Warning: Permanently added '[localhost]:20273' (ECDSA) to the list of known hosts. 2025/09/01 09:12:46 fuzzer started 2025/09/01 09:12:46 dialing manager at localhost:35473 syzkaller login: [ 59.852000] cgroup: Unknown subsys name 'net' [ 59.983864] cgroup: Unknown subsys name 'cpuset' [ 60.045949] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:12:57 syscalls: 2214 2025/09/01 09:12:57 code coverage: enabled 2025/09/01 09:12:57 comparison tracing: enabled 2025/09/01 09:12:57 extra coverage: enabled 2025/09/01 09:12:57 setuid sandbox: enabled 2025/09/01 09:12:57 namespace sandbox: enabled 2025/09/01 09:12:57 Android sandbox: enabled 2025/09/01 09:12:57 fault injection: enabled 2025/09/01 09:12:57 leak checking: enabled 2025/09/01 09:12:57 net packet injection: enabled 2025/09/01 09:12:57 net device setup: enabled 2025/09/01 09:12:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:12:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:12:57 USB emulation: enabled 2025/09/01 09:12:57 hci packet injection: enabled 2025/09/01 09:12:57 wifi device emulation: enabled 2025/09/01 09:12:57 802.15.4 emulation: enabled 2025/09/01 09:12:57 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:12:57 fetching corpus: 50, signal 19441/22913 (executing program) 2025/09/01 09:12:57 fetching corpus: 100, signal 29078/33908 (executing program) 2025/09/01 09:12:57 fetching corpus: 150, signal 39623/45490 (executing program) 2025/09/01 09:12:57 fetching corpus: 200, signal 47547/54299 (executing program) 2025/09/01 09:12:58 fetching corpus: 250, signal 53722/61319 (executing program) 2025/09/01 09:12:58 fetching corpus: 300, signal 58764/67095 (executing program) 2025/09/01 09:12:58 fetching corpus: 350, signal 63114/72198 (executing program) 2025/09/01 09:12:58 fetching corpus: 400, signal 66159/76021 (executing program) 2025/09/01 09:12:58 fetching corpus: 450, signal 69427/79917 (executing program) 2025/09/01 09:12:58 fetching corpus: 500, signal 75647/86220 (executing program) 2025/09/01 09:12:58 fetching corpus: 550, signal 79087/90064 (executing program) 2025/09/01 09:12:58 fetching corpus: 600, signal 82355/93673 (executing program) 2025/09/01 09:12:58 fetching corpus: 650, signal 84497/96298 (executing program) 2025/09/01 09:12:59 fetching corpus: 700, signal 86444/98669 (executing program) 2025/09/01 09:12:59 fetching corpus: 750, signal 87576/100341 (executing program) 2025/09/01 09:12:59 fetching corpus: 800, signal 90773/103601 (executing program) 2025/09/01 09:12:59 fetching corpus: 850, signal 93329/106322 (executing program) 2025/09/01 09:12:59 fetching corpus: 900, signal 95130/108346 (executing program) 2025/09/01 09:12:59 fetching corpus: 950, signal 96181/109754 (executing program) 2025/09/01 09:12:59 fetching corpus: 1000, signal 98729/112241 (executing program) 2025/09/01 09:12:59 fetching corpus: 1050, signal 99905/113720 (executing program) 2025/09/01 09:12:59 fetching corpus: 1100, signal 102001/115772 (executing program) 2025/09/01 09:13:00 fetching corpus: 1149, signal 105390/118578 (executing program) 2025/09/01 09:13:00 fetching corpus: 1199, signal 106525/119902 (executing program) 2025/09/01 09:13:00 fetching corpus: 1249, signal 107694/121236 (executing program) 2025/09/01 09:13:00 fetching corpus: 1299, signal 108943/122576 (executing program) 2025/09/01 09:13:00 fetching corpus: 1349, signal 109976/123727 (executing program) 2025/09/01 09:13:00 fetching corpus: 1399, signal 111047/124859 (executing program) 2025/09/01 09:13:00 fetching corpus: 1449, signal 111731/125746 (executing program) 2025/09/01 09:13:00 fetching corpus: 1499, signal 113842/127444 (executing program) 2025/09/01 09:13:00 fetching corpus: 1549, signal 114809/128498 (executing program) 2025/09/01 09:13:01 fetching corpus: 1599, signal 116354/129785 (executing program) 2025/09/01 09:13:01 fetching corpus: 1649, signal 117485/130788 (executing program) 2025/09/01 09:13:01 fetching corpus: 1699, signal 118435/131670 (executing program) 2025/09/01 09:13:01 fetching corpus: 1749, signal 119315/132514 (executing program) 2025/09/01 09:13:01 fetching corpus: 1799, signal 120328/133362 (executing program) 2025/09/01 09:13:01 fetching corpus: 1849, signal 121130/134127 (executing program) 2025/09/01 09:13:01 fetching corpus: 1899, signal 122204/134984 (executing program) 2025/09/01 09:13:01 fetching corpus: 1949, signal 123082/135740 (executing program) 2025/09/01 09:13:01 fetching corpus: 1999, signal 124372/136610 (executing program) 2025/09/01 09:13:02 fetching corpus: 2049, signal 125663/137450 (executing program) 2025/09/01 09:13:02 fetching corpus: 2099, signal 126861/138190 (executing program) 2025/09/01 09:13:02 fetching corpus: 2149, signal 127811/138892 (executing program) 2025/09/01 09:13:02 fetching corpus: 2199, signal 128628/139464 (executing program) 2025/09/01 09:13:02 fetching corpus: 2249, signal 129829/140167 (executing program) 2025/09/01 09:13:02 fetching corpus: 2299, signal 130663/140699 (executing program) 2025/09/01 09:13:02 fetching corpus: 2349, signal 131421/141253 (executing program) 2025/09/01 09:13:02 fetching corpus: 2399, signal 132287/141729 (executing program) 2025/09/01 09:13:02 fetching corpus: 2449, signal 133168/142231 (executing program) 2025/09/01 09:13:03 fetching corpus: 2499, signal 133951/142635 (executing program) 2025/09/01 09:13:03 fetching corpus: 2549, signal 