Warning: Permanently added '[localhost]:58089' (ECDSA) to the list of known hosts. 2025/08/29 11:40:59 fuzzer started 2025/08/29 11:40:59 dialing manager at localhost:43077 syzkaller login: [ 49.822729] cgroup: Unknown subsys name 'net' [ 49.888684] cgroup: Unknown subsys name 'cpuset' [ 49.909236] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:41:10 syscalls: 2214 2025/08/29 11:41:10 code coverage: enabled 2025/08/29 11:41:10 comparison tracing: enabled 2025/08/29 11:41:10 extra coverage: enabled 2025/08/29 11:41:10 setuid sandbox: enabled 2025/08/29 11:41:10 namespace sandbox: enabled 2025/08/29 11:41:10 Android sandbox: enabled 2025/08/29 11:41:10 fault injection: enabled 2025/08/29 11:41:10 leak checking: enabled 2025/08/29 11:41:10 net packet injection: enabled 2025/08/29 11:41:10 net device setup: enabled 2025/08/29 11:41:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:41:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:41:10 USB emulation: enabled 2025/08/29 11:41:10 hci packet injection: enabled 2025/08/29 11:41:10 wifi device emulation: enabled 2025/08/29 11:41:10 802.15.4 emulation: enabled 2025/08/29 11:41:10 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:41:10 fetching corpus: 50, signal 28088/31498 (executing program) 2025/08/29 11:41:10 fetching corpus: 100, signal 35145/40047 (executing program) 2025/08/29 11:41:10 fetching corpus: 150, signal 43332/49495 (executing program) 2025/08/29 11:41:10 fetching corpus: 200, signal 51505/58767 (executing program) 2025/08/29 11:41:10 fetching corpus: 250, signal 54817/63360 (executing program) 2025/08/29 11:41:10 fetching corpus: 300, signal 58016/67771 (executing program) 2025/08/29 11:41:10 fetching corpus: 350, signal 63578/74253 (executing program) 2025/08/29 11:41:10 fetching corpus: 400, signal 66860/78528 (executing program) 2025/08/29 11:41:10 fetching corpus: 450, signal 69723/82422 (executing program) 2025/08/29 11:41:11 fetching corpus: 500, signal 72456/86098 (executing program) 2025/08/29 11:41:11 fetching corpus: 550, signal 75598/90097 (executing program) 2025/08/29 11:41:11 fetching corpus: 600, signal 78494/93793 (executing program) 2025/08/29 11:41:11 fetching corpus: 650, signal 82632/98500 (executing program) 2025/08/29 11:41:11 fetching corpus: 700, signal 85125/101772 (executing program) 2025/08/29 11:41:11 fetching corpus: 750, signal 87263/104673 (executing program) 2025/08/29 11:41:11 fetching corpus: 800, signal 89021/107185 (executing program) 2025/08/29 11:41:11 fetching corpus: 850, signal 90552/109504 (executing program) 2025/08/29 11:41:11 fetching corpus: 900, signal 93116/112616 (executing program) 2025/08/29 11:41:11 fetching corpus: 950, signal 95307/115313 (executing program) 2025/08/29 11:41:11 fetching corpus: 1000, signal 97572/118105 (executing program) 2025/08/29 11:41:11 fetching corpus: 1050, signal 99058/120258 (executing program) 2025/08/29 11:41:11 fetching corpus: 1100, signal 100196/122122 (executing program) 2025/08/29 11:41:12 fetching corpus: 1150, signal 102318/124717 (executing program) 2025/08/29 11:41:12 fetching corpus: 1200, signal 104354/127177 (executing program) 2025/08/29 11:41:12 fetching corpus: 1250, signal 105432/128868 (executing program) 2025/08/29 11:41:12 fetching corpus: 1300, signal 106710/130688 (executing program) 2025/08/29 11:41:12 fetching corpus: 1350, signal 107935/132404 (executing program) 2025/08/29 11:41:12 fetching corpus: 1400, signal 109203/134133 (executing program) 2025/08/29 11:41:12 fetching corpus: 1450, signal 110462/135844 (executing program) 2025/08/29 11:41:12 fetching corpus: 1500, signal 111747/137556 (executing program) 2025/08/29 11:41:12 fetching corpus: 1550, signal 112909/139157 (executing program) 2025/08/29 11:41:12 fetching corpus: 1600, signal 114310/140942 (executing program) 2025/08/29 11:41:13 fetching corpus: 1650, signal 115795/142735 (executing program) 2025/08/29 11:41:13 fetching corpus: 1700, signal 116790/144173 (executing program) 2025/08/29 11:41:13 fetching corpus: 1750, signal 117840/145602 (executing program) 2025/08/29 11:41:13 fetching corpus: 1800, signal 118710/146858 (executing program) 2025/08/29 11:41:13 fetching corpus: 1850, signal 119667/148224 (executing program) 2025/08/29 11:41:13 fetching corpus: 1900, signal 120600/149531 (executing program) 2025/08/29 11:41:13 fetching corpus: 1950, signal 121568/150855 (executing program) 2025/08/29 11:41:13 fetching corpus: 2000, signal 122656/152206 (executing program) 2025/08/29 11:41:13 fetching corpus: 2050, signal 124094/153731 (executing program) 2025/08/29 11:41:13 fetching corpus: 2100, signal 128397/156813 (executing program) 2025/08/29 11:41:14 fetching corpus: 2150, signal 129186/157884 (executing program) 2025/08/29 11:41:14 fetching corpus: 2200, signal 129919/158944 (executing program) 2025/08/29 11:41:14 fetching corpus: 2250, signal 131077/160160 (executing program) 2025/08/29 11:41:14 fetching corpus: 2300, signal 132523/161604 (executing program) 2025/08/29 11:41:14 fetching corpus: 2350, signal 133303/162631 (executing program) 2025/08/29 11:41:14 fetching corpus: 2400, signal 134062/163575 (executing program) 2025/08/29 11:41:14 fetching corpus: 2450, signal 134647/164450 (executing program) 2025/08/29 11:41:14 fetching corpus: 2500, signal 135196/165329 (executing program) 2025/08/29 11:41:14 fetching corpus: 2550, signal 135853/166234 (executing program) 2025/08/29 11:41:14 fetching corpus: 2600, signal 136622/167127 (executing program) 2025/08/29 11:41:14 fetching corpus: 2650, signal 137800/168267 (executing program) 2025/08/29 11:41:15 fetching corpus: 2700, signal 138632/169277 (executing program) 2025/08/29 11:41:15 fetching corpus: 2750, signal 139564/170537 (executing program) 2025/08/29 11:41:15 fetching corpus: 2800, signal 140487/171485 (executing program) 2025/08/29 11:41:15 fetching corpus: 2850, signal 141083/172231 (executing program) 2025/08/29 11:41:15 fetching corpus: 2900, signal 141686/172977 (executing program) 2025/08/29 11:41:15 fetching corpus: 2950, signal 142483/173799 (executing program) 2025/08/29 11:41:15 fetching corpus: 3000, signal 143088/174538 (executing program) 2025/08/29 11:41:15 fetching corpus: 3050, signal 143798/175283 (executing program) 2025/08/29 11:41:15 fetching corpus: 3100, signal 144652/176090 (executing program) 2025/08/29 11:41:15 fetching corpus: 3150, signal 145256/176775 (executing program) 2025/08/29 11:41:15 fetching corpus: 3200, signal 146066/177523 (executing program) 2025/08/29 11:41:16 fetching corpus: 3250, signal 146938/178290 (executing program) 2025/08/29 11:41:16 fetching corpus: 3300, signal 147390/178921 (executing program) 2025/08/29 11:41:16 fetching corpus: 3350, signal 147966/179594 (executing program) 2025/08/29 11:41:16 fetching corpus: 3400, signal 148571/180218 (executing program) 2025/08/29 11:41:16 fetching corpus: 3450, signal 149029/180766 (executing program) 2025/08/29 11:41:16 fetching corpus: 3500, signal 149631/181374 (executing program) 2025/08/29 11:41:16 fetching corpus: 3550, signal 150095/181986 (executing program) 2025/08/29 11:41:16 fetching corpus: 3600, signal 150671/182569 (executing program) 2025/08/29 11:41:16 fetching corpus: 3650, signal 150955/183058 (executing program) 2025/08/29 11:41:16 fetching corpus: 3700, signal 151422/183580 (executing program) 2025/08/29 11:41:17 fetching corpus: 3750, signal 151893/184131 (executing program) 2025/08/29 11:41:17 fetching corpus: 3800, signal 152604/184722 (executing program) 2025/08/29 11:41:17 fetching corpus: 3850, signal 153047/185197 (executing program) 2025/08/29 11:41:17 fetching corpus: 3900, signal 153477/185688 (executing program) 2025/08/29 11:41:17 fetching corpus: 3950, signal 153900/186191 (executing program) 2025/08/29 11:41:17 fetching corpus: 4000, signal 154498/186680 (executing program) 2025/08/29 11:41:17 fetching corpus: 4050, signal 154788/187120 (executing program) 2025/08/29 11:41:17 fetching corpus: 4100, signal 155232/187611 (executing program) 2025/08/29 11:41:17 fetching corpus: 4150, signal 155646/188052 (executing program) 2025/08/29 11:41:17 fetching corpus: 4200, signal 