:12 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2201, &(0x7f0000002040)) [ 129.573759] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 129.657003] kmemleak: Found object by alias at 0x607f1a638bf4 [ 129.657033] CPU: 0 UID: 0 PID: 3988 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 129.657071] Tainted: [W]=WARN [ 129.657079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.657092] Call Trace: [ 129.657100] [ 129.657109] dump_stack_lvl+0xca/0x120 [ 129.657160] __lookup_object+0x94/0xb0 [ 129.657194] delete_object_full+0x27/0x70 [ 129.657227] free_percpu+0x30/0x1160 [ 129.657260] ? arch_uprobe_clear_state+0x16/0x140 [ 129.657301] futex_hash_free+0x38/0xc0 [ 129.657329] mmput+0x2d3/0x390 [ 129.657367] do_exit+0x79d/0x2970 [ 129.657395] ? lock_release+0xc8/0x290 [ 129.657431] ? __pfx_do_exit+0x10/0x10 [ 129.657459] ? find_held_lock+0x2b/0x80 [ 129.657495] ? get_signal+0x835/0x2340 [ 129.657535] do_group_exit+0xd3/0x2a0 [ 129.657566] get_signal+0x2315/0x2340 [ 129.657613] ? __pfx_get_signal+0x10/0x10 [ 129.657646] ? do_futex+0x135/0x370 [ 129.657675] ? __pfx_do_futex+0x10/0x10 [ 129.657706] arch_do_signal_or_restart+0x80/0x790 [ 129.657742] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 129.657775] ? __x64_sys_futex+0x1c9/0x4d0 [ 129.657801] ? __x64_sys_futex+0x1d2/0x4d0 [ 129.657832] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.657859] ? __put_user_8+0xd/0x20 [ 129.657893] ? xfd_validate_state+0x55/0x180 [ 129.657936] exit_to_user_mode_loop+0x8b/0x110 [ 129.657962] do_syscall_64+0x2f7/0x360 [ 129.657985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.658009] RIP: 0033:0x7fc8d2592b19 [ 129.658027] Code: Unable to access opcode bytes at 0x7fc8d2592aef. [ 129.658037] RSP: 002b:00007fc8cfb08218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.658060] RAX: fffffffffffffe00 RBX: 00007fc8d26a5f68 RCX: 00007fc8d2592b19 [ 129.658076] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc8d26a5f68 [ 129.658091] RBP: 00007fc8d26a5f60 R08: 0000000000000000 R09: 0000000000000000 [ 129.658105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc8d26a5f6c [ 129.658119] R13: 00007ffd7a99072f R14: 00007fc8cfb08300 R15: 0000000000022000 [ 129.658152] [ 129.658160] kmemleak: Object (percpu) 0x607f1a638bf0 (size 8): [ 129.658173] kmemleak: comm "syz-executor.2", pid 3984, jiffies 4294796399 [ 129.658187] kmemleak: min_count = 1 [ 129.658195] kmemleak: count = 0 [ 129.658203] kmemleak: flags = 0x21 [ 129.658210] kmemleak: checksum = 0 [ 129.658218] kmemleak: backtrace: [ 129.658224] pcpu_alloc_noprof+0x87a/0x1170 [ 129.658255] percpu_ref_init+0x37/0x400 [ 129.658290] ioctx_alloc+0x27f/0x1e10 [ 129.658314] __x64_sys_io_setup+0xc8/0x1f0 [ 129.658339] do_syscall_64+0xbf/0x360 [ 129.658356] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:13:12 executing program 1: io_setup(0x1, &(0x7f0000000140)) 10:13:12 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x9}) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0) syz_io_uring_complete(r1) [ 132.151164] ------------[ cut here ]------------ [ 132.152264] percpu ref (free_ioctx_users) <= 0 (0) after switching to atomic [ 132.152519] WARNING: lib/percpu-refcount.c:197 at percpu_ref_switch_to_atomic_rcu+0x3cc/0x480, CPU#1: swapper/1/0 [ 132.155595] Modules linked in: [ 132.156309] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 132.164013] Tainted: [W]=WARN [ 132.164631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.166105] RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x3cc/0x480 [ 132.167275] Code: 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 9e 00 00 00 49 8b 75 e8 48 c7 c7 80 97 