Warning: Permanently added '[localhost]:37103' (ECDSA) to the list of known hosts.
2025/08/29 08:56:15 fuzzer started
2025/08/29 08:56:15 dialing manager at localhost:43077
syzkaller login: [ 59.336319] cgroup: Unknown subsys name 'net'
[ 59.477825] cgroup: Unknown subsys name 'cpuset'
[ 59.504184] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:56:25 syscalls: 2214
2025/08/29 08:56:25 code coverage: enabled
2025/08/29 08:56:25 comparison tracing: enabled
2025/08/29 08:56:25 extra coverage: enabled
2025/08/29 08:56:25 setuid sandbox: enabled
2025/08/29 08:56:25 namespace sandbox: enabled
2025/08/29 08:56:25 Android sandbox: enabled
2025/08/29 08:56:25 fault injection: enabled
2025/08/29 08:56:25 leak checking: enabled
2025/08/29 08:56:25 net packet injection: enabled
2025/08/29 08:56:25 net device setup: enabled
2025/08/29 08:56:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:56:25 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:56:25 USB emulation: enabled
2025/08/29 08:56:25 hci packet injection: enabled
2025/08/29 08:56:25 wifi device emulation: enabled
2025/08/29 08:56:25 802.15.4 emulation: enabled
2025/08/29 08:56:25 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:56:25 fetching corpus: 50, signal 34534/37430 (executing program)
2025/08/29 08:56:26 fetching corpus: 100, signal 41347/45375 (executing program)
2025/08/29 08:56:26 fetching corpus: 150, signal 48225/53224 (executing program)
2025/08/29 08:56:26 fetching corpus: 200, signal 54001/59826 (executing program)
2025/08/29 08:56:26 fetching corpus: 250, signal 58054/64649 (executing program)
2025/08/29 08:56:26 fetching corpus: 300, signal 62637/69827 (executing program)
2025/08/29 08:56:26 fetching corpus: 350, signal 66307/74051 (executing program)
2025/08/29 08:56:26 fetching corpus: 400, signal 70223/78381 (executing program)
2025/08/29 08:56:27 fetching corpus: 450, signal 73017/81637 (executing program)
2025/08/29 08:56:27 fetching corpus: 500, signal 75008/84125 (executing program)
2025/08/29 08:56:27 fetching corpus: 550, signal 78270/87570 (executing program)
2025/08/29 08:56:27 fetching corpus: 600, signal 81840/91254 (executing program)
2025/08/29 08:56:27 fetching corpus: 650, signal 83667/93435 (executing program)
2025/08/29 08:56:27 fetching corpus: 700, signal 85679/95658 (executing program)
2025/08/29 08:56:27 fetching corpus: 750, signal 88753/98664 (executing program)
2025/08/29 08:56:27 fetching corpus: 800, signal 92195/101913 (executing program)
2025/08/29 08:56:28 fetching corpus: 850, signal 93844/103686 (executing program)
2025/08/29 08:56:28 fetching corpus: 900, signal 95898/105686 (executing program)
2025/08/29 08:56:28 fetching corpus: 950, signal 98155/107783 (executing program)
2025/08/29 08:56:28 fetching corpus: 1000, signal 99390/109082 (executing program)
2025/08/29 08:56:28 fetching corpus: 1050, signal 101242/110878 (executing program)
2025/08/29 08:56:28 fetching corpus: 1100, signal 102826/112319 (executing program)
2025/08/29 08:56:28 fetching corpus: 1150, signal 104205/113660 (executing program)
2025/08/29 08:56:28 fetching corpus: 1200, signal 105517/114858 (executing program)
2025/08/29 08:56:29 fetching corpus: 1250, signal 106741/115975 (executing program)
2025/08/29 08:56:29 fetching corpus: 1300, signal 107912/117054 (executing program)
2025/08/29 08:56:29 fetching corpus: 1350, signal 110072/118642 (executing program)
2025/08/29 08:56:29 fetching corpus: 1400, signal 111525/119781 (executing program)
2025/08/29 08:56:29 fetching corpus: 1450, signal 112491/120554 (executing program)
2025/08/29 08:56:29 fetching corpus: 1500, signal 113523/121378 (executing program)
2025/08/29 08:56:29 fetching corpus: 1550, signal 114400/122060 (executing program)
2025/08/29 08:56:29 fetching corpus: 1600, signal 115251/122728 (executing program)
2025/08/29 08:56:30 fetching corpus: 1650, signal 116185/123378 (executing program)
2025/08/29 08:56:30 fetching corpus: 1700, signal 117576/124295 (executing program)
2025/08/29 08:56:30 fetching corpus: 1750, signal 118609/124934 (executing program)
2025/08/29 08:56:30 fetching corpus: 1800, signal 119306/125434 (executing program)
2025/08/29 08:56:30 fetching corpus: 1850, signal 120287/125990 (executing program)
2025/08/29 08:56:30 fetching corpus: 1900, signal 121453/126663 (executing program)
2025/08/29 08:56:30 fetching corpus: 1950, signal 122186/127082 (executing program)
2025/08/29 08:56:30 fetching corpus: 2000, signal 123330/127623 (executing program)
2025/08/29 08:56:30 fetching corpus: 2050, signal 124237/128059 (executing program)
2025/08/29 08:56:30 fetching corpus: 2100, signal 124801/128343 (executing program)
2025/08/29 08:56:31 fetching corpus: 2150, signal 125553/128665 (executing program)
2025/08/29 08:56:31 fetching corpus: 2200, signal 126323/129051 (executing program)
2025/08/29 08:56:31 fetching corpus: 2250, signal 127106/129319 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129662 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129695 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129720 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129748 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129779 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129805 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129842 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129867 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129897 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129932 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/129963 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130005 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130042 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130075 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130106 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130141 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130174 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130178 (executing program)
