Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:15880' (ECDSA) to the list of known hosts. 2025/08/29 08:30:49 fuzzer started 2025/08/29 08:30:49 dialing manager at localhost:43077 syzkaller login: [ 44.494348] cgroup: Unknown subsys name 'net' [ 44.543884] cgroup: Unknown subsys name 'cpuset' [ 44.562903] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:31:00 syscalls: 2214 2025/08/29 08:31:00 code coverage: enabled 2025/08/29 08:31:00 comparison tracing: enabled 2025/08/29 08:31:00 extra coverage: enabled 2025/08/29 08:31:00 setuid sandbox: enabled 2025/08/29 08:31:00 namespace sandbox: enabled 2025/08/29 08:31:00 Android sandbox: enabled 2025/08/29 08:31:00 fault injection: enabled 2025/08/29 08:31:00 leak checking: enabled 2025/08/29 08:31:00 net packet injection: enabled 2025/08/29 08:31:00 net device setup: enabled 2025/08/29 08:31:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:31:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:31:00 USB emulation: enabled 2025/08/29 08:31:00 hci packet injection: enabled 2025/08/29 08:31:00 wifi device emulation: enabled 2025/08/29 08:31:00 802.15.4 emulation: enabled 2025/08/29 08:31:00 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:31:00 fetching corpus: 50, signal 27940/30844 (executing program) 2025/08/29 08:31:00 fetching corpus: 100, signal 36992/40779 (executing program) 2025/08/29 08:31:00 fetching corpus: 150, signal 46225/50526 (executing program) 2025/08/29 08:31:00 fetching corpus: 200, signal 51144/56017 (executing program) 2025/08/29 08:31:00 fetching corpus: 250, signal 56684/61904 (executing program) 2025/08/29 08:31:00 fetching corpus: 300, signal 59941/65596 (executing program) 2025/08/29 08:31:01 fetching corpus: 350, signal 68546/73580 (executing program) 2025/08/29 08:31:01 fetching corpus: 400, signal 71566/76704 (executing program) 2025/08/29 08:31:01 fetching corpus: 450, signal 74982/80068 (executing program) 2025/08/29 08:31:01 fetching corpus: 500, signal 77599/82603 (executing program) 2025/08/29 08:31:01 fetching corpus: 550, signal 80039/84923 (executing program) 2025/08/29 08:31:01 fetching corpus: 600, signal 81811/86568 (executing program) 2025/08/29 08:31:01 fetching corpus: 650, signal 83612/88216 (executing program) 2025/08/29 08:31:02 fetching corpus: 700, signal 85948/90148 (executing program) 2025/08/29 08:31:02 fetching corpus: 750, signal 87406/91414 (executing program) 2025/08/29 08:31:02 fetching corpus: 800, signal 89774/93348 (executing program) 2025/08/29 08:31:02 fetching corpus: 850, signal 91070/94412 (executing program) 2025/08/29 08:31:02 fetching corpus: 900, signal 92220/95306 (executing program) 2025/08/29 08:31:02 fetching corpus: 950, signal 93396/96145 (executing program) 2025/08/29 08:31:02 fetching corpus: 1000, signal 95691/97672 (executing program) 2025/08/29 08:31:02 fetching corpus: 1050, signal 96763/98356 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99277 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99321 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99355 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99396 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99428 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99470 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99511 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99554 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99608 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99647 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99683 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99719 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99765 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99805 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99861 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99894 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99940 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/99989 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100037 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100075 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100118 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100151 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100199 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100245 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100288 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100327 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100349 (executing program) 2025/08/29 08:31:03 fetching corpus: 1097, signal 98324/100349 (executing program) 2025/08/29 08:31:05 starting 8 fuzzer processes 08:31:05 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 08:31:05 