e2 84 e8 75 c5 e9 fe 90 <0f> 0b 90 90 e9 2b ff ff ff e8 f6 de 5f ff e9 9e fe ff ff e8 7c df [ 132.170498] RSP: 0018:ffff88806cf08e20 EFLAGS: 00010286 [ 132.171493] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8139de70 [ 132.172851] RDX: ffff888009633700 RSI: ffffffff8139de7e RDI: 0000000000000001 [ 132.174263] RBP: 7fffffffffffffff R08: 0000000000000001 R09: ffffed100d9e4801 [ 132.175586] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800e272b80 [ 132.176921] R13: ffff88800e272ba0 R14: 0000000000000002 R15: 0000000000000003 [ 132.178225] FS: 0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 132.179685] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.180773] CR2: 000055d14cce6390 CR3: 000000003ff88000 CR4: 0000000000350ef0 [ 132.182071] Call Trace: [ 132.182585] [ 132.183006] ? rcu_core+0x7c3/0x1800 [ 132.183746] rcu_core+0x7c8/0x1800 [ 132.184453] ? __pfx_rcu_core+0x10/0x10 [ 132.185226] ? clockevents_program_event+0x135/0x360 [ 132.186214] ? tick_program_event+0xac/0x140 [ 132.187028] ? hrtimer_interrupt+0x652/0x830 [ 132.187872] handle_softirqs+0x1b1/0x770 [ 132.188695] __irq_exit_rcu+0xc4/0x100 [ 132.189450] irq_exit_rcu+0x9/0x20 [ 132.190109] sysvec_apic_timer_interrupt+0x70/0x80 [ 132.191055] [ 132.191515] [ 132.191935] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.192929] RIP: 0010:pv_native_safe_halt+0x1e/0x30 [ 132.193887] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 [ 132.197083] RSP: 0018:ffff888009717e58 EFLAGS: 00000202 [ 132.198085] RAX: 0000000000079645 RBX: 0000000000000001 RCX: ffffffff84bb95f7 [ 132.199394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff814c8304 [ 132.200701] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffed100d9e630a [ 132.201990] R10: ffff88806cf31853 R11: 0000000000000001 R12: ffffffff8643ac50 [ 132.203301] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000 [ 132.204645] ? ct_kernel_exit.constprop.0+0x127/0x150 [ 132.205628] ? do_idle+0x344/0x490 [ 132.206318] default_idle+0xe/0x20 [ 132.206959] default_idle_call+0x6d/0xb0 [ 132.207730] do_idle+0x344/0x490 [ 132.208421] ? __pfx_do_idle+0x10/0x10 [ 132.209168] ? trace_sched_exit_tp+0x26/0x100 [ 132.210012] cpu_startup_entry+0x4f/0x60 [ 132.210797] start_secondary+0x1bd/0x210 [ 132.211579] common_startup_64+0x13e/0x148 [ 132.212426] [ 132.212851] irq event stamp: 497760 [ 132.213539] hardirqs last enabled at (497770): [] __up_console_sem+0x78/0x80 [ 132.215148] hardirqs last disabled at (497781): [] __up_console_sem+0x5d/0x80 [ 132.216726] softirqs last enabled at (497198): [] handle_softirqs+0x50c/0x770 [ 132.218319] softirqs last disabled at (497223): [] __irq_exit_rcu+0xc4/0x100 [ 132.219898] ---[ end trace 0000000000000000 ]--- [ 132.220802] percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff88800e272b80 pointer offset 0 size 64 VM DIAGNOSIS: 10:13:14 Registers: info registers vcpu 0 RAX=0000000000093b87 RBX=0000000000000000 RCX=ffffffff84bb95f7 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff814c8304 RBP=dffffc0000000000 RSP=ffffffff85a07e00 R8 =0000000000000001 R9 =ffffed100d9c630a R10=ffff88806ce31853 R11=0000000000000001 R12=ffffffff8643ac50 R13=1ffffffff0b40fc7 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84bb831e RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4af7793000 CR3=000000003ff88000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88806cf08760 R8 =0000000000000000 R9 =ffffed1001732046 R10=000000000000003a R11=0000000000000001 R12=000000000000003a R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055d14cce6390 CR3=000000003ff88000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000