156003/188477 (executing program) 2025/08/29 11:41:18 fetching corpus: 4250, signal 156394/188886 (executing program) 2025/08/29 11:41:18 fetching corpus: 4300, signal 156766/189295 (executing program) 2025/08/29 11:41:18 fetching corpus: 4350, signal 157429/189819 (executing program) 2025/08/29 11:41:18 fetching corpus: 4400, signal 158096/190218 (executing program) 2025/08/29 11:41:18 fetching corpus: 4450, signal 158844/190626 (executing program) 2025/08/29 11:41:18 fetching corpus: 4500, signal 159416/191015 (executing program) 2025/08/29 11:41:18 fetching corpus: 4550, signal 159719/191382 (executing program) 2025/08/29 11:41:18 fetching corpus: 4600, signal 160282/191752 (executing program) 2025/08/29 11:41:18 fetching corpus: 4650, signal 160696/191863 (executing program) 2025/08/29 11:41:18 fetching corpus: 4700, signal 161119/191865 (executing program) 2025/08/29 11:41:18 fetching corpus: 4750, signal 161679/191875 (executing program) 2025/08/29 11:41:18 fetching corpus: 4800, signal 161994/191897 (executing program) 2025/08/29 11:41:19 fetching corpus: 4850, signal 162430/191918 (executing program) 2025/08/29 11:41:19 fetching corpus: 4900, signal 162825/191954 (executing program) 2025/08/29 11:41:19 fetching corpus: 4950, signal 163169/191962 (executing program) 2025/08/29 11:41:19 fetching corpus: 5000, signal 163818/191993 (executing program) 2025/08/29 11:41:19 fetching corpus: 5050, signal 164124/192001 (executing program) 2025/08/29 11:41:19 fetching corpus: 5100, signal 164465/192006 (executing program) 2025/08/29 11:41:19 fetching corpus: 5150, signal 164866/192052 (executing program) 2025/08/29 11:41:19 fetching corpus: 5200, signal 165290/192074 (executing program) 2025/08/29 11:41:19 fetching corpus: 5250, signal 165643/192082 (executing program) 2025/08/29 11:41:19 fetching corpus: 5300, signal 166375/192095 (executing program) 2025/08/29 11:41:19 fetching corpus: 5350, signal 166701/192097 (executing program) 2025/08/29 11:41:20 fetching corpus: 5400, signal 167080/192116 (executing program) 2025/08/29 11:41:20 fetching corpus: 5450, signal 167469/192120 (executing program) 2025/08/29 11:41:20 fetching corpus: 5500, signal 167950/192121 (executing program) 2025/08/29 11:41:20 fetching corpus: 5550, signal 168294/192146 (executing program) 2025/08/29 11:41:20 fetching corpus: 5600, signal 168706/192154 (executing program) 2025/08/29 11:41:20 fetching corpus: 5650, signal 169157/192156 (executing program) 2025/08/29 11:41:20 fetching corpus: 5700, signal 169548/192160 (executing program) 2025/08/29 11:41:20 fetching corpus: 5750, signal 169845/192171 (executing program) 2025/08/29 11:41:20 fetching corpus: 5800, signal 170280/192174 (executing program) 2025/08/29 11:41:20 fetching corpus: 5850, signal 170578/192180 (executing program) 2025/08/29 11:41:20 fetching corpus: 5900, signal 170855/192188 (executing program) 2025/08/29 11:41:21 fetching corpus: 5950, signal 171235/192196 (executing program) 2025/08/29 11:41:21 fetching corpus: 6000, signal 171632/192214 (executing program) 2025/08/29 11:41:21 fetching corpus: 6050, signal 172015/192235 (executing program) 2025/08/29 11:41:21 fetching corpus: 6100, signal 172320/192245 (executing program) 2025/08/29 11:41:21 fetching corpus: 6150, signal 172595/192247 (executing program) 2025/08/29 11:41:21 fetching corpus: 6200, signal 172929/192248 (executing program) 2025/08/29 11:41:21 fetching corpus: 6250, signal 173455/192332 (executing program) 2025/08/29 11:41:21 fetching corpus: 6300, signal 173803/192332 (executing program) 2025/08/29 11:41:21 fetching corpus: 6350, signal 174114/192341 (executing program) 2025/08/29 11:41:21 fetching corpus: 6400, signal 174509/192348 (executing program) 2025/08/29 11:41:21 fetching corpus: 6450, signal 174919/192354 (executing program) 2025/08/29 11:41:22 fetching corpus: 6500, signal 175259/192374 (executing program) 2025/08/29 11:41:22 fetching corpus: 6550, signal 175670/192391 (executing program) 2025/08/29 11:41:22 fetching corpus: 6600, signal 175966/192396 (executing program) 2025/08/29 11:41:22 fetching corpus: 6650, signal 176482/192427 (executing program) 2025/08/29 11:41:22 fetching corpus: 6700, signal 176796/192431 (executing program) 2025/08/29 11:41:22 fetching corpus: 6750, signal 177153/192439 (executing program) 2025/08/29 11:41:22 fetching corpus: 6800, signal 177517/192439 (executing program) 2025/08/29 11:41:22 fetching corpus: 6850, signal 177866/192445 (executing program) 2025/08/29 11:41:22 fetching corpus: 6900, signal 178142/192447 (executing program) 2025/08/29 11:41:22 fetching corpus: 6950, signal 178437/192488 (executing program) 2025/08/29 11:41:23 fetching corpus: 7000, signal 178717/192510 (executing program) 2025/08/29 11:41:23 fetching corpus: 7050, signal 178948/192516 (executing program) 2025/08/29 11:41:23 fetching corpus: 7100, signal 179315/192516 (executing program) 2025/08/29 11:41:23 fetching corpus: 7150, signal 179575/192524 (executing program) 2025/08/29 11:41:23 fetching corpus: 7200, signal 179796/192527 (executing program) 2025/08/29 11:41:23 fetching corpus: 7250, signal 180143/192528 (executing program) 2025/08/29 11:41:23 fetching corpus: 7300, signal 180525/192531 (executing program) 2025/08/29 11:41:23 fetching corpus: 7350, signal 181141/192532 (executing program) 2025/08/29 11:41:23 fetching corpus: 7400, signal 181410/192533 (executing program) 2025/08/29 11:41:23 fetching corpus: 7450, signal 181744/192545 (executing program) 2025/08/29 11:41:23 fetching corpus: 7500, signal 181958/192548 (executing program) 2025/08/29 11:41:23 fetching corpus: 7550, signal 182272/192555 (executing program) 2025/08/29 11:41:24 fetching corpus: 7600, signal 182643/192556 (executing program) 2025/08/29 11:41:24 fetching corpus: 7650, signal 182930/192556 (executing program) 2025/08/29 11:41:24 fetching corpus: 7700, signal 183237/192556 (executing program) 2025/08/29 11:41:24 fetching corpus: 7750, signal 183517/192562 (executing program) 2025/08/29 11:41:24 fetching corpus: 7800, signal 183779/192584 (executing program) 2025/08/29 11:41:24 fetching corpus: 7850, signal 184071/192587 (executing program) 2025/08/29 11:41:24 fetching corpus: 7900, signal 184278/192619 (executing program) 2025/08/29 11:41:24 fetching corpus: 7950, signal 184599/192643 (executing program) 2025/08/29 11:41:24 fetching corpus: 8000, signal 184849/192700 (executing program) 2025/08/29 11:41:24 fetching corpus: 8050, signal 185143/192717 (executing program) 2025/08/29 11:41:24 fetching corpus: 8100, signal 185343/192727 (executing program) 2025/08/29 11:41:25 fetching corpus: 8150, signal 185640/192730 (executing program) 2025/08/29 11:41:25 fetching corpus: 8200, signal 185873/192739 (executing program) 2025/08/29 11:41:25 fetching corpus: 8250, signal 186148/192751 (executing program) 2025/08/29 11:41:25 fetching corpus: 8300, signal 186411/192755 (executing program) 2025/08/29 11:41:25 fetching corpus: 8350, signal 186794/192796 (executing program) 2025/08/29 11:41:25 fetching corpus: 8400, signal 187140/192826 (executing program) 2025/08/29 11:41:25 fetching corpus: 8450, signal 187407/192834 (executing program) 2025/08/29 11:41:25 fetching corpus: 8500, signal 188300/192839 (executing program) 2025/08/29 11:41:25 fetching corpus: 8550, signal 188511/192850 (executing program) 2025/08/29 11:41:25 fetching corpus: 8600, signal 188773/192878 (executing program) 2025/08/29 11:41:25 fetching corpus: 8650, signal 189028/192882 (executing program) 2025/08/29 11:41:25 fetching corpus: 8700, signal 189227/192885 (executing program) 2025/08/29 11:41:26 fetching corpus: 8750, signal 189447/192897 (executing program) 2025/08/29 11:41:26 fetching corpus: 8764, signal 189544/192900 (executing program) 2025/08/29 11:41:26 fetching corpus: 8764, signal 189544/192900 (executing program) 2025/08/29 11:41:28 starting 8 fuzzer processes 11:41:28 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0xc0189436, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x35, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 11:41:28 executing program 1: write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000015c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{0x0, 0x0, 0x6, 0xa9ca}]}, 0x78) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xaaaaaaaaaaaacd6, &(0x7f00000015c0), 0x0, &(0x7f00000001c0)=ANY=[]) 11:41:28 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 78.898242] audit: type=1400 audit(1756467688.771:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:41:28 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0xd400080b) unlink(&(0x7f0000000240)='./file0\x00') write(r0, &(0x7f0000000140)="c1", 0x1) 11:41:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGSID(r0, 0x5429, 0x0) 11:41:28 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f00000007c0)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="0000000000000000000000000000000000000000000000000000000020002000010000000000000000000000000000000000000004", 0x35, 0x540}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000012a00)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001", 0x1b, 0x4c00}, {0x0, 0x0, 0x100000000007800}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00)) 11:41:28 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg$unix(r1, &(0x7f0000003000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000003140)={0x77359400}) sendmmsg$unix(r0, &(0x7f0000000c80), 0x80000, 0x0) 11:41:28 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0xa0840, 0x0) ioctl$DVD_READ_STRUCT(r0, 0x5390, &(0x7f0000000f00)=@disckey={0x2, 0x0, "8bebf4bd0d981ee594527e0d4b735c87a5b6386f9f0314563735c9b3d86eac3c71c2e1ee2a954697af0c54c0ffabd74f34729a6d30be14beeb7a69a80cd5164515ca7b57cea743e0c30486f45fd9c379a7e4d922998dcf7155eeea1b2e4788c6e4cef77e25c7c31f98b91b11d16e6becabab46d27287fb1c3a28b533021a831191a0231fff5b4ed7acfa3023cfc103dc51980fc3037797befb3cd4bd2b4560fce6dfdeb7871fc2abd5594d18d30c0a42fadcdc08c6ece646dc019802498426147aa7fdfe7887056db1c2f619ea143d74589cd1a02208a51223ae05a9e17fa5693f04e272b3c03739b3ebd5987a28504180be07aa84877d4f446146b4342a96127bac14279e1543163f96e882730f45e8d07167b44752fb1ad83486fd2dab1a0b7fea8e25b04d39e01c3b0cbc0ae3884c71997fe42b30c06c5f10891c4ff440e67977a5fc412bec2fe6a2199749f6f99c91ada2f7e319ae415fee0e7211c7618c5d4cf45de3e66721efda3a5d53aa649a33923ef36aa698b2bc71f2d6934b6c3cff21985e8a66540f8e60aa87191714f254652c41cc3c464072072ff70197d8a20c332ad8a21156a9fe150affb02cc509f266dbf4bf30aa1c6dc1e20046a8635fccf0307e43a4fb4fc6294d4157d3a42059d3d2ccb6232dbbbe511a7101402c5b0bc7c57849e4db8b6e79345262044253d923a29caac4f1da3154378da370c3d3fb557144c891f43f473b5a150cc1757a125b1c319236ba72777d7b793ac52e53b7cf42cfbb3d7f22beb2eb4b45027c8493eee02ef1656d28170aa275917518b17c4358fc551711e4bd7f4052abf9695cde149e712997114cd86a2eccaf49998587856ab09001fe4293defc5ae66e4f074296bc9360f83c9e56b88e12cbffe7d55d14816989b03d48bf1032f1816b9ba1af9a8ec91d9e244089f808b75d305d29bccfbdfbe80f1c0a45f8fb8fd0c4118086e556c3657182ab97e831384638f2a9d8eae500bc835043d589d2b36eb1950e0a13c3a3063ec135787c5c4f5bdae435c07df3d12805fbd9b5ee74e933051c7df31a8ac9efe0a3d7c742376097c2012832b8da2abc6d6fc6347e6c0b99adb3beb0d85d3831afd7d140e03ea39a32d6f022105a95b997a46c356e97658e783a87f0886f65d76150a2d0c35ccccbeb6cbc88756193ef289f2113eca21d9de2b6987084eddc84d36656450333747c410ce508f23b3d866cad51e2c1eca1dcf4326af6ee39b2038b1bd77719dc29050179cef1d1bc6ce19ad958da637598f5544c586edcf9ac9a491d9d59482c82e5c25115195497d0f509cd0ae3a38f52ad56cceed75fc7a01497517cf8546b0c5732506fcc7b4339aacd927186d14684e3aad3263c17dd4fa654360cb5c76066ffdbee942fa3724d095a4e4f952304766770cd399bedbebf0d6e466de0e5e675810ba728b11df32cda4689a1edd242e88c5cccf38f0dad9a5b6689dd88167eb2b3fd0c7fafe157a1dd2dfe9dfa8e2295773e522fc4f4dd11b9e65362bd4fdf98a6bbd3454fb600b849b3ecbe1c0415bed10d3e45e02b120c58e003d0754a7a468d61b6b2eee1c9b56d7812ae91a0193f36f2bb1f412524cd7341df25ce5d3a27660b48e93939bdf5f082aeda8a6265212c82850cbdd2ffadd14fc2f0637cd8070e0e05c99bc7d84ec4ab2ddb1c9a9bd77b4f1f2f29b8c6c0680655a67511703f9b47dc5473411057a213dae45af4ae517ba6399305880ea431e66ce92a14e41184ca80313abd8067ffe49df51de8b8e2d19a7d9d2fbe6d8fec2e9bd7489eda61a6c599890959e8a7cf2a788b65dc74b73a928b2e0e07e1599e5df1218a1f0a88217e06a4dd740e691dabaa5f665bcaed64480c179373845ddf9e62771a57de7d705c7313adb7c50516b4bf08513139129ec238c760d97ff099ec8bb4015365ad80d23670fdbb55cf7ac8a7374ee15514f44020678b4c1afa65454a538ecf43b4720de2dd309bbbdd6517ad149366c2c99fa1923972a99e955640257e9de62f310d983e0e821e66eed67070d5dd069976eac4a6754d88a35c212a0173df4f0e18188834272264f54c2d1657376762b24c34ceb2d243adf413e3beea51fe361eb453f4742b64c2f5f03e0a3f464ca0adda66d122ee0d346a1ab01d81f63e496a9ea423b096f1c68f6298ba397e7bd8f088b873b371e9d0f9fc3e20a671e0d0e9cbe98b0158a951408b2631cf78f3d0a4ed32f4a442bcbbc3b4bd53b85f26c7c1c9c952dd3bba05c18db82deef89a1ece45ed3d950f006b77d3745d21a0ee37a7ba1e45ebeae454065936238d7886433bf1094cc5c57eaa55b03603a52f4dcd94091100c0cf48e3edf72863e245e2b165bbf2c43da6d20dac74c3b97a6a6473ff688473e6e2ef7362e84943fe4183b3a4003e4bde1f39952bbecfd940e520574c27d7a0779457163e11d534d89313f98f450ad4a8764d4632698e0c3c2695a28919577db7ec0b01a3e496919874b464584b37d80131fe6470c73f01fba3c225a7bbe86c9abdb6e6822ec6def89e90d921e6edc352d94eb786f769ee61ae8feb178ccf94c827b2f9289c0f180500668f226471231e07e1b8f67272921af98cd7e228b7b225dfff3c23c3995b49d547dfa9936446ef0cfa2895aebc54053796747f740a87c79f68e91347fdede8877d62eee24da974faf1c6ada4b62845189790cb5c7010f1a3398c13735ce0620c8a18bbf8521d185443cc41cd968adbfd9cc02ed51766d8ea5e9712c32883c2cb9c9d869d2bbd3a47bb6e63fcd4d5f70095e86025d274bcdbda8e64a58676118fc6756b4068f70803e17211a3562087676257ad0152ecb2d811082398803b21d08c576b29baeab62a95aa97f925bb10365be49565e476e784"}) [ 80.055827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.058124] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.061224] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.066639] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.070054] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.120327] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.124432] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.126165] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.129493] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.131718] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.242272] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.245038] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.247146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.256327] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.259101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.311603] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.322027] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.323846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.324747] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.327456] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.337499] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.339022] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.341269] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.344467] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.346524] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.353932] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.361670] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.368952] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.375844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.382331] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.394366] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.408103] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.409395] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.412175] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.413409] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.426248] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.434023] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.440136] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.446908] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.468402] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.091272] Bluetooth: hci0: command tx timeout [ 82.154847] Bluetooth: hci1: command tx timeout [ 82.347400] Bluetooth: hci2: command tx timeout [ 82.412823] Bluetooth: hci3: command tx timeout [ 82.413549] Bluetooth: hci5: command tx timeout [ 82.475337] Bluetooth: hci4: command tx timeout [ 82.538211] Bluetooth: hci6: command tx timeout [ 82.539015] Bluetooth: hci7: command tx timeout [ 84.138947] Bluetooth: hci0: command tx timeout [ 84.201876] Bluetooth: hci1: command tx timeout [ 84.393842] Bluetooth: hci2: command tx timeout [ 84.457819] Bluetooth: hci5: command tx timeout [ 84.458234] Bluetooth: hci3: command tx timeout [ 84.521837] Bluetooth: hci4: command tx timeout [ 84.585827] Bluetooth: hci6: command tx timeout [ 84.586227] Bluetooth: hci7: command tx timeout [ 86.185944] Bluetooth: hci0: command tx timeout [ 86.249822] Bluetooth: hci1: command tx timeout [ 86.441830] Bluetooth: hci2: command tx timeout [ 86.506800] Bluetooth: hci5: command tx timeout [ 86.507252] Bluetooth: hci3: command tx timeout [ 86.569922] Bluetooth: hci4: command tx timeout [ 86.633862] Bluetooth: hci7: command tx timeout [ 86.634311] Bluetooth: hci6: command tx timeout [ 88.234273] Bluetooth: hci0: command tx timeout [ 88.297824] Bluetooth: hci1: command tx timeout [ 88.490246] Bluetooth: hci2: command tx timeout [ 88.553813] Bluetooth: hci3: command tx timeout [ 88.554218] Bluetooth: hci5: command tx timeout [ 88.617900] Bluetooth: hci4: command tx timeout [ 88.681913] Bluetooth: hci6: command tx timeout [ 88.682318] Bluetooth: hci7: command tx timeout [ 117.078045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.078705] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.256804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.257409] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.707008] audit: type=1400 audit(1756467727.576:8): avc: denied { watch_reads } for pid=3739 comm="syz-executor.4" path="/syzkaller-testdir043310866/syzkaller.1O1X5c/0/file0" dev="sda" ino=15975 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 11:42:07 executing program 4: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mkdirat(r0, &(0x7f0000000100)='./file0\x00', 0x0) 11:42:07 executing program 4: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000040), &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='r', 0x1, r1) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r4) keyctl$chown(0x4, r2, 0x0, 0xee00) [ 118.023870] audit: type=1400 audit(1756467727.895:9): avc: denied { open } for pid=3773 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.031865] audit: type=1400 audit(1756467727.896:10): avc: denied { kernel } for pid=3773 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:42:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) [ 118.205858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.206464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.354593] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.355705] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.475474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.476124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.636220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.636860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.684146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.684795] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:42:08 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 118.758913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.759488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:42:08 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 118.926487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.927405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:42:08 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:42:08 executing program 2: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02"], 0x3) [ 119.036066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.036615] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.072826] Bluetooth: hci2: ACL packet too small [ 119.076467] Bluetooth: hci2: ACL packet too small 11:42:08 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000059c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)='c', 0x1}], 0x1}}], 0x1, 0x0) recvfrom$unix(r1, 0x0, 0xf0ffffff7f0000, 0x0, 0x0, 0x0) [ 119.223819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.224446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.287248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.288063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.325724] loop7: detected capacity change from 0 to 264192 [ 119.349559] EXT4-fs warning (device loop7): ext4_enable_quotas:7174: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 119.355183] EXT4-fs (loop7): mount failed [ 119.371711] loop7: detected capacity change from 0 to 264192 [ 119.388958] EXT4-fs warning (device loop7): ext4_enable_quotas:7174: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 119.393047] EXT4-fs (loop7): mount failed [ 119.522300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.522936] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.590095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.590675] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.728190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.728843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.776055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.776674] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.185037] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. 11:42:10 executing program 0: r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(r0, &(0x7f0000ffc000/0x1000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) 11:42:10 executing program 3: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x2c, 0x0, @private2, @local, {[], {{0x2c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 11:42:10 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000059c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)='c', 0x1}], 0x1}}], 0x1, 0x0) recvfrom$unix(r1, 0x0, 0xf0ffffff7f0000, 0x0, 0x0, 0x0) 11:42:10 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg$unix(r1, &(0x7f0000003000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000003140)={0x77359400}) sendmmsg$unix(r0, &(0x7f0000000c80), 0x80000, 0x0) 11:42:10 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f00000007c0)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="0000000000000000000000000000000000000000000000000000000020002000010000000000000000000000000000000000000004", 0x35, 0x540}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000012a00)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001", 0x1b, 0x4c00}, {0x0, 0x0, 0x100000000007800}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00)) 11:42:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 11:42:10 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x1, 0x4, 0x801}, 0x14}}, 0x0) 11:42:10 executing program 1: write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000015c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{0x0, 0x0, 0x6, 0xa9ca}]}, 0x78) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xaaaaaaaaaaaacd6, &(0x7f00000015c0), 0x0, &(0x7f00000001c0)=ANY=[]) [ 120.742499] loop7: detected capacity change from 0 to 264192 [ 120.759506] mmap: syz-executor.0 (3937) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. 