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000540), 0x0) r1 = clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {0x10000}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/sr0', 0x0, 0x0) getdents(r2, &(0x7f0000001d40)=""/4096, 0x1000) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000340)={0x1, 0x0, 0x1000, 0x9f, &(0x7f0000000180)="b94f33f6fd1ed3b8c190f464122178c3b644df1d0a0ff542f9529136e7a9154c12beae11def4793e83ac3ca5b1938d4e0bc7225520070bb289fd630bbf7e67650a0891417994a936097218ec32eaf59ca1ac82c1e5b1acfecfe7e69a4ee99e52dcb4c13132bd974f91476f8ef770573604122984109c4f923d4994281db962240fed7c74ce4f4d71e0db57fc3fc20c6694b74afae9423c5ce0dcc80b6e040e", 0x0, 0x0, 0x0}) r3 = creat(&(0x7f00000003c0)='./file0\x00', 0xa4ea4d52e7e4bfdf) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0x40086607, &(0x7f0000000640)=ANY=[@ANYBLOB="0006000000000000000000000000000000000000000000000000000000000000076709c0c662194fee2c2e01bbfae3a6b1a9e37c813ff646d39c07df2e88fa179e3b2ae79ba085a56ab8a735eaf8d88165cefc4b0e282c53fa478fb0d92dd6f647432303ae04f143cfd7f7a58fd65f7c1f1b6ea412c812763e54de122f518c7dc0aa6b0d609b4fe2710632eec88d0a2d1b712062ee13cb7335ce"]) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x1000) r4 = fork() ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r3, 0x7fffffff, 0x7fffffff, 0xfffffffffffffff9}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'vlan1\x00'}) ptrace(0x10, r4) wait4(r4, 0x0, 0x2, &(0x7f0000000440)) wait4(r1, &(0x7f0000000500), 0x40000009, &(0x7f00000000c0)) 08:31:05 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 08:31:05 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000680)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x3, 0x400000) ioctl$SCSI_IOCTL_DOORUNLOCK(r4, 0x5381) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381) setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f00000000c0)={'nat\x00', 0x0, 0x0, 0x0, [0x5, 0x0, 0x3, 0x1017, 0x7, 0x2]}, &(0x7f0000000240)=0x78) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup3(r3, r6, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000002000000000000000000000000fd00000000007200000000000000000000000000000000000000003a5a0e94f75e3f25521d53a98af922d138cf304ef94e1355fb520cb2f54b97811ef7848b43caa57b94c326558c54a6962259c5d627b3d34772481fd2d4f7bf87c5a06797b4506536d391d3fb744ee0296c2cc8d2e9ce24c10e7aad07b1513bfb3ca1c2e5e9966a26e3891b1c5403c1ab82d11e903f36bde2ad4aa9c3dae285a4a3ec4c545f"], 0x48) ioctl$sock_inet6_tcp_SIOCINQ(r7, 0x541b, &(0x7f0000000080)) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280}) write(r1, 0x0, 0x0) [ 60.585369] audit: type=1400 audit(1756456265.633:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:31:05 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f00000005c0)=[{&(0x7f0000000100)="d9", 0x1}], 0x1, 0x3f, 0x0, 0x0) copy_file_range(r0, &(0x7f0000000080)=0x9, r1, &(0x7f00000000c0), 0x6, 0x0) 08:31:05 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:31:05 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) 08:31:05 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}, 0x0) [ 61.788677] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.790738] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.794514] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.796595] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.800161] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.802015] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.806863] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.809903] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.813178] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.815951] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.817437] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.821482] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.822921] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.832066] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.849941] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.910178] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.938533] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.940993] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.951672] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.960630] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.990908] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.001621] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.012365] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.031708] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.038459] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.039126] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 62.048532] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 