2025/08/29 08:56:31 fetching corpus: 2287, signal 128001/130178 (executing program)
2025/08/29 08:56:33 starting 8 fuzzer processes
08:56:33 executing program 0:
syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x0, 0x7}]}}}}}, 0x0)
08:56:33 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)
08:56:33 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000002c0)=0x40)
08:56:33 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_init()
08:56:33 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f00000007c0)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f00000000000004", 0x1b, 0x4400}, {0x0, 0x0, 0x100000000007800}], 0x0, &(0x7f0000014a00))
08:56:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000))
[ 77.583816] audit: type=1400 audit(1756457794.026:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:56:34 executing program 5:
syz_emit_ethernet(0x42, &(0x7f00000013c0)={@broadcast, @empty, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @empty, @mcast1, @multicast, @local}}}}, 0x0)
08:56:34 executing program 6:
write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @void, @llc={@snap={0x0, 0x0, "1e", "74408d", 0x0, "a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"}}}, 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))
[ 78.785622] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 78.788094] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 78.789966] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 78.794330] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 78.797014] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 78.978371] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 78.980712] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 78.982315] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 78.984342] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 78.985897] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 78.988911] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 78.994363] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 78.996653] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 79.000010] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 79.009622] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 79.077168] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 79.085197] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 79.088874] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 79.091139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 79.093066] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 79.096913] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 79.105698] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 79.106847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 79.108582] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 79.110119] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 79.112497] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 79.114156] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 79.121101] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 79.124156] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 79.128906] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 79.132954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 79.138339] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 79.143128] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 79.144997] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 79.154382] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 79.157553] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 79.164146] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 79.166454] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 79.167886] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 79.177673] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 80.815913] Bluetooth: hci0: command tx timeout
[ 81.071572] Bluetooth: hci1: command tx timeout
[ 81.072216] Bluetooth: hci2: command tx timeout
[ 81.200926] Bluetooth: hci6: command tx timeout
[ 81.202488] Bluetooth: hci3: command tx timeout
[ 81.263497] Bluetooth: hci5: command tx timeout
[ 81.264001] Bluetooth: hci7: command tx timeout
[ 81.265222] Bluetooth: hci4: command tx timeout
[ 82.864160] Bluetooth: hci0: command tx timeout
[ 83.119866] Bluetooth: hci1: command tx timeout
[ 83.120784] Bluetooth: hci2: command tx timeout
[ 83.249736] Bluetooth: hci6: command tx timeout
[ 83.250582] Bluetooth: hci3: command tx timeout
[ 83.311573] Bluetooth: hci4: command tx timeout
[ 83.312346] Bluetooth: hci7: command tx timeout
[ 83.313090] Bluetooth: hci5: command tx timeout
[ 84.911539] Bluetooth: hci0: command tx timeout
[ 85.168457] Bluetooth: hci1: command tx timeout
[ 85.168906] Bluetooth: hci2: command tx timeout
[ 85.295510] Bluetooth: hci3: command tx timeout
[ 85.296122] Bluetooth: hci6: command tx timeout
[ 85.359475] Bluetooth: hci5: command tx timeout
[ 85.359561] Bluetooth: hci4: command tx timeout
[ 85.359921] Bluetooth: hci7: command tx timeout
[ 86.960345] Bluetooth: hci0: command tx timeout
[ 87.217459] Bluetooth: hci2: command tx timeout