11:42:10 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 120.784048] EXT4-fs warning (device loop7): ext4_enable_quotas:7174: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 120.789071] EXT4-fs (loop7): mount failed 11:42:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 11:42:10 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000059c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)='c', 0x1}], 0x1}}], 0x1, 0x0) recvfrom$unix(r1, 0x0, 0xf0ffffff7f0000, 0x0, 0x0, 0x0) 11:42:11 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) close(r0) 11:42:11 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x1, 0x4, 0x801}, 0x14}}, 0x0) 11:42:11 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 11:42:11 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001940), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000004840)={0x0, 0x0, &(0x7f0000004800)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f3d60000000000000000060000002a00070073797374656d5f753a6f626a6563745f723a7373685f610400eeb12093e2f637ed3f20733000000008000500ac141401080004"], 0x50}}, 0x0) 11:42:11 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f00000007c0)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="0000000000000000000000000000000000000000000000000000000020002000010000000000000000000000000000000000000004", 0x35, 0x540}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000012a00)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001", 0x1b, 0x4c00}, {0x0, 0x0, 0x100000000007800}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00)) 11:42:11 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg$unix(r1, &(0x7f0000003000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000003140)={0x77359400}) sendmmsg$unix(r0, &(0x7f0000000c80), 0x80000, 0x0) 11:42:11 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000059c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)='c', 0x1}], 0x1}}], 0x1, 0x0) recvfrom$unix(r1, 0x0, 0xf0ffffff7f0000, 0x0, 0x0, 0x0) 11:42:11 executing program 1: write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000015c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{0x0, 0x0, 0x6, 0xa9ca}]}, 0x78) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xaaaaaaaaaaaacd6, &(0x7f00000015c0), 0x0, &(0x7f00000001c0)=ANY=[]) [ 121.663937] loop7: detected capacity change from 0 to 264192 [ 121.681170] kmemleak: Found object by alias at 0x607f1a639850 [ 121.681186] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.681204] Tainted: [W]=WARN [ 121.681208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.681215] Call Trace: [ 121.681219] [ 121.681223] dump_stack_lvl+0xca/0x120 [ 121.681250] __lookup_object+0x94/0xb0 [ 121.681267] delete_object_full+0x27/0x70 [ 121.681283] free_percpu+0x30/0x1160 [ 121.681300] ? arch_uprobe_clear_state+0x16/0x140 [ 121.681319] futex_hash_free+0x38/0xc0 [ 121.681334] mmput+0x2d3/0x390 [ 121.681352] do_exit+0x79d/0x2970 [ 121.681366] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.681387] ? zap_other_threads+0x2b9/0x3a0 [ 121.681404] ? __pfx_do_exit+0x10/0x10 [ 121.681416] ? do_group_exit+0x1c3/0x2a0 [ 121.681430] ? _raw_spin_unlock_irq+0x23/0x40 [ 121.681448] do_group_exit+0xd3/0x2a0 [ 121.681462] __x64_sys_exit_group+0x3e/0x50 [ 121.681476] x64_sys_call+0x18c5/0x18d0 [ 121.681491] do_syscall_64+0xbf/0x360 [ 121.681502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.681514] RIP: 0033:0x7f56ecae0b19 [ 121.681522] Code: Unable to access opcode bytes at 0x7f56ecae0aef. [ 121.681528] RSP: 002b:00007ffcf6107d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 121.681539] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f56ecae0b19 [ 121.681547] RDX: 00007f56eca9372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 121.681554] RBP: 0000000000000000 R08: 0000001b2d222d40 R09: 0000000000000000 [ 121.681561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.681568] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcf6107e40 [ 121.681588] [ 121.681592] kmemleak: Object (percpu) 0x607f1a639848 (size 16): [ 121.681599] kmemleak: comm "syz-executor.0", pid 277, jiffies 4294788199 [ 121.681606] kmemleak: min_count = 1 [ 121.681610] kmemleak: count = 0 [ 121.681614] kmemleak: flags = 0x21 [ 121.681617] kmemleak: checksum = 0 [ 121.681621] kmemleak: backtrace: [ 121.681625] pcpu_alloc_noprof+0x87a/0x1170 [ 121.681639] mm_init+0x99b/0x1170 [ 121.681647] copy_process+0x3ab7/0x73c0 [ 121.681657] kernel_clone+0xea/0x7f0 [ 121.681667] __do_sys_clone+0xce/0x120 [ 121.681677] do_syscall_64+0xbf/0x360 [ 121.681685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.691090] kmemleak: Cannot insert 0x607f1a639850 into the object search tree (overlaps existing) [ 121.691117] CPU: 1 UID: 0 PID: 3957 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.691152] Tainted: [W]=WARN [ 121.691160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.691172] Call Trace: [ 121.691179] [ 121.691187] dump_stack_lvl+0xca/0x120 [ 121.691224] __link_object+0x190/0x210 [ 121.691256] __create_object+0x48/0x80 [ 121.691310] pcpu_alloc_noprof+0x87a/0x1170 [ 121.691356] __percpu_counter_init_many+0x44/0x360 [ 121.691391] ext4_fill_super+0x8755/0xba20 [ 121.691451] ? __pfx_ext4_fill_super+0x10/0x10 [ 121.691486] ? find_held_lock+0x2b/0x80 [ 121.691520] ? setup_bdev_super+0x2ed/0x6e0 [ 121.691554] ? set_blocksize+0x1b4/0x470 [ 121.691576] ? lock_release+0xc8/0x290 [ 121.691605] ? sb_set_blocksize+0x177/0x1c0 [ 121.691628] ? setup_bdev_super+0x31f/0x6e0 [ 121.691666] get_tree_bdev_flags+0x38a/0x620 [ 121.691688] ? __pfx_ext4_fill_super+0x10/0x10 [ 121.691723] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 121.691747] ? cap_capable+0xdb/0x3b0 [ 121.691786] ? security_capable+0x2f/0x90 [ 121.691823] vfs_get_tree+0x93/0x340 [ 121.691858] path_mount+0x132d/0x1dd0 [ 121.691886] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.691912] ? __pfx_path_mount+0x10/0x10 [ 121.691938] ? kmem_cache_free+0x2a1/0x540 [ 121.691959] ? putname.part.0+0x11b/0x160 [ 121.691991] ? getname_flags.part.0+0x1c6/0x540 [ 121.692027] ? putname.part.0+0x11b/0x160 [ 121.692062] __x64_sys_mount+0x27b/0x300 [ 121.692089] ? __pfx___x64_sys_mount+0x10/0x10 [ 121.692126] do_syscall_64+0xbf/0x360 [ 121.692148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.692171] RIP: 0033:0x7f5993fe104a [ 121.692188] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.692210] RSP: 002b:00007f5991554fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 121.692232] RAX: ffffffffffffffda RBX: 00000000200007c0 RCX: 00007f5993fe104a [ 121.692248] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5991555000 [ 121.692262] RBP: 00007f5991555040 R08: 00007f5991555040 R09: 0000000020000000 [ 121.692280] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 121.692299] R13: 0000000020000100 R14: 00007f5991555000 R15: 0000000020014a00 [ 121.692334] [ 121.692883] kmemleak: Kernel memory leak detector disabled [ 121.692891] kmemleak: Object (percpu) 0x607f1a639848 (size 16): [ 121.692905] kmemleak: comm "syz-executor.0", pid 277, jiffies 4294788199 [ 121.692919] kmemleak: min_count = 1 [ 121.692927] kmemleak: count = 0 [ 121.692934] kmemleak: flags = 0x21 [ 121.692942] kmemleak: checksum = 0 [ 121.692949] kmemleak: backtrace: [ 121.692955] pcpu_alloc_noprof+0x87a/0x1170 [ 121.692986] mm_init+0x99b/0x1170 [ 121.693002] copy_process+0x3ab7/0x73c0 [ 121.693022] kernel_clone+0xea/0x7f0 [ 121.693042] __do_sys_clone+0xce/0x120 [ 121.693063] do_syscall_64+0xbf/0x360 [ 121.693080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.721968] EXT4-fs warning (device loop7): ext4_enable_quotas:7174: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 121.727629] kmemleak: Found object by alias at 0x607f1a639850 [ 121.727653] CPU: 1 UID: 0 PID: 3957 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.727689] Tainted: [W]=WARN [ 121.727696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.727708] Call Trace: [ 121.727716] [ 121.727724] dump_stack_lvl+0xca/0x120 [ 121.727770] __lookup_object+0x94/0xb0 [ 121.727800] delete_object_full+0x27/0x70 [ 121.727832] free_percpu+0x30/0x1160 [ 121.727870] percpu_counter_destroy_many+0x188/0x2b0 [ 121.727904] ext4_percpu_param_destroy+0x1a/0x70 [ 121.727936] ext4_fill_super+0x87c6/0xba20 [ 121.727995] ? __pfx_ext4_fill_super+0x10/0x10 [ 121.728029] ? find_held_lock+0x2b/0x80 [ 121.728062] ? setup_bdev_super+0x2ed/0x6e0 [ 121.728096] ? set_blocksize+0x1b4/0x470 [ 121.728116] ? lock_release+0xc8/0x290 [ 121.728144] ? sb_set_blocksize+0x177/0x1c0 [ 121.728167] ? setup_bdev_super+0x31f/0x6e0 [ 121.728206] get_tree_bdev_flags+0x38a/0x620 [ 121.728228] ? __pfx_ext4_fill_super+0x10/0x10 [ 121.728263] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 121.728287] ? cap_capable+0xdb/0x3b0 [ 121.728320] ? security_capable+0x2f/0x90 [ 121.728351] vfs_get_tree+0x93/0x340 [ 121.728385] path_mount+0x132d/0x1dd0 [ 121.728412] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.728451] ? __pfx_path_mount+0x10/0x10 [ 121.728477] ? kmem_cache_free+0x2a1/0x540 [ 121.728497] ? putname.part.0+0x11b/0x160 [ 121.728529] ? getname_flags.part.0+0x1c6/0x540 [ 121.728565] ? putname.part.0+0x11b/0x160 [ 121.728600] __x64_sys_mount+0x27b/0x300 [ 121.728627] ? __pfx___x64_sys_mount+0x10/0x10 [ 121.728664] do_syscall_64+0xbf/0x360 [ 121.728686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.728709] RIP: 0033:0x7f5993fe104a [ 121.728727] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.728748] RSP: 002b:00007f5991554fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 121.728770] RAX: ffffffffffffffda RBX: 00000000200007c0 RCX: 00007f5993fe104a [ 121.728786] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5991555000 [ 121.728800] RBP: 00007f5991555040 R08: 00007f5991555040 R09: 0000000020000000 [ 121.728815] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 121.728829] R13: 0000000020000100 R14: 00007f5991555000 R15: 0000000020014a00 [ 121.728861] [ 121.728869] kmemleak: Object (percpu) 0x607f1a639848 (size 16): [ 121.728882] kmemleak: comm "syz-executor.0", pid 277, jiffies 4294788199 [ 121.728896] kmemleak: min_count = 1 [ 121.728904] kmemleak: count = 0 [ 121.728911] kmemleak: flags = 0x21 [ 121.728919] kmemleak: checksum = 0 [ 121.728926] kmemleak: backtrace: [ 121.728932] pcpu_alloc_noprof+0x87a/0x1170 [ 121.728962] mm_init+0x99b/0x1170 [ 121.728979] copy_process+0x3ab7/0x73c0 [ 121.728999] kernel_clone+0xea/0x7f0 [ 121.729019] __do_sys_clone+0xce/0x120 [ 121.729040] do_syscall_64+0xbf/0x360 [ 121.729057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.772315] kmemleak: Found object by alias at 0x607f1a639854 [ 121.772338] CPU: 1 UID: 0 PID: 3957 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.772371] Tainted: [W]=WARN [ 121.772377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.772389] Call Trace: [ 121.772395] [ 121.772403] dump_stack_lvl+0xca/0x120 [ 121.772454] __lookup_object+0x94/0xb0 [ 121.772482] delete_object_full+0x27/0x70 [ 121.772512] free_percpu+0x30/0x1160 [ 121.772548] percpu_counter_destroy_many+0x188/0x2b0 [ 121.772581] ext4_percpu_param_destroy+0x2b/0x70 [ 121.772610] ext4_fill_super+0x87c6/0xba20 [ 121.772667] ? __pfx_ext4_fill_super+0x10/0x10 [ 121.772699] ? find_held_lock+0x2b/0x80 [ 121.772731] ? setup_bdev_super+0x2ed/0x6e0 [ 121.772769] ? set_blocksize+0x1b4/0x470 [ 121.772789] ? lock_release+0xc8/0x290 [ 121.772816] ? sb_set_blocksize+0x177/0x1c0 [ 121.772838] ? setup_bdev_super+0x31f/0x6e0 [ 121.772875] get_tree_bdev_flags+0x38a/0x620 [ 121.772896] ? __pfx_ext4_fill_super+0x10/0x10 [ 121.772930] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 121.772954] ? cap_capable+0xdb/0x3b0 [ 121.772986] ? security_capable+0x2f/0x90 [ 121.773017] vfs_get_tree+0x93/0x340 [ 121.773050] path_mount+0x132d/0x1dd0 [ 121.773076] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.773102] ? __pfx_path_mount+0x10/0x10 [ 121.773127] ? kmem_cache_free+0x2a1/0x540 [ 121.773147] ? putname.part.0+0x11b/0x160 [ 121.773177] ? getname_flags.part.0+0x1c6/0x540 [ 121.773212] ? putname.part.0+0x11b/0x160 [ 121.773246] __x64_sys_mount+0x27b/0x300 [ 121.773272] ? __pfx___x64_sys_mount+0x10/0x10 [ 121.773309] do_syscall_64+0xbf/0x360 [ 121.773330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.773352] RIP: 0033:0x7f5993fe104a [ 121.773369] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.773390] RSP: 002b:00007f5991554fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 121.773412] RAX: ffffffffffffffda RBX: 00000000200007c0 RCX: 00007f5993fe104a [ 121.773426] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5991555000 [ 121.773440] RBP: 00007f5991555040 R08: 00007f5991555040 R09: 0000000020000000 [ 121.773454] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 121.773467] R13: 0000000020000100 R14: 00007f5991555000 R15: 0000000020014a00 [ 121.773499] [ 121.773506] kmemleak: Object (percpu) 0x607f1a639848 (size 16): [ 121.773519] kmemleak: comm "syz-executor.0", pid 277, jiffies 4294788199 [ 121.773533] kmemleak: min_count = 1 [ 121.773540] kmemleak: count = 0 [ 121.773547] kmemleak: flags = 0x21 [ 121.773555] kmemleak: checksum = 0 [ 121.773562] kmemleak: backtrace: [ 121.773567] pcpu_alloc_noprof+0x87a/0x1170 [ 121.773596] mm_init+0x99b/0x1170 [ 121.773612] copy_process+0x3ab7/0x73c0 [ 121.773632] kernel_clone+0xea/0x7f0 [ 121.773651] __do_sys_clone+0xce/0x120 [ 121.773671] do_syscall_64+0xbf/0x360 [ 121.773688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.818813] kmemleak: Found object by alias at 0x607f1a63984c [ 121.818824] CPU: 0 UID: 0 PID: 3963 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.818841] Tainted: [W]=WARN [ 121.818845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.818851] Call Trace: [ 121.818854] [ 121.818858] dump_stack_lvl+0xca/0x120 [ 121.818876] __lookup_object+0x94/0xb0 [ 121.818890] delete_object_full+0x27/0x70 [ 121.818905] free_percpu+0x30/0x1160 [ 121.818919] ? arch_uprobe_clear_state+0x16/0x140 [ 121.818939] futex_hash_free+0x38/0xc0 [ 121.818952] mmput+0x2d3/0x390 [ 121.818969] do_exit+0x79d/0x2970 [ 121.818983] ? lock_release+0xc8/0x290 [ 121.818998] ? __pfx_do_exit+0x10/0x10 [ 121.819011] ? find_held_lock+0x2b/0x80 [ 121.819027] ? get_signal+0x835/0x2340 [ 121.819047] do_group_exit+0xd3/0x2a0 [ 121.819062] get_signal+0x2315/0x2340 [ 121.819084] ? __pfx_get_signal+0x10/0x10 [ 121.819099] ? do_futex+0x135/0x370 [ 121.819113] ? __pfx_do_futex+0x10/0x10 [ 121.819128] arch_do_signal_or_restart+0x80/0x790 [ 121.819145] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 121.819161] ? __x64_sys_futex+0x1c9/0x4d0 [ 121.819173] ? __x64_sys_futex+0x1d2/0x4d0 [ 121.819186] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.819205] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.819223] exit_to_user_mode_loop+0x8b/0x110 [ 121.819236] do_syscall_64+0x2f7/0x360 [ 121.819247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.819258] RIP: 0033:0x7f3e6d62fb19 [ 121.819266] Code: Unable to access opcode bytes at 0x7f3e6d62faef. [ 121.819271] RSP: 002b:00007f3e6aba5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.819281] RAX: fffffffffffffe00 RBX: 00007f3e6d742f68 RCX: 00007f3e6d62fb19 [ 121.819289] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3e6d742f68 [ 121.819295] RBP: 00007f3e6d742f60 R08: 0000000000000000 R09: 0000000000000000 [ 121.819302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e6d742f6c [ 121.819309] R13: 00007ffcec2e079f R14: 00007f3e6aba5300 R15: 0000000000022000 [ 121.819324] [ 121.819328] kmemleak: Object (percpu) 0x607f1a639848 (size 16): [ 121.819334] kmemleak: comm "syz-executor.0", pid 277, jiffies 4294788199 [ 121.819341] kmemleak: min_count = 1 [ 121.819344] kmemleak: count = 0 [ 121.819348] kmemleak: flags = 0x21 [ 121.819351] kmemleak: checksum = 0 [ 121.819355] kmemleak: backtrace: [ 121.819358] pcpu_alloc_noprof+0x87a/0x1170 [ 121.819372] mm_init+0x99b/0x1170 [ 121.819380] copy_process+0x3ab7/0x73c0 [ 121.819390] kernel_clone+0xea/0x7f0 [ 121.819399] __do_sys_clone+0xce/0x120 [ 121.819409] do_syscall_64+0xbf/0x360 [ 121.819417] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:42:11 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 11:42:11 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x1, 0x4, 0x801}, 0x14}}, 0x0) 11:42:11 executing program 4: pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0xfffffffffffffffd}) 11:42:11 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001940), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000004840)={0x0, 0x0, &(0x7f0000004800)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f3d60000000000000000060000002a00070073797374656d5f753a6f626a6563745f723a7373685f610400eeb12093e2f637ed3f20733000000008000500ac141401080004"], 0x50}}, 0x0) [ 121.919294] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000031: 0000 [#1] SMP KASAN NOPTI [ 121.921326] KASAN: probably user-memory-access in range [0x0000000100000188-0x000000010000018f] [ 121.922920] CPU: 1 UID: 0 PID: 3976 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.927964] Tainted: [W]=WARN [ 121.928544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.930003] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.930857] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.934064] RSP: 