134898/143106 (executing program) 2025/09/01 09:13:03 fetching corpus: 2599, signal 135323/143369 (executing program) 2025/09/01 09:13:03 fetching corpus: 2649, signal 135877/143660 (executing program) 2025/09/01 09:13:03 fetching corpus: 2699, signal 136580/143966 (executing program) 2025/09/01 09:13:03 fetching corpus: 2749, signal 137687/144348 (executing program) 2025/09/01 09:13:03 fetching corpus: 2799, signal 138347/144667 (executing program) 2025/09/01 09:13:03 fetching corpus: 2849, signal 139091/144926 (executing program) 2025/09/01 09:13:03 fetching corpus: 2899, signal 139871/145196 (executing program) 2025/09/01 09:13:03 fetching corpus: 2949, signal 140470/145381 (executing program) 2025/09/01 09:13:04 fetching corpus: 2999, signal 141090/145561 (executing program) 2025/09/01 09:13:04 fetching corpus: 3049, signal 141843/145760 (executing program) 2025/09/01 09:13:04 fetching corpus: 3099, signal 142914/145947 (executing program) 2025/09/01 09:13:04 fetching corpus: 3149, signal 143618/146177 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146278 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146311 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146345 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146382 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146421 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146450 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146473 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146516 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146520 (executing program) 2025/09/01 09:13:04 fetching corpus: 3168, signal 143873/146520 (executing program) 2025/09/01 09:13:06 starting 8 fuzzer processes 09:13:06 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000000)=@ethtool_coalesce={0x1d}}) 09:13:06 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 09:13:06 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}}) 09:13:06 executing program 7: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) 09:13:06 executing program 3: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x423, &(0x7f00000006c0)) 09:13:06 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)="93", 0x1}], 0x1}}], 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0xb, 0x0, &(0x7f0000001a40)) [ 79.844502] audit: type=1400 audit(1756717986.852:7): avc: denied { execmem } for pid=271 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:13:06 executing program 5: prctl$PR_SET_MM_MAP(0x42, 0xe, 0x0, 0x0) 09:13:06 executing program 6: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) [ 80.977067] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.979495] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.981874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.986498] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.990073] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.040279] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.043079] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.044883] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.050606] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.057766] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.121055] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.129801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.131273] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.134741] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.137711] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.141351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.147673] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.149492] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.165725] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.169875] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.171972] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.173493] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.181770] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.183043] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.186555] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.187775] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.191840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.195553] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.200204] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.206595] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.235706] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.238868] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.245675] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.252538] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.255609] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.257735] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.270715] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.274686] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.304855] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.311804] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.071175] Bluetooth: hci1: command tx timeout [ 83.071862] Bluetooth: hci0: command tx timeout [ 83.198796] Bluetooth: hci2: command tx timeout [ 83.263409] Bluetooth: hci4: command tx timeout [ 83.263881] Bluetooth: hci5: command tx timeout [ 83.264303] Bluetooth: hci3: command tx timeout [ 83.326430] Bluetooth: hci6: command tx timeout [ 83.390463] Bluetooth: hci7: command tx timeout [ 85.118770] Bluetooth: hci1: command tx timeout [ 85.119202] Bluetooth: hci0: command tx timeout [ 85.247452] Bluetooth: hci2: command tx timeout [ 85.310461] Bluetooth: hci3: command tx timeout [ 85.310926] Bluetooth: hci5: command tx timeout [ 85.311308] Bluetooth: hci4: command tx timeout [ 85.374441] Bluetooth: hci6: command tx timeout [ 85.438903] Bluetooth: hci7: command tx timeout [ 87.166524] Bluetooth: hci0: command tx timeout [ 87.167331] Bluetooth: hci1: command tx timeout [ 87.294630] Bluetooth: hci2: command tx timeout [ 87.358532] Bluetooth: hci3: command tx timeout [ 87.359286] Bluetooth: hci5: command tx timeout [ 87.360159] Bluetooth: hci4: command tx timeout [ 87.422519] Bluetooth: hci6: command tx timeout [ 87.486519] Bluetooth: hci7: command tx timeout [ 89.214481] Bluetooth: hci1: command tx timeout [ 89.214961] Bluetooth: hci0: command tx timeout [ 89.342429] Bluetooth: hci2: command tx timeout [ 89.406439] Bluetooth: hci5: command tx timeout [ 89.406899] Bluetooth: hci4: command tx timeout [ 89.407303] Bluetooth: hci3: command tx timeout [ 89.472418] Bluetooth: hci6: command tx timeout [ 89.534421] Bluetooth: hci7: command tx timeout [ 118.055626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.056268] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.237487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.238120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.650686] audit: type=1400 audit(1756718025.658:8): avc: denied { open } for pid=3683 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.668450] audit: type=1400 audit(1756718025.659:9): avc: denied { kernel } for pid=3683 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:13:45 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) [ 118.832298] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.832912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:13:45 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) [ 118.964623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.965200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:13:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 09:13:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 09:13:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 09:13:46 executing program 3: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x423, &(0x7f00000006c0)) 09:13:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 09:13:46 executing program 3: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x423, &(0x7f00000006c0)) [ 120.264203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.264836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.375079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.375956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.464509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.465086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.517232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.518264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.594841] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.595499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.675394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.676010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.810773] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.811432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.895658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.896283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.968098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.968735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.035956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.036870] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.274519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.275132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.326747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.327383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:13:48 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x530c, &(0x7f00000000c0)={"000000000000800000000088", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:13:48 executing program 3: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x423, &(0x7f00000006c0)) 09:13:48 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000000)=@ethtool_coalesce={0x1d}}) 09:13:48 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) r1 = timerfd_create(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0, 0x2e}]) 09:13:48 executing program 5: prctl$PR_SET_MM_MAP(0x42, 0xe, 0x0, 0x0) 09:13:48 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}}) 09:13:48 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)="93", 0x1}], 0x1}}], 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0xb, 0x0, &(0x7f0000001a40)) 09:13:48 executing program 6: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) 09:13:48 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000000)=@ethtool_coalesce={0x1d}}) 09:13:48 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000000)=@ethtool_coalesce={0x1d}}) 09:13:48 executing program 5: prctl$PR_SET_MM_MAP(0x42, 0xe, 0x0, 0x0) 09:13:48 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) 09:13:48 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) 09:13:48 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) r1 = timerfd_create(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0, 0x2e}]) 09:13:48 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}}) 09:13:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x80000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f80100200040000000000000000000800029561eadf153595a4b414c4c4552202046415431362020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ffffffffffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8fffffff0ffffffffffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000eb80325132510000eb80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010007deb70325132510000eb70325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020007deb70325132510000eb70325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020007deb70325132510000eb70325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20007deb70325132510000eb703251070064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e2020202020202020202010007deb70325132510000eb7032510300000000002e2e20202020202020202010007deb70325132510000eb70325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020007deb70325132510000eb70325104001a040000", 0x80, 0x11400}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x21400}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x31400}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x51400}], 0x0, &(0x7f0000010d00)) 09:13:48 executing program 5: prctl$PR_SET_MM_MAP(0x42, 0xe, 0x0, 0x0) 09:13:48 executing program 6: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) 09:13:48 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)="93", 0x1}], 0x1}}], 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0xb, 0x0, &(0x7f0000001a40)) [ 121.659829] loop0: detected capacity change from 0 to 1300 09:13:48 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x530c, &(0x7f00000000c0)={"000000000000800000000088", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:13:48 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)="93", 0x1}], 0x1}}], 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0xb, 0x0, &(0x7f0000001a40)) 09:13:48 executing program 6: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) 09:13:48 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x0) close(r0) 09:13:48 executing program 0: pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f0000000000), 0x2000) 09:13:48 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) r1 = timerfd_create(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0, 0x2e}]) 09:13:48 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}}) 09:13:48 executing program 6: r0 = epoll_create(0xe9) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x10000002}) 09:13:48 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x530c, &(0x7f00000000c0)={"000000000000800000000088", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:13:48 executing program 4: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r1, &(0x7f0000000280)=[{&(0x7f0000000080)="8c", 0x1}], 0x1, 0x2400000, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 09:13:48 executing program 5: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x40082406, 0x0) [ 121.859922] audit: type=1400 audit(1756718028.868:10): avc: denied { write } for pid=3961 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:13:48 executing program 6: r0 = epoll_create(0xe9) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x10000002}) 09:13:48 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x28, 0x0, &(0x7f0000000240)) 09:13:48 executing program 0: pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f0000000000), 0x2000) 09:13:48 executing program 4: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r1, &(0x7f0000000280)=[{&(0x7f0000000080)="8c", 0x1}], 0x1, 0x2400000, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 09:13:48 executing program 5: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x40082406, 0x0) 09:13:48 executing program 1: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r1, &(0x7f0000000280)=[{&(0x7f0000000080)="8c", 0x1}], 0x1, 0x2400000, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 09:13:48 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x530c, &(0x7f00000000c0)={"000000000000800000000088", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:13:49 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) r1 = timerfd_create(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000001e00)=[&(0x7f0000001c00)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0, 0x2e}]) 09:13:49 executing program 6: r0 = epoll_create(0xe9) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x10000002}) [ 122.042668] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 122.043595] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 122.044375] CPU: 1 UID: 0 PID: 3990 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.047060] Tainted: [W]=WARN [ 122.047743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.049791] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.050809] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.053464] RSP: 0018:ffff8880143d7780 EFLAGS: 00010012 [ 122.053883] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005a42000 [ 122.054436] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 122.054991] RBP: ffff8880143d79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16540 [ 