62.051508] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 62.069917] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 62.071537] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 62.086637] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 62.088033] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 62.097807] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 62.098891] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 62.105349] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 62.114504] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 62.115600] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 62.120613] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 62.121858] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 62.125668] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 63.882895] Bluetooth: hci2: command tx timeout [ 63.882961] Bluetooth: hci1: command tx timeout [ 63.883783] Bluetooth: hci0: command tx timeout [ 64.010308] Bluetooth: hci3: command tx timeout [ 64.074298] Bluetooth: hci4: command tx timeout [ 64.203294] Bluetooth: hci7: command tx timeout [ 64.203820] Bluetooth: hci6: command tx timeout [ 64.205168] Bluetooth: hci5: command tx timeout [ 65.929479] Bluetooth: hci1: command tx timeout [ 65.929910] Bluetooth: hci2: command tx timeout [ 65.930373] Bluetooth: hci0: command tx timeout [ 66.057337] Bluetooth: hci3: command tx timeout [ 66.123350] Bluetooth: hci4: command tx timeout [ 66.251034] Bluetooth: hci5: command tx timeout [ 66.252283] Bluetooth: hci6: command tx timeout [ 66.252665] Bluetooth: hci7: command tx timeout [ 67.978452] Bluetooth: hci0: command tx timeout [ 67.978887] Bluetooth: hci2: command tx timeout [ 67.979566] Bluetooth: hci1: command tx timeout [ 68.105249] Bluetooth: hci3: command tx timeout [ 68.170258] Bluetooth: hci4: command tx timeout [ 68.299227] Bluetooth: hci7: command tx timeout [ 68.299675] Bluetooth: hci6: command tx timeout [ 68.300056] Bluetooth: hci5: command tx timeout [ 70.027450] Bluetooth: hci1: command tx timeout [ 70.027902] Bluetooth: hci2: command tx timeout [ 70.028534] Bluetooth: hci0: command tx timeout [ 70.154255] Bluetooth: hci3: command tx timeout [ 70.218295] Bluetooth: hci4: command tx timeout [ 70.346290] Bluetooth: hci5: command tx timeout [ 70.346698] Bluetooth: hci6: command tx timeout [ 70.347079] Bluetooth: hci7: command tx timeout [ 98.373824] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.374509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.501350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.501986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.961402] audit: type=1400 audit(1756456304.007:8): avc: denied { open } for pid=3681 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 98.970292] audit: type=1400 audit(1756456304.007:9): avc: denied { kernel } for pid=3681 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:31:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:31:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:31:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 99.434303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.434983] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.544128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.545473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:31:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:31:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:31:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000200), 0x4) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:31:45 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) 08:31:45 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) [ 100.036788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.037386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.199100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.199709] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.290369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.290940] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.391113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.391728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.484311] audit: type=1400 audit(1756456305.531:10): avc: denied { read } for pid=3821 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 100.632131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.633074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.735220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.735813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.918504] EXT4-fs warning (device sda): ext4_group_extend:1862: can't shrink FS - resize aborted [ 100.990966] audit: type=1400 audit(1756456306.039:11): avc: denied { write } for pid=3854 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 101.007819] EXT4-fs warning (device sda): ext4_group_extend:1862: can't shrink FS - resize aborted [ 101.386833] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.387464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.424343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.424932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.496409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.497012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.527756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.528373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.629524] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.629557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.688720] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.689330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:31:46 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}, 0x0) 08:31:46 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 08:31:46 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000540), 0x0) r1 = clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {0x10000}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/sr0', 0x0, 0x0) getdents(r2, &(0x7f0000001d40)=""/4096, 0x1000) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000340)={0x1, 0x0, 0x1000, 0x9f, &(0x7f0000000180)="b94f33f6fd1ed3b8c190f464122178c3b644df1d0a0ff542f9529136e7a9154c12beae11def4793e83ac3ca5b1938d4e0bc7225520070bb289fd630bbf7e67650a0891417994a936097218ec32eaf59ca1ac82c1e5b1acfecfe7e69a4ee99e52dcb4c13132bd974f91476f8ef770573604122984109c4f923d4994281db962240fed7c74ce4f4d71e0db57fc3fc20c6694b74afae9423c5ce0dcc80b6e040e", 0x0, 0x0, 0x0}) r3 = creat(&(0x7f00000003c0)='./file0\x00', 0xa4ea4d52e7e4bfdf) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0x40086607, &(0x7f0000000640)=ANY=[@ANYBLOB="0006000000000000000000000000000000000000000000000000000000000000076709c0c662194fee2c2e01bbfae3a6b1a9e37c813ff646d39c07df2e88fa179e3b2ae79ba085a56ab8a735eaf8d88165cefc4b0e282c53fa478fb0d92dd6f647432303ae04f143cfd7f7a58fd65f7c1f1b6ea412c812763e54de122f518c7dc0aa6b0d609b4fe2710632eec88d0a2d1b712062ee13cb7335ce"]) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x1000) r4 = fork() ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r3, 0x7fffffff, 0x7fffffff, 0xfffffffffffffff9}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'vlan1\x00'}) ptrace(0x10, r4) wait4(r4, 0x0, 0x2, &(0x7f0000000440)) wait4(r1, &(0x7f0000000500), 0x40000009, &(0x7f00000000c0)) 08:31:46 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000680)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x3, 0x400000) ioctl$SCSI_IOCTL_DOORUNLOCK(r4, 0x5381) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381) setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f00000000c0)={'nat\x00', 0x0, 0x0, 0x0, [0x5, 0x0, 0x3, 0x1017, 0x7, 0x2]}, &(0x7f0000000240)=0x78) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup3(r3, r6, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000002000000000000000000000000fd00000000007200000000000000000000000000000000000000003a5a0e94f75e3f25521d53a98af922d138cf304ef94e1355fb520cb2f54b97811ef7848b43caa57b94c326558c54a6962259c5d627b3d34772481fd2d4f7bf87c5a06797b4506536d391d3fb744ee0296c2cc8d2e9ce24c10e7aad07b1513bfb3ca1c2e5e9966a26e3891b1c5403c1ab82d11e903f36bde2ad4aa9c3dae285a4a3ec4c545f"], 0x48) ioctl$sock_inet6_tcp_SIOCINQ(r7, 0x541b, &(0x7f0000000080)) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280}) write(r1, 0x0, 0x0) 08:31:46 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 08:31:46 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) 08:31:46 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) 08:31:46 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f00000005c0)=[{&(0x7f0000000100)="d9", 0x1}], 0x1, 0x3f, 0x0, 0x0) copy_file_range(r0, &(0x7f0000000080)=0x9, r1, &(0x7f00000000c0), 0x6, 0x0) 08:31:46 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) [ 101.954490] EXT4-fs warning (device sda): ext4_group_extend:1862: can't shrink FS - resize aborted 08:31:47 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 08:31:47 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}, 0x0) 08:31:47 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 08:31:47 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 08:31:47 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f00000005c0)=[{&(0x7f0000000100)="d9", 0x1}], 0x1, 0x3f, 0x0, 0x0) copy_file_range(r0, &(0x7f0000000080)=0x9, r1, &(0x7f00000000c0), 0x6, 0x0) 08:31:47 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, 0x0) 08:31:47 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 