Warning: Permanently added '[localhost]:55935' (ECDSA) to the list of known hosts. 2025/09/01 08:27:00 fuzzer started 2025/09/01 08:27:00 dialing manager at localhost:35473 syzkaller login: [ 50.629914] cgroup: Unknown subsys name 'net' [ 50.698871] cgroup: Unknown subsys name 'cpuset' [ 50.713995] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:27:12 syscalls: 2214 2025/09/01 08:27:12 code coverage: enabled 2025/09/01 08:27:12 comparison tracing: enabled 2025/09/01 08:27:12 extra coverage: enabled 2025/09/01 08:27:12 setuid sandbox: enabled 2025/09/01 08:27:12 namespace sandbox: enabled 2025/09/01 08:27:12 Android sandbox: enabled 2025/09/01 08:27:12 fault injection: enabled 2025/09/01 08:27:12 leak checking: enabled 2025/09/01 08:27:12 net packet injection: enabled 2025/09/01 08:27:12 net device setup: enabled 2025/09/01 08:27:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:27:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:27:12 USB emulation: enabled 2025/09/01 08:27:12 hci packet injection: enabled 2025/09/01 08:27:12 wifi device emulation: enabled 2025/09/01 08:27:12 802.15.4 emulation: enabled 2025/09/01 08:27:12 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:27:12 fetching corpus: 50, signal 30392/33160 (executing program) 2025/09/01 08:27:12 fetching corpus: 100, signal 38123/41798 (executing program) 2025/09/01 08:27:12 fetching corpus: 150, signal 45465/49802 (executing program) 2025/09/01 08:27:13 fetching corpus: 200, signal 50996/55892 (executing program) 2025/09/01 08:27:13 fetching corpus: 250, signal 57974/62973 (executing program) 2025/09/01 08:27:13 fetching corpus: 300, signal 61931/67204 (executing program) 2025/09/01 08:27:13 fetching corpus: 350, signal 65981/71401 (executing program) 2025/09/01 08:27:13 fetching corpus: 400, signal 69902/75318 (executing program) 2025/09/01 08:27:13 fetching corpus: 450, signal 73280/78623 (executing program) 2025/09/01 08:27:13 fetching corpus: 500, signal 76080/81361 (executing program) 2025/09/01 08:27:13 fetching corpus: 550, signal 77989/83374 (executing program) 2025/09/01 08:27:14 fetching corpus: 600, signal 80887/85950 (executing program) 2025/09/01 08:27:14 fetching corpus: 650, signal 84056/88767 (executing program) 2025/09/01 08:27:14 fetching corpus: 700, signal 87366/91401 (executing program) 2025/09/01 08:27:14 fetching corpus: 750, signal 89729/93314 (executing program) 2025/09/01 08:27:14 fetching corpus: 800, signal 91566/94736 (executing program) 2025/09/01 08:27:14 fetching corpus: 850, signal 93681/96325 (executing program) 2025/09/01 08:27:15 fetching corpus: 900, signal 95633/97714 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/98627 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/98707 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/98788 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/98873 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/98958 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99031 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99125 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99204 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99283 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99356 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99460 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99537 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99630 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99722 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99813 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99888 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/99973 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100059 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100143 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100234 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100317 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100412 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100500 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100578 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100669 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100741 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100836 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/100924 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/101005 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/101082 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/101162 (executing program) 2025/09/01 08:27:15 fetching corpus: 946, signal 96911/101162 (executing program) 2025/09/01 08:27:17 starting 8 fuzzer processes 08:27:17 executing program 0: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000005240)='./file0\x00', 