122.055555] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.056109] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.056664] FS: 00007f18b896e700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.057287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.057742] CR2: 00007f18bb50c018 CR3: 00000000443de000 CR4: 0000000000350ef0 [ 122.058296] Call Trace: [ 122.058508] [ 122.058690] ? __pfx_perf_tp_event+0x10/0x10 [ 122.059045] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 122.059536] ? lock_acquire+0x15e/0x2f0 [ 122.059855] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 122.060355] ? lock_is_held_type+0x9e/0x120 [ 122.060705] ? lock_is_held_type+0x9e/0x120 [ 122.061055] ? ctx_sched_in+0x134/0x9b0 [ 122.061371] ? css_rstat_updated+0x1b8/0x4d0 [ 122.061729] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.062108] ? lock_is_held_type+0x9e/0x120 [ 122.062456] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.062853] ? lock_is_held_type+0x9e/0x120 [ 122.063197] perf_trace_run_bpf_submit+0xef/0x180 [ 122.063592] perf_trace_preemptirq_template+0x259/0x430 [ 122.064013] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.064469] ? check_preempt_wakeup_fair+0x406/0x950 [ 122.064872] ? find_held_lock+0x2b/0x80 [ 122.065195] ? try_to_wake_up+0x8ae/0x11d0 [ 122.065536] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.065939] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.066336] trace_hardirqs_on+0x26/0x40 [ 122.066656] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.067046] try_to_wake_up+0x8ae/0x11d0 [ 122.067384] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.067742] ? plist_del+0x122/0x270 [ 122.068045] ? find_held_lock+0x2b/0x80 [ 122.068367] ? futex_wake+0x474/0x540 [ 122.068677] wake_up_q+0xa1/0x130 [ 122.068960] futex_wake+0x47e/0x540 [ 122.069255] ? __pfx_futex_wake+0x10/0x10 [ 122.069587] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 122.069985] ? lock_release+0xc8/0x290 [ 122.070295] do_futex+0x26d/0x370 [ 122.070577] ? __pfx_do_futex+0x10/0x10 [ 122.070894] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.071319] ? find_held_lock+0x2b/0x80 [ 122.071641] __x64_sys_futex+0x1c9/0x4d0 [ 122.071963] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.072423] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.072790] ? xfd_validate_state+0x55/0x180 [ 122.073152] do_syscall_64+0xbf/0x360 [ 122.073455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.073862] RIP: 0033:0x7f18bb3f8b19 [ 122.074155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.075563] RSP: 002b:00007f18b896e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.076150] RAX: ffffffffffffffda RBX: 00007f18bb50bf68 RCX: 00007f18bb3f8b19 [ 122.076701] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f18bb50bf6c [ 122.077252] RBP: 00007f18bb50bf60 R08: 000000000000000e R09: 0000000000000000 [ 122.077807] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f18bb50bf6c [ 122.078360] R13: 00007fff40a1f63f R14: 00007f18b896e300 R15: 0000000000022000 [ 122.078920] [ 122.079107] Modules linked in: [ 122.079371] ---[ end trace 0000000000000000 ]--- [ 122.079741] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.080112] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.081512] RSP: 0018:ffff8880143d7780 EFLAGS: 00010012 [ 122.081922] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005a42000 [ 122.082477] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 122.083026] RBP: ffff8880143d79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16540 [ 122.083584] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.084136] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.084691] FS: 00007f18b896e700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.085310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.085761] CR2: 00007f18bb50c018 CR3: 00000000443de000 CR4: 0000000000350ef0 [ 122.086313] note: syz-executor.7[3990] exited with irqs disabled [ 122.086964] note: syz-executor.7[3990] exited with preempt_count 3 09:13:49 executing program 1: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r1, &(0x7f0000000280)=[{&(0x7f0000000080)="8c", 0x1}], 0x1, 0x2400000, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 09:13:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x28, 0x0, &(0x7f0000000240)) VM DIAGNOSIS: 09:13:49 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888044633700 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880455ef988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557cd0b400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe3b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=0000000043c71000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffff81361495ffffffff812c8313 XMM01=ffffffff81363919ffffffff813638d4 XMM02=ffffffff81363d2bffffffff813639e4 XMM03=ffffffff81363ff3ffffffff81363d39 XMM04=ffffffff813640d4ffffffff81363ff3 XMM05=ffffffff81363d39ffffffff81363d2b XMM06=ffffffff813639e4ffffffff81363919 XMM07=ffffffff813638d4ffffffff81361495 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880143d7070 R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f18b896e700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f18bb50c018 CR3=00000000443de000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f18bb4df7c000007f18bb4df7c8 XMM02=00007f18bb4df7e000007f18bb4df7c0 XMM03=00007f18bb4df7c800007f18bb4df7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000