Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:50294' (ECDSA) to the list of known hosts. 2025/09/01 08:25:11 fuzzer started 2025/09/01 08:25:12 dialing manager at localhost:35473 syzkaller login: [ 58.487438] cgroup: Unknown subsys name 'net' [ 58.567870] cgroup: Unknown subsys name 'cpuset' [ 58.649284] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:25:23 syscalls: 2214 2025/09/01 08:25:23 code coverage: enabled 2025/09/01 08:25:23 comparison tracing: enabled 2025/09/01 08:25:23 extra coverage: enabled 2025/09/01 08:25:23 setuid sandbox: enabled 2025/09/01 08:25:23 namespace sandbox: enabled 2025/09/01 08:25:23 Android sandbox: enabled 2025/09/01 08:25:23 fault injection: enabled 2025/09/01 08:25:23 leak checking: enabled 2025/09/01 08:25:23 net packet injection: enabled 2025/09/01 08:25:23 net device setup: enabled 2025/09/01 08:25:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:25:23 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:25:23 USB emulation: enabled 2025/09/01 08:25:23 hci packet injection: enabled 2025/09/01 08:25:23 wifi device emulation: enabled 2025/09/01 08:25:23 802.15.4 emulation: enabled 2025/09/01 08:25:23 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:25:23 fetching corpus: 50, signal 31244/33979 (executing program) 2025/09/01 08:25:23 fetching corpus: 100, signal 40817/44324 (executing program) 2025/09/01 08:25:23 fetching corpus: 150, signal 46796/51051 (executing program) 2025/09/01 08:25:24 fetching corpus: 200, signal 52113/56894 (executing program) 2025/09/01 08:25:24 fetching corpus: 250, signal 58214/63246 (executing program) 2025/09/01 08:25:24 fetching corpus: 300, signal 62738/67971 (executing program) 2025/09/01 08:25:24 fetching corpus: 350, signal 65119/70737 (executing program) 2025/09/01 08:25:24 fetching corpus: 400, signal 68997/74633 (executing program) 2025/09/01 08:25:24 fetching corpus: 450, signal 73004/78571 (executing program) 2025/09/01 08:25:24 fetching corpus: 500, signal 76933/82209 (executing program) 2025/09/01 08:25:24 fetching corpus: 550, signal 79786/84819 (executing program) 2025/09/01 08:25:25 fetching corpus: 600, signal 82296/87092 (executing program) 2025/09/01 08:25:25 fetching corpus: 650, signal 84868/89318 (executing program) 2025/09/01 08:25:25 fetching corpus: 700, signal 87052/91164 (executing program) 2025/09/01 08:25:25 fetching corpus: 750, signal 88686/92534 (executing program) 2025/09/01 08:25:25 fetching corpus: 800, signal 91715/94783 (executing program) 2025/09/01 08:25:25 fetching corpus: 850, signal 93628/96221 (executing program) 2025/09/01 08:25:25 fetching corpus: 900, signal 95114/97285 (executing program) 2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98350 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98431 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98511 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98604 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98683 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98749 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98854 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/98932 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99009 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99096 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99177 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99261 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99340 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99415 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99494 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99584 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99661 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99755 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99836 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/99909 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100006 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100088 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100175 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100269 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100338 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100424 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100510 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100593 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100674 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100746 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100795 (executing program) 2025/09/01 08:25:26 fetching corpus: 933, signal 96704/100795 (executing program) 2025/09/01 08:25:27 starting 8 fuzzer processes 08:25:27 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) 08:25:27 