0x0, 0x0) 08:27:17 executing program 7: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000680)={{{@in6=@empty, @in=@empty}, {}, {}, 0x0, 0x0, 0x0, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}}, 0xe8) 08:27:17 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{}]}) 08:27:17 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_GET_CAPABILITY(r0, 0x5331) 08:27:17 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2801000017000100000000000000000000000000000000000000ffffac1414bb0000000000000000fc020000000000000000000000000000ac141400000000000000000000000000fe88000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000001000000000001000000000000ffffffff00000000000000003c94723a2f05cd5b000000000000000000000000f0adc42ba5530f5497e794aac7907d1932e25e90820ceaa5cb752f16f7318ffa39f231cd885c27b37814d5be1cdd8d6ca2bf86bfa766917f031ae8179ab64bc26aed7a3730e2a3a8d1347419bcaddb933733ce1bec335f905b1893195035b78783f57375e6b6e8b938662e3b1415f9cc25ab9f41"], 0x128}}, 0x0) 08:27:17 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 08:27:17 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='numa_maps\x00') pread64(r0, &(0x7f0000000080)=""/239, 0xef, 0x0) [ 66.861206] audit: type=1400 audit(1756715237.336:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:27:17 executing program 6: ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000480)=0xff) [ 68.053647] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.056120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.058074] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.064393] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.067710] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.124156] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.126339] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.130999] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.137325] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.141445] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.199117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.200978] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.207106] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.209328] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.211106] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.219299] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.221574] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.222830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.225861] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.227569] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.228591] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.233997] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.236317] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.236939] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.240372] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.240612] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.242191] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.242495] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.246250] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.246269] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.249059] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.250988] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.252410] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.254355] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.256343] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.261801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.270713] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.272201] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.274906] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.277186] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.085203] Bluetooth: hci0: command tx timeout [ 70.212566] Bluetooth: hci1: command tx timeout [ 70.339656] Bluetooth: hci6: command tx timeout [ 70.339784] Bluetooth: hci5: command tx timeout [ 70.340959] Bluetooth: hci7: command tx timeout [ 70.341083] Bluetooth: hci4: command tx timeout [ 70.341152] Bluetooth: hci3: command tx timeout [ 70.341216] Bluetooth: hci2: command tx timeout [ 72.131638] Bluetooth: hci0: command tx timeout [ 72.259577] Bluetooth: hci1: command tx timeout [ 72.387577] Bluetooth: hci5: command tx timeout [ 72.389548] Bluetooth: hci2: command tx timeout [ 72.390017] Bluetooth: hci3: command tx timeout [ 72.390424] Bluetooth: hci4: command tx timeout [ 72.390923] Bluetooth: hci7: command tx timeout [ 72.390938] Bluetooth: hci6: command tx timeout [ 74.179876] Bluetooth: hci0: command tx timeout [ 74.307692] Bluetooth: hci1: command tx timeout [ 74.435708] Bluetooth: hci7: command tx timeout [ 74.436392] Bluetooth: hci6: command tx timeout [ 74.436425] Bluetooth: hci4: command tx timeout [ 74.437121] Bluetooth: hci3: command tx timeout [ 74.437436] Bluetooth: hci2: command tx timeout [ 74.438116] Bluetooth: hci5: command tx timeout [ 76.228606] Bluetooth: hci0: command tx timeout [ 76.355593] Bluetooth: hci1: command tx timeout [ 76.484839] Bluetooth: hci4: command tx timeout [ 76.486091] Bluetooth: hci2: command tx timeout [ 76.486970] Bluetooth: hci3: command tx timeout [ 76.487822] Bluetooth: hci5: command tx timeout [ 76.488659] Bluetooth: hci7: command tx timeout [ 76.489452] Bluetooth: hci6: command tx timeout [ 106.399681] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.400356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.558110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.559169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.673738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.674376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.785154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.785852] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.857371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.858043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.899462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.900120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.976232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.976877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.996565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.997206] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.018625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.019234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.051552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.052180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.152904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.153549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.185944] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.186579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.198507] FAT-fs (loop4): bogus number of directory entries (114) [ 107.199153] FAT-fs (loop4): Can't find a valid FAT filesystem [ 107.209176] FAT-fs (loop4): bogus number of directory entries (114) [ 107.209790] FAT-fs (loop4): Can't find a valid FAT filesystem [ 107.272302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.272980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.289682] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.290273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.368784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.369423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.435564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.436180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.601615] audit: type=1400 audit(1756715278.073:8): avc: denied { open } for pid=3889 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 107.604795] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.605660] audit: type=1400 audit(1756715278.073:9): avc: denied { kernel } for pid=3889 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:27:58 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='numa_maps\x00') pread64(r0, &(0x7f0000000080)=""/239, 0xef, 0x0) 08:27:58 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_GET_CAPABILITY(r0, 0x5331) 08:27:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2801000017000100000000000000000000000000000000000000ffffac1414bb0000000000000000fc020000000000000000000000000000ac141400000000000000000000000000fe88000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000001000000000001000000000000ffffffff00000000000000003c94723a2f05cd5b000000000000000000000000f0adc42ba5530f5497e794aac7907d1932e25e90820ceaa5cb752f16f7318ffa39f231cd885c27b37814d5be1cdd8d6ca2bf86bfa766917f031ae8179ab64bc26aed7a3730e2a3a8d1347419bcaddb933733ce1bec335f905b1893195035b78783f57375e6b6e8b938662e3b1415f9cc25ab9f41"], 0x128}}, 0x0) 08:27:58 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{}]}) 08:27:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 08:27:58 executing program 6: ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000480)=0xff) 08:27:58 executing program 7: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000680)={{{@in6=@empty, @in=@empty}, {}, {}, 0x0, 0x0, 0x0, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}}, 0xe8) 08:27:58 executing program 0: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000005240)='./file0\x00', 0x0, 0x0) [ 107.766999] FAT-fs (loop4): bogus number of directory entries (114) [ 107.767808] FAT-fs (loop4): Can't find a valid FAT filesystem 08:27:58 executing program 