[ 87.217487] Bluetooth: hci1: command tx timeout
[ 87.343574] Bluetooth: hci6: command tx timeout
[ 87.344325] Bluetooth: hci3: command tx timeout
[ 87.407612] Bluetooth: hci7: command tx timeout
[ 87.408336] Bluetooth: hci4: command tx timeout
[ 87.409137] Bluetooth: hci5: command tx timeout
[ 116.150695] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.151369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.446437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.447064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.696529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.697163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.910746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.911374] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.244662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.245290] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.438730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.439358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.803236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.804303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.860136] loop4: detected capacity change from 0 to 264192
[ 117.875047] EXT4-fs (loop4): corrupt root inode, run e2fsck
[ 117.876028] EXT4-fs (loop4): mount failed
[ 117.894071] loop4: detected capacity change from 0 to 264192
[ 117.907471] EXT4-fs (loop4): corrupt root inode, run e2fsck
[ 117.910637] EXT4-fs (loop4): mount failed
[ 117.960770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.961452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.017009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.018420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.115977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.116725] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.194076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.194740] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.319848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.321008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.399362] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.400623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.503738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.504902] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.540048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.540729] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.548058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.549252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.744992] loop2: detected capacity change from 0 to 344
08:57:15 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f00000007c0)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f00000000000004", 0x1b, 0x4400}, {0x0, 0x0, 0x100000000007800}], 0x0, &(0x7f0000014a00))
08:57:15 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)
08:57:15 executing program 0:
syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x0, 0x7}]}}}}}, 0x0)
08:57:15 executing program 5:
syz_emit_ethernet(0x42, &(0x7f00000013c0)={@broadcast, @empty, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @empty, @mcast1, @multicast, @local}}}}, 0x0)
08:57:15 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_init()
08:57:15 executing program 6:
write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @void, @llc={@snap={0x0, 0x0, "1e", "74408d", 0x0, "a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"}}}, 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))
08:57:15 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000002c0)=0x40)
08:57:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000))
[ 118.882700] loop2: detected capacity change from 0 to 344
[ 118.909130] loop4: detected capacity change from 0 to 264192
[ 118.946797] EXT4-fs (loop4): corrupt root inode, run e2fsck
[ 118.962063] EXT4-fs (loop4): mount failed
08:57:15 executing program 0:
syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x0, 0x7}]}}}}}, 0x0)
08:57:15 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)
08:57:15 executing program 5:
syz_emit_ethernet(0x42, &(0x7f00000013c0)={@broadcast, @empty, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @empty, @mcast1, @multicast, @local}}}}, 0x0)
08:57:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000))
08:57:15 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_init()
[ 119.055615] kmemleak: Found object by alias at 0x607f1a638b2c
[ 119.055644] CPU: 1 UID: 0 PID: 3909 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.055676] Tainted: [W]=WARN
[ 119.055683] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.055695] Call Trace:
[ 119.055701]
[ 119.055709] dump_stack_lvl+0xca/0x120
[ 119.055751] __lookup_object+0x94/0xb0
[ 119.055779] delete_object_full+0x27/0x70
[ 119.055808] free_percpu+0x30/0x1160
[ 119.055835] ? arch_uprobe_clear_state+0x16/0x140
[ 119.055869] futex_hash_free+0x38/0xc0
[ 119.055894] mmput+0x2d3/0x390
[ 119.055926] do_exit+0x79d/0x2970
[ 119.055950] ? signal_wake_up_state+0x85/0x120
[ 119.055978] ? zap_other_threads+0x2b9/0x3a0
[ 119.056005] ? __pfx_do_exit+0x10/0x10
[ 119.056027] ? do_group_exit+0x1c3/0x2a0
[ 119.056051] ? lock_release+0xc8/0x290
[ 119.056080] do_group_exit+0xd3/0x2a0
[ 119.056106] __x64_sys_exit_group+0x3e/0x50
[ 119.056130] x64_sys_call+0x18c5/0x18d0
[ 119.056157] do_syscall_64+0xbf/0x360
[ 119.056177] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.056197] RIP: 0033:0x7fbe641d0b19
[ 119.056213] Code: Unable to access opcode bytes at 0x7fbe641d0aef.