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0xfde4) 08:25:27 executing program 4: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000080)=0xa227) 08:25:27 executing program 2: write$evdev(0xffffffffffffffff, 0x0, 0x0) 08:25:27 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "8d8f0c322bffe58557009febbfed69a1a6ba88"}) ioctl$TCXONC(r0, 0x540a, 0x2) 08:25:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) 08:25:27 executing program 5: perf_event_open(&(0x7f0000001400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff86d88ffd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 08:25:27 executing program 6: fcntl$setsig(0xffffffffffffffff, 0xa, 0x14) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x1, 0x208041) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) [ 73.964436] audit: type=1400 audit(1756715127.900:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 75.163282] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.167191] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.169771] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.173185] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.177234] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.181179] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.192265] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.214701] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.231214] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.233460] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.240532] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.242745] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.244711] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.250974] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.262660] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.264448] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.268596] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.275430] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.293457] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.299743] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.304198] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.307124] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.313726] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.333221] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.347547] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.360984] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.374009] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.375699] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.377987] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.378607] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.381861] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.384737] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.389327] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.394418] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.395977] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.400033] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 75.428251] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.431484] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.458353] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.487734] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.256472] Bluetooth: hci1: command tx timeout [ 77.318916] Bluetooth: hci0: command tx timeout [ 77.382991] Bluetooth: hci3: command tx timeout [ 77.384326] Bluetooth: hci2: command tx timeout [ 77.446949] Bluetooth: hci6: command tx timeout [ 77.447754] Bluetooth: hci4: command tx timeout [ 77.448936] Bluetooth: hci7: command tx timeout [ 77.575908] Bluetooth: hci5: command tx timeout [ 79.302899] Bluetooth: hci1: command tx timeout [ 79.366967] Bluetooth: hci0: command tx timeout [ 79.431877] Bluetooth: hci2: command tx timeout [ 79.432038] Bluetooth: hci3: command tx timeout [ 79.495028] Bluetooth: hci7: command tx timeout [ 79.495484] Bluetooth: hci6: command tx timeout [ 79.495746] Bluetooth: hci4: command tx timeout [ 79.623878] Bluetooth: hci5: command tx timeout [ 81.351297] Bluetooth: hci1: command tx timeout [ 81.415194] Bluetooth: hci0: command tx timeout [ 81.479920] Bluetooth: hci2: command tx timeout [ 81.480736] Bluetooth: hci3: command tx timeout [ 81.543138] Bluetooth: hci6: command tx timeout [ 81.543529] Bluetooth: hci7: command tx timeout [ 81.544494] Bluetooth: hci4: command tx timeout [ 81.673025] Bluetooth: hci5: command tx timeout [ 83.398893] Bluetooth: hci1: command tx timeout [ 83.464422] Bluetooth: hci0: command tx timeout [ 83.527874] Bluetooth: hci3: command tx timeout [ 83.527978] Bluetooth: hci2: command tx timeout [ 83.591067] Bluetooth: hci4: command tx timeout [ 83.591550] Bluetooth: hci7: command tx timeout [ 83.591873] Bluetooth: hci6: command tx timeout [ 83.718885] Bluetooth: hci5: command tx timeout [ 111.745562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.746280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.937524] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.938127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.061288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.062223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.177154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.177743] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:26:06 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "8d8f0c322bffe58557009febbfed69a1a6ba88"}) ioctl$TCXONC(r0, 0x540a, 0x2) [ 112.239329] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.240076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:26:06 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "8d8f0c322bffe58557009febbfed69a1a6ba88"}) ioctl$TCXONC(r0, 0x540a, 0x2) [ 112.317133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.317743] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:26:06 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "8d8f0c322bffe58557009febbfed69a1a6ba88"}) ioctl$TCXONC(r0, 0x540a, 0x2) [ 112.373952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.374546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.397672] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.398284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.440096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.440691] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:26:06 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r0, &(0x7f0000000140)=@l2, 0x80) [ 112.458557] loop3: detected capacity change from 0 to 344 08:26:06 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r0, &(0x7f0000000140)=@l2, 0x80) 08:26:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) [ 112.528929] loop3: detected capacity change from 0 to 344 08:26:06 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r0, &(0x7f0000000140)=@l2, 0x80) [ 112.550530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.551471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:26:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) [ 112.585233] loop3: detected capacity change from 0 to 344 [ 112.605173] kmemleak: Found object by alias at 0x607f1a63ea8c [ 112.605189] CPU: 0 UID: 0 PID: 3890 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.605207] Tainted: [W]=WARN [ 112.605211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.605218] Call Trace: [ 112.605222] [ 112.605227] dump_stack_lvl+0xca/0x120 [ 112.605260] __lookup_object+0x94/0xb0 [ 112.605279] delete_object_full+0x27/0x70 [ 112.605296] free_percpu+0x30/0x1160 [ 112.605314] ? arch_uprobe_clear_state+0x16/0x140 [ 112.605335] futex_hash_free+0x38/0xc0 [ 112.605351] mmput+0x2d3/0x390 [ 112.605370] do_exit+0x79d/0x2970 [ 112.605384] ? lock_release+0xc8/0x290 [ 112.605402] ? __pfx_do_exit+0x10/0x10 [ 112.605416] ? find_held_lock+0x2b/0x80 [ 112.605434] ? get_signal+0x835/0x2340 [ 112.605455] do_group_exit+0xd3/0x2a0 [ 112.605470] get_signal+0x2315/0x2340 [ 112.605489] ? locks_remove_posix+0x258/0x410 [ 112.605505] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 112.605523] ? __pfx_get_signal+0x10/0x10 [ 112.605540] ? do_futex+0x135/0x370 [ 112.605553] ? __pfx_do_futex+0x10/0x10 [ 112.605569] arch_do_signal_or_restart+0x80/0x790 [ 112.605588] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 112.605605] ? __x64_sys_futex+0x1c9/0x4d0 [ 112.605617] ? __x64_sys_futex+0x1d2/0x4d0 [ 112.605632] ? fput_close_sync+0x114/0x240 [ 112.605649] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.605662] ? __pfx_fput_close_sync+0x10/0x10 [ 112.605678] ? dnotify_flush+0x79/0x4c0 [ 112.605694] exit_to_user_mode_loop+0x8b/0x110 [ 112.605708] do_syscall_64+0x2f7/0x360 [ 112.605722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.605735] RIP: 0033:0x7f5fa8738b19 [ 112.605744] Code: Unable to access opcode bytes at 0x7f5fa8738aef. [ 112.605749] RSP: 002b:00007f5fa5cae218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.605761] RAX: fffffffffffffe00 RBX: 00007f5fa884bf68 RCX: 00007f5fa8738b19 [ 112.605770] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5fa884bf68 [ 112.605777] RBP: 00007f5fa884bf60 R08: 0000000000000000 R09: 0000000000000000 [ 112.605784] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5fa884bf6c [ 112.605792] R13: 00007ffc9d9278ff R14: 00007f5fa5cae300 R15: 0000000000022000 [ 112.605808] [ 112.605816] kmemleak: Object (percpu) 0x607f1a63ea88 (size 8): [ 112.605823] kmemleak: comm "syz-executor.6", pid 286, jiffies 4294779186 [ 112.605830] kmemleak: min_count = 1 [ 112.605834] kmemleak: count = 0 [ 112.605838] kmemleak: flags = 0x21 [ 112.605842] kmemleak: checksum = 0 [ 112.605846] kmemleak: backtrace: [ 112.605849] pcpu_alloc_noprof+0x87a/0x1170 [ 112.605865] __alloc_workqueue+0x74b/0x1820 [ 112.605884] alloc_workqueue_noprof+0xc7/0x200 [ 112.605894] ieee80211_register_hw+0x1ec5/0x3e00 [ 112.605907] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 112.605922] hwsim_new_radio_nl+0xb0d/0x1250 [ 112.605934] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 112.605946] genl_rcv_msg+0x532/0x7e0 [ 112.605957] netlink_rcv_skb+0x147/0x430 [ 112.605974] genl_rcv+0x28/0x40 [ 112.605983] netlink_unicast+0x5a7/0x870 [ 112.605999] netlink_sendmsg+0x8ac/0xd80 [ 112.606015] __sys_sendto+0x506/0x570 [ 112.606031] __x64_sys_sendto+0xe1/0x1c0 [ 112.606045] do_syscall_64+0xbf/0x360 [ 112.606055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.632118] kmemleak: Cannot insert 0x607f1a63ea8c into the object search tree (overlaps existing) [ 112.632131] CPU: 0 UID: 0 PID: 286 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.632148] Tainted: [W]=WARN [ 112.632152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.632158] Call Trace: [ 112.632161] [ 112.632165] dump_stack_lvl+0xca/0x120 [ 112.632185] __link_object+0x190/0x210 [ 112.632201] __create_object+0x48/0x80 [ 112.632219] pcpu_alloc_noprof+0x87a/0x1170 [ 112.632243] alloc_netdev_mqs+0x131/0x1360 [ 112.632261] ? __pfx_ieee80211_if_setup+0x10/0x10 [ 112.632281] ieee80211_if_add+0x1d9/0x1510 [ 112.632301] ? ieee80211_init_rate_ctrl_alg+0x83/0x650 [ 112.632317] ieee80211_register_hw+0x3538/0x3e00 [ 112.632338] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 112.632353] ? net_generic+0x25/0x2a0 [ 112.632371] ? find_held_lock+0x2b/0x80 [ 112.632391] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 112.632408] ? __hrtimer_setup+0x1a4/0x2c0 [ 112.632429] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 112.632452] ? __nla_validate_parse+0x2e6/0x2880 [ 112.632471] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 112.632491] hwsim_new_radio_nl+0xb0d/0x1250 [ 112.632503] ? kasan_save_track+0x14/0x30 [ 112.632521] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 112.632541] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bc/0x290 [ 112.632554] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 112.632572] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 112.632585] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 112.632604] ? security_capable+0x2f/0x90 [ 112.632621] ? ns_capable+0xe2/0x120 [ 112.632641] genl_rcv_msg+0x532/0x7e0 [ 112.632655] ? __pfx_genl_rcv_msg+0x10/0x10 [ 112.632668] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 112.632685] ? __lock_acquire+0x694/0x1b70 [ 112.632701] netlink_rcv_skb+0x147/0x430 [ 112.632719] ? __pfx_genl_rcv_msg+0x10/0x10 [ 112.632733] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 112.632759] ? netlink_deliver_tap+0x1ae/0xce0 [ 112.632776] ? selinux_netlink_send+0x507/0x880 [ 112.632790] ? is_vmalloc_addr+0x86/0xa0 [ 112.632819] genl_rcv+0x28/0x40 [ 112.632831] netlink_unicast+0x5a7/0x870 [ 112.632853] ? __pfx_netlink_unicast+0x10/0x10 [ 112.632878] netlink_sendmsg+0x8ac/0xd80 [ 112.632900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.632925] __sys_sendto+0x506/0x570 [ 112.632943] ? __pfx___sys_sendto+0x10/0x10 [ 112.632966] ? lock_release+0xc8/0x290 [ 112.632981] ? fd_install+0x1f0/0x660 [ 112.632995] ? __sys_socket+0x9f/0x260 [ 112.633010] ? __pfx___sys_socket+0x10/0x10 [ 112.633023] ? __pfx_fput_close_sync+0x10/0x10 [ 112.633039] ? xfd_validate_state+0x55/0x180 [ 112.633061] __x64_sys_sendto+0xe1/0x1c0 [ 112.633077] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.633091] do_syscall_64+0xbf/0x360 [ 112.633104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.633116] RIP: 0033:0x7f1446a118ac [ 112.633125] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 112.633136] RSP: 002b:00007ffcf93ff550 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 112.633147] RAX: ffffffffffffffda RBX: 00007f1447aaa320 RCX: 00007f1446a118ac [ 112.633155] RDX: 0000000000000024 RSI: 00007f1447aaa370 RDI: 0000000000000003 [ 112.633162] RBP: 0000000000000000 R08: 00007ffcf93ff5a4 R09: 000000000000000c [ 112.633170] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 112.633177] R13: 00007f1447aaa370 R14: 0000000000000003 R15: 0000000000000000 [ 112.633192] [ 112.633563] kmemleak: Kernel memory leak detector disabled [ 112.633567] kmemleak: Object (percpu) 0x607f1a63ea88 (size 8): [ 112.633574] kmemleak: comm "syz-executor.6", pid 286, jiffies 4294779186 [ 112.633581] kmemleak: min_count = 1 [ 112.633585] kmemleak: count = 0 [ 112.633589] kmemleak: flags = 0x21 [ 112.633593] kmemleak: checksum = 0 [ 112.633596] kmemleak: backtrace: [ 