0: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000005240)='./file0\x00', 0x0, 0x0) 08:27:58 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='numa_maps\x00') pread64(r0, &(0x7f0000000080)=""/239, 0xef, 0x0) 08:27:58 executing program 6: ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000480)=0xff) 08:27:58 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_GET_CAPABILITY(r0, 0x5331) 08:27:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e2b947400028001000272000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[]) 08:27:58 executing program 7: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000680)={{{@in6=@empty, @in=@empty}, {}, {}, 0x0, 0x0, 0x0, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}}, 0xe8) 08:27:58 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2801000017000100000000000000000000000000000000000000ffffac1414bb0000000000000000fc020000000000000000000000000000ac141400000000000000000000000000fe88000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000001000000000001000000000000ffffffff00000000000000003c94723a2f05cd5b000000000000000000000000f0adc42ba5530f5497e794aac7907d1932e25e90820ceaa5cb752f16f7318ffa39f231cd885c27b37814d5be1cdd8d6ca2bf86bfa766917f031ae8179ab64bc26aed7a3730e2a3a8d1347419bcaddb933733ce1bec335f905b1893195035b78783f57375e6b6e8b938662e3b1415f9cc25ab9f41"], 0x128}}, 0x0) [ 107.849639] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000031: 0000 [#1] SMP KASAN NOPTI [ 107.850588] KASAN: probably user-memory-access in range [0x0000000100000188-0x000000010000018f] [ 107.851287] CPU: 1 UID: 0 PID: 283 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 107.853702] Tainted: [W]=WARN [ 107.854355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.855893] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.857217] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.860469] RSP: 0018:ffff88806cf08940 EFLAGS: 00010013 [ 107.861990] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 107.862576] RDX: ffff88801782b700 RSI: ffffffff8189a4e7 RDI: 000000010000018f [ 107.863142] RBP: ffff88806cf08bb0 R08: ffff88806cf313e8 R09: ffffe8ffffd09c08 [ 107.863707] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 107.864261] R13: 000000000000002c R14: ffff88806cf313e8 R15: dffffc0000000000 [ 107.864817] FS: 0000555577120400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 107.865443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.865897] CR2: 00007f3ed2826018 CR3: 000000003f1e2000 CR4: 0000000000350ef0 [ 107.866459] Call Trace: [ 107.866665] [ 107.866840] ? __is_insn_slot_addr+0x136/0x290 [ 107.867222] ? __pfx_perf_tp_event+0x10/0x10 [ 107.867586] ? __kernel_text_address+0xd/0x40 [ 107.867951] ? unwind_get_return_address+0x59/0xa0 [ 107.868350] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 107.868781] ? arch_stack_walk+0x9c/0xf0 [ 107.869122] ? stack_trace_save+0x8e/0xc0 [ 107.869453] ? stack_depot_save_flags+0x2c/0xa20 [ 107.869836] ? kasan_save_stack+0x34/0x50 [ 107.870168] ? kasan_save_stack+0x24/0x50 [ 107.870508] ? kasan_save_track+0x14/0x30 [ 107.870840] ? __kasan_save_free_info+0x3a/0x60 [ 107.871218] ? __kasan_slab_free+0x3f/0x50 [ 107.871605] ? kfree+0x281/0x550 [ 107.871946] ? perf_trace_run_bpf_submit+0xef/0x180 [ 107.872445] ? copy_page_range+0xeaa/0x5140 [ 107.872877] ? dup_mmap+0xd2f/0x1d10 [ 107.873208] ? copy_process+0x3ad5/0x73c0 [ 107.873538] ? kernel_clone+0xea/0x7f0 [ 107.873845] ? __do_sys_clone+0xce/0x120 [ 107.874168] ? do_syscall_64+0xbf/0x360 [ 107.874483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.874899] perf_trace_run_bpf_submit+0xef/0x180 [ 107.875287] perf_trace_lock+0x337/0x5d0 [ 107.875626] ? __pfx_perf_trace_lock+0x10/0x10 [ 107.875995] ? do_raw_spin_lock+0x123/0x260 [ 107.876344] ? delete_object_full+0x46/0x70 [ 107.876693] lock_release+0x1ab/0x290 [ 107.877000] _raw_spin_unlock_irqrestore+0x1a/0x50 [ 107.877393] delete_object_full+0x46/0x70 [ 107.877733] kmem_cache_free+0x33a/0x540 [ 107.878054] ? dst_destroy+0x23c/0x340 [ 107.878372] ? rcu_core+0x7c3/0x1800 [ 107.878675] dst_destroy+0x23c/0x340 [ 107.878984] rcu_core+0x7c8/0x1800 [ 107.879276] ? __pfx_rcu_core+0x10/0x10 [ 107.879605] ? clockevents_program_event+0x135/0x360 [ 107.880018] ? mark_held_locks+0x49/0x80 [ 107.880344] handle_softirqs+0x1b1/0x770 [ 107.880680] __irq_exit_rcu+0xc4/0x100 [ 107.880998] irq_exit_rcu+0x9/0x20 [ 107.881281] sysvec_apic_timer_interrupt+0x70/0x80 [ 107.881675] [ 107.881858] [ 107.882038] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 107.882451] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x0/0x20 [ 107.882927] Code: 0c 24 0f b7 d6 0f b7 f7 bf 03 00 00 00 e9 48 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 0c 24 89 f2 