[ 119.056222] RSP: 002b:00007ffc7a5c1778 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 119.056241] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fbe641d0b19
[ 119.056255] RDX: 00007fbe6418372b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 119.056267] RBP: 0000000000000000 R08: 0000001b2ce21c2c R09: 0000000000000000
[ 119.056279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 119.056291] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc7a5c1860
[ 119.056325]
[ 119.056331] kmemleak: Object (percpu) 0x607f1a638b20 (size 16):
[ 119.056343] kmemleak: comm "syz-executor.0", pid 281, jiffies 4294785948
[ 119.056356] kmemleak: min_count = 1
[ 119.056362] kmemleak: count = 0
[ 119.056368] kmemleak: flags = 0x21
[ 119.056375] kmemleak: checksum = 0
[ 119.056382] kmemleak: backtrace:
[ 119.056387] pcpu_alloc_noprof+0x87a/0x1170
[ 119.056413] mm_init+0x99b/0x1170
[ 119.056428] copy_process+0x3ab7/0x73c0
[ 119.056446] kernel_clone+0xea/0x7f0
[ 119.056463] __do_sys_clone+0xce/0x120
[ 119.056480] do_syscall_64+0xbf/0x360
[ 119.056495] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:57:15 executing program 6:
write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @void, @llc={@snap={0x0, 0x0, "1e", "74408d", 0x0, "a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"}}}, 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))
08:57:15 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f00000007c0)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f00000000000004", 0x1b, 0x4400}, {0x0, 0x0, 0x100000000007800}], 0x0, &(0x7f0000014a00))
[ 119.195217] kmemleak: Found object by alias at 0x607f1a638b24
[ 119.195241] CPU: 1 UID: 0 PID: 3916 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.195270] Tainted: [W]=WARN
[ 119.195276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.195287] Call Trace:
[ 119.195294]
[ 119.195301] dump_stack_lvl+0xca/0x120
[ 119.195337] __lookup_object+0x94/0xb0
[ 119.195362] delete_object_full+0x27/0x70
[ 119.195388] free_percpu+0x30/0x1160
[ 119.195421] ? arch_uprobe_clear_state+0x16/0x140
[ 119.195453] futex_hash_free+0x38/0xc0
[ 119.195475] mmput+0x2d3/0x390
[ 119.195513] do_exit+0x79d/0x2970
[ 119.195542] ? __pfx_do_exit+0x10/0x10
[ 119.195565] ? find_held_lock+0x2b/0x80
[ 119.195594] ? get_signal+0x835/0x2340
[ 119.195625] do_group_exit+0xd3/0x2a0
[ 119.195650] get_signal+0x2315/0x2340
[ 119.195678] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.195706] ? __pfx_get_signal+0x10/0x10
[ 119.195732] ? __schedule+0xe91/0x3590
[ 119.195765] arch_do_signal_or_restart+0x80/0x790
[ 119.195794] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 119.195820] ? __x64_sys_futex+0x1c9/0x4d0
[ 119.195841] ? __x64_sys_futex+0x1d2/0x4d0
[ 119.195863] ? fput+0x6a/0x100
[ 119.195888] ? __pfx___x64_sys_futex+0x10/0x10
[ 119.195908] ? ksys_write+0x1a3/0x240
[ 119.195936] exit_to_user_mode_loop+0x8b/0x110
[ 119.195957] do_syscall_64+0x2f7/0x360
[ 119.195976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.195995] RIP: 0033:0x7fd449605b19
[ 119.196009] Code: Unable to access opcode bytes at 0x7fd449605aef.