112.633599] pcpu_alloc_noprof+0x87a/0x1170 [ 112.633615] __alloc_workqueue+0x74b/0x1820 [ 112.633632] alloc_workqueue_noprof+0xc7/0x200 [ 112.633642] ieee80211_register_hw+0x1ec5/0x3e00 [ 112.633653] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 112.633666] hwsim_new_radio_nl+0xb0d/0x1250 [ 112.633677] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 112.633688] genl_rcv_msg+0x532/0x7e0 [ 112.633698] netlink_rcv_skb+0x147/0x430 [ 112.633715] genl_rcv+0x28/0x40 [ 112.633723] netlink_unicast+0x5a7/0x870 [ 112.633739] netlink_sendmsg+0x8ac/0xd80 [ 112.633756] __sys_sendto+0x506/0x570 [ 112.633770] __x64_sys_sendto+0xe1/0x1c0 [ 112.633784] do_syscall_64+0xbf/0x360 [ 112.633794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.685354] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.685969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.703858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.704428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.718419] audit: type=1400 audit(1756715166.653:8): avc: denied { open } for pid=3891 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.722919] audit: type=1400 audit(1756715166.654:9): avc: denied { kernel } for pid=3891 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.727313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.727922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.741534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.742146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.792372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.793112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.817749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.818522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:26:06 executing program 6: fcntl$setsig(0xffffffffffffffff, 0xa, 0x14) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x1, 0x208041) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 08:26:06 executing program 4: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000080)=0xa227) 08:26:06 executing program 5: perf_event_open(&(0x7f0000001400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff86d88ffd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 08:26:06 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r0, &(0x7f0000000140)=@l2, 0x80) 08:26:06 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0xfde4) 08:26:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73665df41100080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000bde670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000bde670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000bde670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000bde670325132510000e67032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e202020202020202020201000bde670325132510000e67032510300000000002e2e2020202020202020201000bde670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000bde670325132510000e670325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) 08:26:06 executing program 2: syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, &(0x7f00000028c0), 0x0, &(0x7f00000029c0)={[{@fat=@quiet}, {@nodots}], [{@uid_gt}]}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) 08:26:06 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) [ 112.980316] loop3: detected capacity change from 0 to 344 [ 112.984608] msdos: Unknown parameter 'uid>00000000000000000000' [ 112.994093] msdos: Unknown parameter 'uid>00000000000000000000' [ 113.015974] kmemleak: Found object by alias at 0x607f1a63ea8c [ 113.015994] CPU: 1 UID: 0 PID: 3924 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.016013] Tainted: [W]=WARN [ 113.016017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.016024] Call Trace: [ 113.016028] [ 113.016033] dump_stack_lvl+0xca/0x120 [ 113.016066] __lookup_object+0x94/0xb0 [ 113.016084] delete_object_full+0x27/0x70 [ 113.016101] free_percpu+0x30/0x1160 [ 113.016119] ? arch_uprobe_clear_state+0x16/0x140 [ 113.016140] futex_hash_free+0x38/0xc0 [ 113.016155] mmput+0x2d3/0x390 [ 113.016174] do_exit+0x79d/0x2970 [ 113.016188] ? lock_release+0xc8/0x290 [ 113.016205] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.016220] ? __pfx_do_exit+0x10/0x10 [ 113.016234] ? find_held_lock+0x2b/0x80 [ 113.016252] ? get_signal+0x835/0x2340 [ 113.016273] do_group_exit+0xd3/0x2a0 [ 113.016288] get_signal+0x2315/0x2340 [ 113.016306] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 113.016321] ? locks_remove_posix+0x258/0x410 [ 113.016337] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 113.016353] ? __pfx_get_signal+0x10/0x10 [ 113.016369] ? do_futex+0x135/0x370 [ 113.016383] ? __pfx_do_futex+0x10/0x10 [ 113.016399] arch_do_signal_or_restart+0x80/0x790 [ 113.016417] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 