0018:ffff888047c077c0 EFLAGS: 00010013 [ 121.935022] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 121.936288] RDX: ffff8880146c9b80 RSI: ffffffff818995b7 RDI: 000000010000018f [ 121.937564] RBP: ffff888047c07a30 R08: ffff88806cf31340 R09: ffffe8ffffd16850 [ 121.938821] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.940083] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.941346] FS: 00007fc6d79bc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.942789] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.943815] CR2: 00007fbabdb46f40 CR3: 00000000456ba000 CR4: 0000000000350ef0 [ 121.945117] Call Trace: [ 121.945585] [ 121.946009] ? __pfx_perf_tp_event+0x10/0x10 [ 121.946805] ? lock_acquire+0x15e/0x2f0 [ 121.947530] ? find_held_lock+0x2b/0x80 [ 121.948256] ? finish_task_switch.isra.0+0x201/0x840 [ 121.949236] ? lock_release+0xc8/0x290 [ 121.949927] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.950833] ? finish_task_switch.isra.0+0x206/0x840 [ 121.951726] ? __lock_acquire+0xc65/0x1b70 [ 121.952493] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.953312] perf_trace_run_bpf_submit+0xef/0x180 [ 121.954055] perf_trace_preemptirq_template+0x259/0x430 [ 121.954869] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.955763] ? __pfx_sched_mm_cid_before_execve+0x10/0x10 [ 121.956622] ? do_exit+0x2db/0x2970 [ 121.957193] ? find_held_lock+0x2b/0x80 [ 121.957816] ? acct_update_integrals+0x296/0x430 [ 121.958537] trace_irq_disable.constprop.0+0xa6/0x100 [ 121.959321] acct_update_integrals+0x296/0x430 [ 121.960015] ? rcu_read_lock_any_held+0x79/0xa0 [ 121.960761] do_exit+0x2eb/0x2970 [ 121.961307] ? lock_release+0xc8/0x290 [ 121.961912] ? __pfx_do_exit+0x10/0x10 [ 121.962516] ? find_held_lock+0x2b/0x80 [ 121.963139] ? get_signal+0x835/0x2340 [ 121.963746] do_group_exit+0xd3/0x2a0 [ 121.964337] get_signal+0x2315/0x2340 [ 121.964937] ? __pfx_get_signal+0x10/0x10 [ 121.965582] ? do_futex+0x135/0x370 [ 121.966148] ? __pfx_do_futex+0x10/0x10 [ 121.966763] arch_do_signal_or_restart+0x80/0x790 [ 121.967506] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 121.968335] ? __x64_sys_futex+0x1c9/0x4d0 [ 121.968983] ? __x64_sys_futex+0x1d2/0x4d0 [ 121.969632] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.970533] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.971244] exit_to_user_mode_loop+0x8b/0x110 [ 121.971947] do_syscall_64+0x2f7/0x360 [ 121.972551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.973337] RIP: 0033:0x7fc6da467b19 [ 121.973900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.976624] RSP: 002b:00007fc6d79bc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.977770] RAX: fffffffffffffe00 RBX: 00007fc6da57b028 RCX: 00007fc6da467b19 [ 121.978839] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc6da57b028 [ 121.979915] RBP: 00007fc6da57b020 R08: 0000000000000000 R09: 0000000000000000 [ 121.980986] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6da57b02c [ 121.982054] R13: 00007ffccf0730ef R14: 00007fc6d79bc300 R15: 0000000000022000 [ 121.983124] [ 121.983487] Modules linked in: [ 121.983985] ---[ end trace 0000000000000000 ]--- [ 121.983986] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000031: 0000 [#2] SMP KASAN NOPTI [ 121.984698] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.985504] KASAN: probably user-memory-access in range [0x0000000100000188-0x000000010000018f] [ 121.986187] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.986809] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.989486] RSP: 0018:ffff888047c077c0 EFLAGS: 00010013 [ 121.990336] Tainted: [D]=DIE, [W]=WARN [ 121.990342] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 121.990743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.991314] RDX: ffff8880146c9b80 RSI: ffffffff818995b7 RDI: 000000010000018f [ 121.991860] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.993091] RBP: ffff888047c07a30 R08: ffff88806cf31340 R09: ffffe8ffffd16850 [ 121.993633] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.994331] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.994873] RSP: 0018:ffff888047b7f7c0 EFLAGS: 00010013 [ 121.997580] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.998124] [ 121.998128] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 121.998908] FS: 00007fc6d79bc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.999448] RDX: ffff888015f3d280 RSI: ffffffff818995b7 RDI: 000000010000018f [ 121.999710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.000251] RBP: ffff888047b7fa30 R08: ffff88806ce31340 R09: ffffe8ffffc16850 [ 122.001456] CR2: 00007fbabdb46f40 CR3: 00000000456ba000 CR4: 0000000000350ef0 [ 122.001998] R10: 0000000000000000 R11: 1ffff1100d9c6f7b R12: dffffc0000000000 [ 122.002863] note: syz-executor.0[3976] exited with irqs disabled [ 122.003401] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.006017] FS: 00007fc6d79dd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 122.006638] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.007090] CR2: 000000002002a010 CR3: 00000000456ba000 CR4: 0000000000350ef0 [ 122.007643] Call Trace: [ 122.007848] [ 122.008026] ? do_raw_spin_lock+0x123/0x260 [ 122.008371] ? __pfx_perf_tp_event+0x10/0x10 [ 122.008730] ? __perf_event_task_sched_in+0x235/0x5e0 [ 122.009133] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 122.009559] ? lock_is_held_type+0x9e/0x120 [ 122.009905] ? lock_acquire+0x18c/0x2f0 [ 122.010220] ? xfd_validate_state+0x55/0x180 [ 122.010575] ? lock_release+0x1c7/0x290 [ 122.010892] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.011302] ? finish_task_switch.isra.0+0x206/0x840 [ 122.011705] ? trace_sched_exit_tp+0xbf/0x100 [ 122.012062] ? __schedule+0xe91/0x3590 [ 122.012375] ? __pfx___schedule+0x10/0x10 [ 122.012712] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.013106] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.013475] perf_trace_run_bpf_submit+0xef/0x180 [ 122.013858] perf_trace_preemptirq_template+0x259/0x430 [ 122.014280] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.014741] ? __pfx_sched_mm_cid_before_execve+0x10/0x10 [ 122.015175] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.015544] ? lock_acquire+0x18c/0x2f0 [ 122.015859] ? lock_acquire+0x18c/0x2f0 [ 122.016174] ? acct_update_integrals+0x296/0x430 [ 122.016555] trace_irq_disable.constprop.0+0xa6/0x100 [ 122.016961] acct_update_integrals+0x296/0x430 [ 122.017321] do_exit+0x2eb/0x2970 [ 122.017598] ? lock_release+0xc8/0x290 [ 122.017908] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.018370] ? __pfx_do_exit+0x10/0x10 [ 122.018679] ? do_raw_spin_lock+0x123/0x260 [ 122.019019] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.019390] do_group_exit+0xd3/0x2a0 [ 122.019694] get_signal+0x2315/0x2340 [ 122.020001] ? __pfx_signal_setup_done+0x10/0x10 [ 122.020380] ? __pfx_get_signal+0x10/0x10 [ 122.020717] ? do_futex+0x135/0x370 [ 122.021005] ? __pfx_do_futex+0x10/0x10 [ 122.021320] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.021728] arch_do_signal_or_restart+0x80/0x790 [ 122.022113] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.022539] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.022872] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.023203] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.023665] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.024025] ? lock_mm_and_find_vma+0xaa/0x6f0 [ 122.024390] exit_to_user_mode_loop+0x8b/0x110 [ 122.024754] do_syscall_64+0x2f7/0x360 [ 122.025059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.025459] RIP: 0033:0x7fc6da467b19 [ 122.025752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.027150] RSP: 002b:00007fc6d79dd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.027738] RAX: fffffffffffffe00 RBX: 00007fc6da57af68 RCX: 00007fc6da467b19 [ 122.028292] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc6da57af68 [ 122.028841] RBP: 00007fc6da57af60 R08: 0000000000000000 R09: 0000000000000000 [ 122.029365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6da57af6c [ 122.029919] R13: 00007ffccf0730ef