[ 119.196017] RSP: 002b:00007fd446b7b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 119.196035] RAX: 0000000000000001 RBX: 00007fd449718f68 RCX: 00007fd449605b19
[ 119.196047] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd449718f6c
[ 119.196059] RBP: 00007fd449718f60 R08: 000000000000000e R09: 0000000000000000
[ 119.196070] R10: 0000000000000042 R11: 0000000000000246 R12: 00007fd449718f6c
[ 119.196082] R13: 00007ffc412403cf R14: 00007fd446b7b300 R15: 0000000000022000
[ 119.196108]
[ 119.196114] kmemleak: Object (percpu) 0x607f1a638b20 (size 16):
[ 119.196125] kmemleak: comm "syz-executor.6", pid 283, jiffies 4294786044
[ 119.196137] kmemleak: min_count = 1
[ 119.196143] kmemleak: count = 0
[ 119.196149] kmemleak: flags = 0x21
[ 119.196156] kmemleak: checksum = 0
[ 119.196162] kmemleak: backtrace:
[ 119.196167] pcpu_alloc_noprof+0x87a/0x1170
[ 119.196191] mm_init+0x99b/0x1170
[ 119.196205] copy_process+0x3ab7/0x73c0
[ 119.196221] kernel_clone+0xea/0x7f0
[ 119.196237] __do_sys_clone+0xce/0x120
[ 119.196254] do_syscall_64+0xbf/0x360
[ 119.196267] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.237353] loop4: detected capacity change from 0 to 264192
[ 119.244949] kmemleak: Found object by alias at 0x607f1a638b28
[ 119.244968] CPU: 1 UID: 0 PID: 3918 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.244996] Tainted: [W]=WARN
[ 119.245002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.245012] Call Trace:
[ 119.245018]
[ 119.245024] dump_stack_lvl+0xca/0x120
[ 119.245054] __lookup_object+0x94/0xb0
[ 119.245077] delete_object_full+0x27/0x70
[ 119.245102] free_percpu+0x30/0x1160
[ 119.245125] ? arch_uprobe_clear_state+0x16/0x140
[ 119.245155] futex_hash_free+0x38/0xc0
[ 119.245175] mmput+0x2d3/0x390
[ 119.245204] do_exit+0x79d/0x2970
[ 119.245224] ? signal_wake_up_state+0x85/0x120
[ 119.245248] ? zap_other_threads+0x2b9/0x3a0
[ 119.245273] ? __pfx_do_exit+0x10/0x10
[ 119.245293] ? do_group_exit+0x1c3/0x2a0
[ 119.245315] ? lock_release+0xc8/0x290
[ 119.245341] do_group_exit+0xd3/0x2a0
[ 119.245371] __x64_sys_exit_group+0x3e/0x50
[ 119.245393] x64_sys_call+0x18c5/0x18d0
[ 119.245416] do_syscall_64+0xbf/0x360
[ 119.245434] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.245452] RIP: 0033:0x7f69c1c15b19
[ 119.245465] Code: Unable to access opcode bytes at 0x7f69c1c15aef.
[ 119.245473] RSP: 002b:00007ffcd773bd88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 119.245491] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f69c1c15b19
[ 119.245502] RDX: 00007f69c1bc872b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 119.245514] RBP: 0000000000000000 R08: 0000001b2d121ea8 R09: 0000000000000000
[ 119.245525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 119.245536] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcd773be70
[ 119.245561]
[ 119.245567] kmemleak: Object (percpu) 0x607f1a638b20 (size 16):
[ 119.245577] kmemleak: comm "syz-executor.2", pid 287, jiffies 4294786138
[ 119.245589] kmemleak: min_count = 1
[ 119.245595] kmemleak: count = 0
[ 119.245601] kmemleak: flags = 0x21
[ 119.245607] kmemleak: checksum = 0
[ 119.245613] kmemleak: backtrace:
[ 119.245618] pcpu_alloc_noprof+0x87a/0x1170
[ 119.245641] mm_init+0x99b/0x1170
[ 119.245655] copy_process+0x3ab7/0x73c0
[ 119.245670] kernel_clone+0xea/0x7f0
[ 119.245686] __do_sys_clone+0xce/0x120
[ 119.245702] do_syscall_64+0xbf/0x360
[ 119.245716] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.276098] loop2: detected capacity change from 0 to 344
08:57:15 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)
[ 119.294503] kmemleak: Cannot insert 0x607f1a638b28 into the object search tree (overlaps existing)
[ 119.294525] CPU: 1 UID: 0 PID: 3923 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.294554] Tainted: [W]=WARN