113.016434] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.016447] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.016459] ? fput_close_sync+0x114/0x240 [ 113.016476] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.016489] ? __pfx_fput_close_sync+0x10/0x10 [ 113.016505] ? dnotify_flush+0x79/0x4c0 [ 113.016521] exit_to_user_mode_loop+0x8b/0x110 [ 113.016535] do_syscall_64+0x2f7/0x360 [ 113.016548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.016561] RIP: 0033:0x7f5fa8738b19 [ 113.016570] Code: Unable to access opcode bytes at 0x7f5fa8738aef. [ 113.016575] RSP: 002b:00007f5fa5cae218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.016587] RAX: fffffffffffffe00 RBX: 00007f5fa884bf68 RCX: 00007f5fa8738b19 [ 113.016594] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5fa884bf68 [ 113.016601] RBP: 00007f5fa884bf60 R08: 0000000000000000 R09: 0000000000000000 [ 113.016608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5fa884bf6c [ 113.016615] R13: 00007ffc9d9278ff R14: 00007f5fa5cae300 R15: 0000000000022000 [ 113.016631] [ 113.016635] kmemleak: Object (percpu) 0x607f1a63ea88 (size 8): [ 113.016642] kmemleak: comm "syz-executor.6", pid 286, jiffies 4294779186 [ 113.016649] kmemleak: min_count = 1 [ 113.016653] kmemleak: count = 0 [ 113.016656] kmemleak: flags = 0x21 [ 113.016660] kmemleak: checksum = 0 [ 113.016664] kmemleak: backtrace: [ 113.016668] pcpu_alloc_noprof+0x87a/0x1170 [ 113.016683] __alloc_workqueue+0x74b/0x1820 [ 113.016702] alloc_workqueue_noprof+0xc7/0x200 [ 113.016711] ieee80211_register_hw+0x1ec5/0x3e00 [ 113.016725] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 113.016740] hwsim_new_radio_nl+0xb0d/0x1250 [ 113.016751] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 113.016764] genl_rcv_msg+0x532/0x7e0 [ 113.016775] netlink_rcv_skb+0x147/0x430 [ 113.016792] genl_rcv+0x28/0x40 [ 113.016801] netlink_unicast+0x5a7/0x870 [ 113.016817] netlink_sendmsg+0x8ac/0xd80 [ 113.016833] __sys_sendto+0x506/0x570 [ 113.016849] __x64_sys_sendto+0xe1/0x1c0 [ 113.016863] do_syscall_64+0xbf/0x360 [ 113.016873] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:26:06 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) 08:26:06 executing program 5: perf_event_open(&(0x7f0000001400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff86d88ffd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 08:26:06 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0xfde4) 08:26:06 executing program 2: syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, &(0x7f00000028c0), 0x0, &(0x7f00000029c0)={[{@fat=@quiet}, {@nodots}], [{@uid_gt}]}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) 08:26:06 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) [ 113.075950] msdos: Unknown parameter 'uid>00000000000000000000' 08:26:07 executing program 6: fcntl$setsig(0xffffffffffffffff, 0xa, 0x14) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x1, 0x208041) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 08:26:07 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) 08:26:07 executing program 2: syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, &(0x7f00000028c0), 0x0, &(0x7f00000029c0)={[{@fat=@quiet}, {@nodots}], [{@uid_gt}]}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) 08:26:07 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0xfde4) 08:26:07 executing program 5: perf_event_open(&(0x7f0000001400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff86d88ffd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 08:26:07 executing program 4: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000080)=0xa227) 08:26:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) 08:26:07 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) write$binfmt_elf32(r1, 0x0, 0x0) [ 113.164508] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 113.165414] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.166100] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.167621] Tainted: [W]=WARN [ 113.168451] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.170281] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.171295] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.175315] RSP: 0018:ffff888045ea7780 EFLAGS: 00010012 [ 113.176236] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005fd5000 [ 113.176831] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.177419] RBP: ffff888045ea79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16158 [ 113.178001] R10: 0000000000000000 R11: ffff88801edd2898 R12: dffffc0000000000 [ 113.178581] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.179183] FS: 00007f1443fd4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.179817] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.180274] CR2: 