89 fe bf 05 00 00 00 e9 1a fe ff ff [ 107.884354] RSP: 0018:ffff88803cdaf6b8 EFLAGS: 00000216 [ 107.884772] RAX: 0000000000000007 RBX: 0000000000000082 RCX: ffffffff819e5a37 [ 107.885337] RDX: 0000000000000000 RSI: 0000000000000082 RDI: 000000000000007f [ 107.885891] RBP: ffffea0000fc6680 R08: 0000000000000000 R09: fffff940001f8cd6 [ 107.886448] R10: ffffea0000fc66b7 R11: 0000000000000001 R12: ffffea0000fc66b4 [ 107.886980] R13: ffffea0000fc6680 R14: ffffea0000fc6680 R15: dffffc0000000000 [ 107.887513] ? copy_page_range+0xe77/0x5140 [ 107.887849] copy_page_range+0xeaa/0x5140 [ 107.888204] ? __pfx_copy_page_range+0x10/0x10 [ 107.888571] ? perf_trace_lock+0xb5/0x5d0 [ 107.888898] ? mas_destroy+0x5ce/0x9c0 [ 107.889212] ? __pfx_perf_trace_lock+0x10/0x10 [ 107.889579] ? lock_acquire+0x15e/0x2f0 [ 107.889893] ? dup_mmap+0xc95/0x1d10 [ 107.890205] ? find_held_lock+0x2b/0x80 [ 107.890550] ? dup_mmap+0xce8/0x1d10 [ 107.890851] ? lock_release+0xc8/0x290 [ 107.891162] ? down_write+0x119/0x1f0 [ 107.891475] ? up_write+0x195/0x520 [ 107.891772] ? lock_is_held_type+0x9e/0x120 [ 107.892122] dup_mmap+0xd2f/0x1d10 [ 107.892420] ? __pfx_dup_mmap+0x10/0x10 [ 107.892748] ? lock_is_held_type+0x9e/0x120 [ 107.893099] copy_process+0x3ad5/0x73c0 [ 107.893423] ? __pfx_copy_process+0x10/0x10 [ 107.893767] ? do_raw_spin_lock+0x123/0x260 [ 107.894116] kernel_clone+0xea/0x7f0 [ 107.894415] ? __pfx_kernel_clone+0x10/0x10 [ 107.894760] ? __lock_acquire+0x694/0x1b70 [ 107.895095] ? css_rstat_updated+0x1b8/0x4d0 [ 107.895461] ? __pfx_css_rstat_updated+0x10/0x10 [ 107.895844] __do_sys_clone+0xce/0x120 [ 107.896155] ? __pfx___do_sys_clone+0x10/0x10 [ 107.896511] ? find_held_lock+0x2b/0x80 [ 107.896843] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 107.897260] do_syscall_64+0xbf/0x360 [ 107.897565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.897973] RIP: 0033:0x7f10c365d10b [ 107.898267] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 107.899677] RSP: 002b:00007fff15455700 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 107.900290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f10c365d10b [ 107.900862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 107.901440] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555577120400 [ 107.902012] R10: 00005555771206d0 R11: 0000000000000246 R12: 0000000000000001 [ 107.902584] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff154557e0 [ 107.903166] [ 107.903367] Modules linked in: [ 107.903637] ---[ end trace 0000000000000000 ]--- [ 107.904019] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.904406] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.905851] RSP: 0018:ffff88806cf08940 EFLAGS: 00010013 [ 107.906282] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 107.906860] RDX: ffff88801782b700 RSI: ffffffff8189a4e7 RDI: 000000010000018f [ 107.907438] RBP: ffff88806cf08bb0 R08: ffff88806cf313e8 R09: ffffe8ffffd09c08 [ 107.908019] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 107.908588] R13: 000000000000002c R14: ffff88806cf313e8 R15: dffffc0000000000 [ 107.909159] FS: 0000555577120400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 107.909806] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.910277] CR2: 00007f3ed2826018 CR3: 000000003f1e2000 CR4: 0000000000350ef0 [ 107.910823] Kernel panic - not syncing: Fatal exception in interrupt [ 108.956139] Shutting down cpus with NMI [ 108.956707] Kernel Offset: disabled [ 108.956984] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:27:58 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0ba12ad RSI=0000000000000004 RDI=ffffffff85d09560 RBP=ffffffff85d09560 RSP=ffff88806ce08c18 R8 =0000000000000000 R9 =fffffbfff0ba12ac R10=ffffffff85d09563 R11=0000000000000000 R12=1ffff1100d9c1184 R13=0000000000000003 R14=fffffbfff0ba12ac R15=ffff88806ce08c50 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb3160568c0 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3ab05e13a4 CR3=000000000d24e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=7269762f736563697665642f7379732f XMM01=6c622f6c6175747269762f7365636976 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055c5de585800000055c5de585aa0 XMM06=000055c5de578220ffffffff00000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88806cf082b0 R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000030 R11=313030203a505352 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555577120400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3ed2826018 CR3=000000003f1e2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f3ed27f97c000007f3ed27f97c8 XMM02=00007f3ed27f97e000007f3ed27f97c0 XMM03=00007f3ed27f97c800007f3ed27f97c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000