[ 119.294560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.294570] Call Trace:
[ 119.294576]
[ 119.294583] dump_stack_lvl+0xca/0x120
[ 119.294614] __link_object+0x190/0x210
[ 119.294640] __create_object+0x48/0x80
[ 119.294668] pcpu_alloc_noprof+0x87a/0x1170
[ 119.294704] __percpu_counter_init_many+0x44/0x360
[ 119.294732] ext4_es_register_shrinker+0x107/0x430
[ 119.294767] ext4_fill_super+0x6ab3/0xba20
[ 119.294815] ? __pfx_ext4_fill_super+0x10/0x10
[ 119.294842] ? find_held_lock+0x2b/0x80
[ 119.294869] ? setup_bdev_super+0x2ed/0x6e0
[ 119.294896] ? set_blocksize+0x1b4/0x470
[ 119.294914] ? lock_release+0xc8/0x290
[ 119.294937] ? sb_set_blocksize+0x177/0x1c0
[ 119.294955] ? setup_bdev_super+0x31f/0x6e0
[ 119.294986] get_tree_bdev_flags+0x38a/0x620
[ 119.295004] ? __pfx_ext4_fill_super+0x10/0x10
[ 119.295032] ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 119.295051] ? cap_capable+0xdb/0x3b0
[ 119.295078] ? security_capable+0x2f/0x90
[ 119.295104] vfs_get_tree+0x93/0x340
[ 119.295131] path_mount+0x132d/0x1dd0
[ 119.295154] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.295176] ? __pfx_path_mount+0x10/0x10
[ 119.295196] ? kmem_cache_free+0x2a1/0x540
[ 119.295213] ? putname.part.0+0x11b/0x160
[ 119.295241] ? getname_flags.part.0+0x1c6/0x540
[ 119.295269] ? putname.part.0+0x11b/0x160
[ 119.295297] __x64_sys_mount+0x27b/0x300
[ 119.295319] ? __pfx___x64_sys_mount+0x10/0x10
[ 119.295348] do_syscall_64+0xbf/0x360
[ 119.295366] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.295384] RIP: 0033:0x7f133db9804a
[ 119.295405] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 119.295423] RSP: 002b:00007f133b10bfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 119.295440] RAX: ffffffffffffffda RBX: 00000000200007c0 RCX: 00007f133db9804a
[ 119.295453] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f133b10c000
[ 119.295465] RBP: 00007f133b10c040 R08: 00007f133b10c040 R09: 0000000020000000
[ 119.295476] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[ 119.295487] R13: 0000000020000100 R14: 00007f133b10c000 R15: 0000000020014a00
[ 119.295523]
[ 119.296397] kmemleak: Kernel memory leak detector disabled
[ 119.296404] kmemleak: Object (percpu) 0x607f1a638b20 (size 16):
[ 119.296415] kmemleak: comm "syz-executor.2", pid 287, jiffies 4294786138
[ 119.296426] kmemleak: min_count = 1
[ 119.296432] kmemleak: count = 0
[ 119.296437] kmemleak: flags = 0x21
[ 119.296443] kmemleak: checksum = 0
[ 119.296449] kmemleak: backtrace:
[ 119.296454] pcpu_alloc_noprof+0x87a/0x1170
[ 119.296478] mm_init+0x99b/0x1170
[ 119.296492] copy_process+0x3ab7/0x73c0
[ 119.296508] kernel_clone+0xea/0x7f0
[ 119.296524] __do_sys_clone+0xce/0x120
[ 119.296540] do_syscall_64+0xbf/0x360
[ 119.296554] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.347705] EXT4-fs (loop4): corrupt root inode, run e2fsck
[ 119.348572] EXT4-fs (loop4): mount failed
[ 119.351560] kmemleak: Found object by alias at 0x607f1a638b28
[ 119.351578] CPU: 1 UID: 0 PID: 3923 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.351606] Tainted: [W]=WARN
[ 119.351611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.351621] Call Trace:
[ 119.351626]
[ 119.351632] dump_stack_lvl+0xca/0x120
[ 119.351661] __lookup_object+0x94/0xb0
[ 119.351684] delete_object_full+0x27/0x70
[ 119.351709] free_percpu+0x30/0x1160
[ 119.351738] percpu_counter_destroy_many+0x188/0x2b0
[ 119.351764] ext4_es_unregister_shrinker+0x1e/0x90
[ 119.351793] ext4_fill_super+0x7d12/0xba20
[ 119.351838] ? __pfx_ext4_fill_super+0x10/0x10
[ 119.351864] ? find_held_lock+0x2b/0x80
[ 119.351891] ? setup_bdev_super+0x2ed/0x6e0
[ 119.351916] ? set_blocksize+0x1b4/0x470
[ 119.351931] ? lock_release+0xc8/0x290
[ 119.351954] ? sb_set_blocksize+0x177/0x1c0