0000000020000000 CR3: 000000000c828000 CR4: 0000000000350ef0 [ 113.180841] Call Trace: [ 113.181051] [ 113.181238] ? __is_insn_slot_addr+0x140/0x290 [ 113.181613] ? __pfx_perf_tp_event+0x10/0x10 [ 113.181976] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 113.182466] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 113.182995] ? lock_is_held_type+0x9e/0x120 [ 113.183344] ? lock_is_held_type+0x9e/0x120 [ 113.183697] ? ctx_sched_in+0x134/0x9b0 [ 113.184014] ? kasan_save_stack+0x10/0x50 [ 113.184352] ? __pfx_ctx_sched_in+0x10/0x10 [ 113.184699] ? init_file+0x95/0x4c0 [ 113.185004] ? find_held_lock+0x2b/0x80 [ 113.185327] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.185727] perf_trace_run_bpf_submit+0xef/0x180 [ 113.186116] perf_trace_preemptirq_template+0x259/0x430 [ 113.186538] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 113.186994] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.187453] ? __pfx___resched_curr+0x10/0x10 [ 113.187823] ? find_held_lock+0x2b/0x80 [ 113.188149] ? try_to_wake_up+0x8ae/0x11d0 [ 113.188490] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 113.188898] trace_irq_enable.constprop.0+0xa6/0x100 [ 113.189299] trace_hardirqs_on+0x26/0x40 [ 113.189623] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 113.190018] try_to_wake_up+0x8ae/0x11d0 [ 113.190348] ? __pfx_try_to_wake_up+0x10/0x10 [ 113.190712] ? plist_del+0x122/0x270 [ 113.191026] ? find_held_lock+0x2b/0x80 [ 113.191348] ? futex_wake+0x474/0x540 [ 113.191660] wake_up_q+0xa1/0x130 [ 113.191947] futex_wake+0x47e/0x540 [ 113.192244] ? __pfx_futex_wake+0x10/0x10 [ 113.192577] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 113.192981] ? lock_release+0xc8/0x290 [ 113.193295] do_futex+0x26d/0x370 [ 113.193579] ? __pfx_do_futex+0x10/0x10 [ 113.193907] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 113.194354] ? __pfx___schedule+0x10/0x10 [ 113.194703] __x64_sys_futex+0x1c9/0x4d0 [ 113.195053] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.195509] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.195872] ? xfd_validate_state+0x55/0x180 [ 113.196236] do_syscall_64+0xbf/0x360 [ 113.196542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.196946] RIP: 0033:0x7f1446a5eb19 [ 113.197241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.198649] RSP: 002b:00007f1443fd4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.199246] RAX: ffffffffffffffda RBX: 00007f1446b71f68 RCX: 00007f1446a5eb19 [ 113.199799] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1446b71f6c [ 113.200355] RBP: 00007f1446b71f60 R08: 000000000000000e R09: 0000000000000000 [ 113.200907] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1446b71f6c [ 113.201459] R13: 00007ffcf93ff1ff R14: 00007f1443fd4300 R15: 0000000000022000 [ 113.202019] [ 113.202209] Modules linked in: [ 113.202467] ---[ end trace 0000000000000000 ]--- [ 113.202833] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.203215] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.204629] RSP: 0018:ffff888045ea7780 EFLAGS: 00010012 [ 113.205043] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005fd5000 [ 113.205598] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.206151] RBP: ffff888045ea79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16158 [ 113.206704] R10: 0000000000000000 R11: ffff88801edd2898 R12: dffffc0000000000 [ 113.207262] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.207819] FS: 00007f1443fd4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.208444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.208896] CR2: 0000000020000000 CR3: 000000000c828000 CR4: 0000000000350ef0 [ 113.209455] note: syz-executor.6[3937] exited with irqs disabled [ 113.210007] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 113.210877] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.211554] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.212479] Tainted: [D]=DIE, [W]=WARN [ 113.212780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.213417] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.213789] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.215207] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 113.215623] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.216182] RDX: ffff888043308000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.216736] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16158 [ 113.217288] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 113.217838] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 113.218388] FS: 00007f1443fd4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.219017] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.219472] CR2: 0000000020000000 CR3: 000000000c828000 CR4: 