R14: 00007fc6d79dd300 R15: 0000000000022000 [ 122.030485] [ 122.030673] Modules linked in: [ 122.030933] ---[ end trace 0000000000000000 ]--- [ 122.030935] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000031: 0000 [#3] SMP KASAN NOPTI [ 122.031298] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.032986] KASAN: probably user-memory-access in range [0x0000000100000188-0x000000010000018f] [ 122.033345] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.034660] CPU: 1 UID: 0 PID: 3976 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.036048] RSP: 0018:ffff888047c077c0 EFLAGS: 00010013 [ 122.037858] Tainted: [D]=DIE, [W]=WARN [ 122.038258] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 122.038266] RDX: ffff8880146c9b80 RSI: ffffffff818995b7 RDI: 000000010000018f [ 122.038856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.039406] RBP: ffff888047c07a30 R08: ffff88806cf31340 R09: ffffe8ffffd16850 [ 122.039414] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.040504] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.041136] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.041145] FS: 00007fc6d79dd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 122.042223] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.042767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.043486] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010013 [ 122.044033] CR2: 000000002002a010 CR3: 00000000456ba000 CR4: 0000000000350ef0 [ 122.045247] [ 122.046652] note: syz-executor.0[3959] exited with irqs disabled [ 122.050625] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 122.051723] RDX: ffff8880146c9b80 RSI: ffffffff818995b7 RDI: 000000010000018f [ 122.052834] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd16850 [ 122.053929] R10: 0000000000000000 R11: ffff88801705d898 R12: dffffc0000000000 [ 122.055038] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 122.056148] FS: 00007fc6d79bc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.057405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.058318] CR2: 00007fbabdb46f40 CR3: 00000000456ba000 CR4: 0000000000350ef0 [ 122.059424] Call Trace: [ 122.059835] [ 122.060197] ? __pfx_perf_tp_event+0x10/0x10 [ 122.060904] ? reweight_entity+0x42a/0x800 [ 122.061578] ? update_cfs_group+0x11d/0x260 [ 122.062277] ? enqueue_task_fair+0xded/0x1e00 [ 122.062995] ? check_preempt_wakeup_fair+0x6e/0x950 [ 122.063782] ? wakeup_preempt+0x140/0x2a0 [ 122.064450] ? lock_release+0x1c7/0x290 [ 122.065082] ? lock_release+0x1c7/0x290 [ 122.065722] ? do_raw_spin_unlock+0x53/0x220 [ 122.066439] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.067246] ? try_to_wake_up+0x8ae/0x11d0 [ 122.067922] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.068737] ? lock_release+0x1c7/0x290 [ 122.069481] perf_trace_run_bpf_submit+0xef/0x180 [ 122.070386] perf_trace_preemptirq_template+0x259/0x430 [ 122.071367] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.072453] ? ktime_get+0x16d/0x270 [ 122.073152] ? _raw_spin_lock_irqsave+0x53/0x60 [ 122.074008] trace_irq_disable.constprop.0+0xa6/0x100 [ 122.074945] _raw_spin_lock_irqsave+0x53/0x60 [ 122.075778] hrtimer_run_softirq+0x3c/0x310 [ 122.076601] handle_softirqs+0x1b1/0x770 [ 122.077369] __irq_exit_rcu+0xc4/0x100 [ 122.078091] irq_exit_rcu+0x9/0x20 [ 122.078744] sysvec_apic_timer_interrupt+0x70/0x80 [ 122.079641] [ 122.080065] [ 122.080495] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 122.081447] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 122.082306] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 122.085541] RSP: 0018:ffff888047c07f28 EFLAGS: 00000246 [ 122.086501] RAX: 0000000000000001 RBX: ffff8880146c9b80 RCX: ffffffff817c2b86 [ 122.087784] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 122.089064] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 122.090342] R10: ffffffff8643ac57 R11: 3030303030302043 R12: ffff8880146c9b80 [ 122.091616] R13: 0000000000000000 R14: dffffc0020000031 R15: 0000000000000000 [ 122.092906] ? trace_irq_enable.constprop.0+0x26/0x100 [ 122.093849] ? make_task_dead+0x214/0x3b0 [ 122.094611] ? make_task_dead+0x214/0x3b0 [ 122.095370] ? do_syscall_64+0x2f7/0x360 [ 122.096099] rewind_stack_and_make_dead+0x16/0x20 [ 122.096962] RIP: 0033:0x7fc6da467b19 [ 122.097539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.100260] RSP: 002b:00007fc6d79bc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.101411] RAX: fffffffffffffe00 RBX: 00007fc6da57b028 RCX: 00007fc6da467b19 [ 122.102476] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc6da57b028 [ 122.103550] RBP: 00007fc6da57b020 R08: 0000000000000000 R09: 0000000000000000 [ 122.104631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6da57b02c [ 122.105698] R13: 00007ffccf0730ef R14: 00007fc6d79bc300 R15: 0000000000022000 [ 122.106788] [ 122.107152] Modules linked in: [ 122.107646] ---[ end trace 0000000000000000 ]--- [ 122.107647] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000031: 0000 [#4] SMP KASAN NOPTI [ 122.107661] KASAN: probably user-memory-access in range [0x0000000100000188-0x000000010000018f] [ 122.108350] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.109156] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.110435] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.110770] Tainted: [D]=DIE, [W]=WARN [ 122.112519] RSP: 0018:ffff888047c077c0 EFLAGS: 00010013 [ 122.113829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.114401] [ 122.114781] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.116005] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 122.116131] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.116824] RDX: ffff8880146c9b80 RSI: ffffffff818995b7 RDI: 000000010000018f [ 122.117335] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010013 [ 122.120016] RBP: ffff888047c07a30 R08: ffff88806cf31340 R09: ffffe8ffffd16850 [ 122.120533] [ 122.120537] RAX: 0000000020000031 RBX: 00000000ffffff9f RCX: 0000000000000002 [ 122.121317] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.121827] RDX: ffff888015f3d280 RSI: ffffffff818995b7 RDI: 000000010000018f [ 122.122090] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.122599] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc16850 [ 122.123653] FS: 00007fc6d79bc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.124161] R10: 0000000000000000 R11: ffff88800d12bc98 R12: dffffc0000000000 [ 122.125221] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.125728] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 122.126916] CR2: 00007fbabdb46f40 CR3: 00000000456ba000 CR4: 0000000000350ef0 [ 122.127426] FS: 00007fc6d79dd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 122.128286] Kernel panic - not syncing: Fatal exception in interrupt [ 123.221834] Shutting down cpus with NMI [ 123.225787] Kernel Offset: disabled [ 123.226354] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:42:12 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff888047b7f570 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11008f6feaf R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888047b7f5a8 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc6d79dd700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002002a010 CR3=00000000456ba000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f59940c67c000007f59940c67c8 XMM02=00007f59940c67e000007f59940c67c0 XMM03=00007f59940c67c800007f59940c67c0 XMM04=03120000c2d200000008000004000000 XMM05=000b0000000000000001000000000000 XMM06=00005f65f4da000000010001ef53ffff XMM07=00015f65f4db5f65f4db000000200000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888047c070c8 R8 =0000000000000000 R9 =ffffed10016c5046 R10=00000000000fe503 R11=552031203a555043 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000 RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc6d79bc700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbabdb46f40 CR3=00000000456ba000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc6da54e7c000007fc6da54e7c8 XMM02=00007fc6da54e7e000007fc6da54e7c0 XMM03=00007fc6da54e7c800007fc6da54e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000