[ 119.351971] ? setup_bdev_super+0x31f/0x6e0
[ 119.352002] get_tree_bdev_flags+0x38a/0x620
[ 119.352018] ? __pfx_ext4_fill_super+0x10/0x10
[ 119.352045] ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 119.352063] ? cap_capable+0xdb/0x3b0
[ 119.352088] ? security_capable+0x2f/0x90
[ 119.352113] vfs_get_tree+0x93/0x340
[ 119.352139] path_mount+0x132d/0x1dd0
[ 119.352160] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.352181] ? __pfx_path_mount+0x10/0x10
[ 119.352201] ? kmem_cache_free+0x2a1/0x540
[ 119.352216] ? putname.part.0+0x11b/0x160
[ 119.352241] ? getname_flags.part.0+0x1c6/0x540
[ 119.352268] ? putname.part.0+0x11b/0x160
[ 119.352295] __x64_sys_mount+0x27b/0x300
[ 119.352316] ? __pfx___x64_sys_mount+0x10/0x10
[ 119.352345] do_syscall_64+0xbf/0x360
[ 119.352362] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.352380] RIP: 0033:0x7f133db9804a
[ 119.352399] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 119.352416] RSP: 002b:00007f133b10bfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 119.352433] RAX: ffffffffffffffda RBX: 00000000200007c0 RCX: 00007f133db9804a
[ 119.352445] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f133b10c000
[ 119.352456] RBP: 00007f133b10c040 R08: 00007f133b10c040 R09: 0000000020000000
[ 119.352468] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[ 119.352478] R13: 0000000020000100 R14: 00007f133b10c000 R15: 0000000020014a00
[ 119.352503]
[ 119.352509] kmemleak: Object (percpu) 0x607f1a638b20 (size 16):
[ 119.352520] kmemleak: comm "syz-executor.2", pid 287, jiffies 4294786138
[ 119.352530] kmemleak: min_count = 1
[ 119.352536] kmemleak: count = 0
[ 119.352542] kmemleak: flags = 0x21
[ 119.352548] kmemleak: checksum = 0
[ 119.352553] kmemleak: backtrace:
[ 119.352558] pcpu_alloc_noprof+0x87a/0x1170
[ 119.352581] mm_init+0x99b/0x1170
[ 119.352594] copy_process+0x3ab7/0x73c0
[ 119.352609] kernel_clone+0xea/0x7f0
[ 119.352625] __do_sys_clone+0xce/0x120
[ 119.352641] do_syscall_64+0xbf/0x360
[ 119.352654] entry_SYSCALL_64_after_hwframe+0x77/0x7f
VM DIAGNOSIS:
09:02:24 Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=ffffed100d9e6dd9
RSI=0000000000000004 RDI=ffff88806cf36ec0 RBP=ffff88806cf36ec0 RSP=ffff88806ce08b28
R8 =0000000000000000 R9 =ffffed100d9e6dd8 R10=ffff88806cf36ec3 R11=0000000000000001
R12=1ffff1100d9c1166 R13=0000000000000003 R14=ffffed100d9e6dd8 R15=ffff88806ce08b60
RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe5300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f133dca6000 CR3=000000003ce29000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000001c2687de25e2750d6ae1db96 XMM01=000000003d7b7f6cdde03d24e3199180
XMM02=880000000002a0020000009700000000 XMM03=ffffffffffffffff0f0e0d0c0b0a0908
XMM04=880000000002a0020000009700000000 XMM05=00000000044ff2eaa0656fc8df6079c3
XMM06=00000000000000000000000000000000 XMM07=00000001db710640b4e5b025f7011641
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000002 RBX=0000000000000002 RCX=dffffc0000000000 RDX=0000000000000002
RSI=0000000000000008 RDI=ffff88801800a950 RBP=ffffed100300140b RSP=ffff88801802fc00
R8 =0000000000000001 R9 =ffffed100300152a R10=ffff88801800a957 R11=ffff88800f90d738
R12=ffff88801800a950 R13=ffff888018009f80 R14=ffffed100300152a R15=ffff88801800a044
RIP=ffffffff81467503 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f090d3428c0 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4400000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd501dce000 CR3=000000000d4fc000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffff0000000000000000
XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=32706f6f6c2f6b636f6c622f6c617574
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=000056255dbecbd00000000400000000 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000