0000000000350ef0 [ 113.220037] Call Trace: [ 113.220242] [ 113.220420] ? __pfx_perf_tp_event+0x10/0x10 [ 113.220776] ? enqueue_task_fair+0xded/0x1e00 [ 113.221135] ? check_preempt_wakeup_fair+0x6e/0x950 [ 113.221531] ? wakeup_preempt+0x140/0x2a0 [ 113.221858] ? lock_release+0x1c7/0x290 [ 113.222176] ? lock_release+0x1c7/0x290 [ 113.222490] ? do_raw_spin_unlock+0x53/0x220 [ 113.222844] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 113.223263] ? try_to_wake_up+0x8ae/0x11d0 [ 113.223601] ? do_raw_spin_lock+0x123/0x260 [ 113.223945] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.224317] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.224713] perf_trace_run_bpf_submit+0xef/0x180 [ 113.225098] perf_trace_preemptirq_template+0x259/0x430 [ 113.225514] ? read_tsc+0x9/0x20 [ 113.225789] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.226249] ? clockevents_program_event+0x135/0x360 [ 113.226654] ? tick_program_event+0xac/0x140 [ 113.227009] ? handle_softirqs+0x16e/0x770 [ 113.227350] trace_irq_enable.constprop.0+0xa6/0x100 [ 113.227747] trace_hardirqs_on+0x26/0x40 [ 113.228067] handle_softirqs+0x16e/0x770 [ 113.228394] __irq_exit_rcu+0xc4/0x100 [ 113.228708] irq_exit_rcu+0x9/0x20 [ 113.228993] sysvec_apic_timer_interrupt+0x70/0x80 [ 113.229385] [ 113.229565] [ 113.229746] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.230157] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 113.230529] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 113.231938] RSP: 0018:ffff888045ea7f28 EFLAGS: 00000246 [ 113.232354] RAX: 0000000000000001 RBX: ffff888043308000 RCX: ffffffff817c3ab6 [ 113.232904] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 113.233458] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 113.234012] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888043308000 [ 113.234564] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 113.235123] ? trace_irq_enable.constprop.0+0x26/0x100 [ 113.235536] ? make_task_dead+0x214/0x3b0 [ 113.235866] ? make_task_dead+0x214/0x3b0 [ 113.236197] ? do_syscall_64+0xbf/0x360 [ 113.236508] rewind_stack_and_make_dead+0x16/0x20 [ 113.236899] RIP: 0033:0x7f1446a5eb19 [ 113.237191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.238600] RSP: 002b:00007f1443fd4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.239198] RAX: ffffffffffffffda RBX: 00007f1446b71f68 RCX: 00007f1446a5eb19 [ 113.239752] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1446b71f6c [ 113.240306] RBP: 00007f1446b71f60 R08: 000000000000000e R09: 0000000000000000 [ 113.240858] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1446b71f6c [ 113.241408] R13: 00007ffcf93ff1ff R14: 00007f1443fd4300 R15: 0000000000022000 [ 113.241964] [ 113.242152] Modules linked in: [ 113.242408] ---[ end trace 0000000000000000 ]--- [ 113.242771] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.243152] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.244553] RSP: 0018:ffff888045ea7780 EFLAGS: 00010012 [ 113.244969] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005fd5000 [ 113.245524] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.246076] RBP: ffff888045ea79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16158 [ 113.246627] R10: 0000000000000000 R11: ffff88801edd2898 R12: dffffc0000000000 [ 113.247187] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.247738] FS: 00007f1443fd4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.248358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.248809] CR2: 0000000020000000 CR3: 000000000c828000 CR4: 0000000000350ef0 [ 113.249375] Kernel panic - not syncing: Fatal exception in interrupt [ 113.249953] Kernel Offset: disabled [ 113.250240] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:26:07 Registers: info registers vcpu 0 RAX=00000000000182d3 RBX=ffff88806cf3c300 RCX=ffffc900077e1000 RDX=0000000000040000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804605f5a8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f156f3c8700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1571f66018 CR3=0000000013b51000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f1571f397c000007f1571f397c8 XMM02=00007f1571f397e000007f1571f397c0 XMM03=00007f1571f397c800007f1571f397c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045ea70f0 R8 =0000000000000000 R9 =ffffed1001434046 R10=0000000000000031 R11=313030203a505352 R12=0000000000000031 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1443fd4700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000000 CR3=000000000c828000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f1446b457c000007f1446b457c8 XMM02=00007f1446b457e000007f1446b457c0 XMM03=00007f1446b457c800007f1446b457c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000