08:31:47 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000680)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x3, 0x400000) ioctl$SCSI_IOCTL_DOORUNLOCK(r4, 0x5381) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381) setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f00000000c0)={'nat\x00', 0x0, 0x0, 0x0, [0x5, 0x0, 0x3, 0x1017, 0x7, 0x2]}, &(0x7f0000000240)=0x78) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup3(r3, r6, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000002000000000000000000000000fd00000000007200000000000000000000000000000000000000003a5a0e94f75e3f25521d53a98af922d138cf304ef94e1355fb520cb2f54b97811ef7848b43caa57b94c326558c54a6962259c5d627b3d34772481fd2d4f7bf87c5a06797b4506536d391d3fb744ee0296c2cc8d2e9ce24c10e7aad07b1513bfb3ca1c2e5e9966a26e3891b1c5403c1ab82d11e903f36bde2ad4aa9c3dae285a4a3ec4c545f"], 0x48) ioctl$sock_inet6_tcp_SIOCINQ(r7, 0x541b, &(0x7f0000000080)) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280}) write(r1, 0x0, 0x0) 08:31:47 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000540), 0x0) r1 = clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {0x10000}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/sr0', 0x0, 0x0) getdents(r2, &(0x7f0000001d40)=""/4096, 0x1000) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000340)={0x1, 0x0, 0x1000, 0x9f, &(0x7f0000000180)="b94f33f6fd1ed3b8c190f464122178c3b644df1d0a0ff542f9529136e7a9154c12beae11def4793e83ac3ca5b1938d4e0bc7225520070bb289fd630bbf7e67650a0891417994a936097218ec32eaf59ca1ac82c1e5b1acfecfe7e69a4ee99e52dcb4c13132bd974f91476f8ef770573604122984109c4f923d4994281db962240fed7c74ce4f4d71e0db57fc3fc20c6694b74afae9423c5ce0dcc80b6e040e", 0x0, 0x0, 0x0}) r3 = creat(&(0x7f00000003c0)='./file0\x00', 0xa4ea4d52e7e4bfdf) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0x40086607, &(0x7f0000000640)=ANY=[@ANYBLOB="0006000000000000000000000000000000000000000000000000000000000000076709c0c662194fee2c2e01bbfae3a6b1a9e37c813ff646d39c07df2e88fa179e3b2ae79ba085a56ab8a735eaf8d88165cefc4b0e282c53fa478fb0d92dd6f647432303ae04f143cfd7f7a58fd65f7c1f1b6ea412c812763e54de122f518c7dc0aa6b0d609b4fe2710632eec88d0a2d1b712062ee13cb7335ce"]) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x1000) r4 = fork() ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r3, 0x7fffffff, 0x7fffffff, 0xfffffffffffffff9}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'vlan1\x00'}) ptrace(0x10, r4) wait4(r4, 0x0, 0x2, &(0x7f0000000440)) wait4(r1, &(0x7f0000000500), 0x40000009, &(0x7f00000000c0)) [ 102.206654] kmemleak: Found object by alias at 0x607f1a63818c [ 102.206672] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 08:31:47 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}, 0x0) 08:31:47 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) [ 102.206690] Tainted: [W]=WARN [ 102.206694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 102.206701] Call Trace: [ 102.206705] [ 102.206710] dump_stack_lvl+0xca/0x120 [ 102.206734] __lookup_object+0x94/0xb0 [ 102.206751] delete_object_full+0x27/0x70 [ 102.206767] free_percpu+0x30/0x1160 [ 102.206783] ? arch_uprobe_clear_state+0x16/0x140 [ 102.206804] futex_hash_free+0x38/0xc0 [ 102.206818] mmput+0x2d3/0x390 [ 102.206837] do_exit+0x79d/0x2970 [ 102.206854] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 102.206875] ? __pfx_do_exit+0x10/0x10 [ 102.206889] ? find_held_lock+0x2b/0x80 [ 102.206907] ? get_signal+0x835/0x2340 [ 102.206927] do_group_exit+0xd3/0x2a0 [ 102.206942] get_signal+0x2315/0x2340 [ 102.206960] ? put_task_stack+0xd2/0x240 [ 102.206975] ? __pfx_get_signal+0x10/0x10 [ 102.206990] ? __schedule+0xe91/0x3590 [ 102.207012] arch_do_signal_or_restart+0x80/0x790 [ 102.207030] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 102.207046] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 102.207066] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 102.207087] ? do_sys_truncate.part.0+0xb0/0x140 [ 102.207102] ? __pfx___x64_sys_futex+0x10/0x10 [ 102.207121] exit_to_user_mode_loop+0x8b/0x110 [ 102.207134] do_syscall_64+0x2f7/0x360 [ 102.207147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.207159] RIP: 0033:0x7f21a216eb19 [ 102.207167] Code: Unable to access opcode bytes at 0x7f21a216eaef. [ 102.207173] RSP: 002b:00007f219f6e4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 102.207184] RAX: 0000000000000001 RBX: 00007f21a2281f68 RCX: 00007f21a216eb19 [ 102.207191] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f21a2281f6c [ 102.207198] RBP: 00007f21a2281f60 R08: 000000000000000e R09: 0000000000000000 [ 102.207205] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21a2281f6c [ 102.207212] R13: 00007ffc3d93395f R14: 00007f219f6e4300 R15: 0000000000022000 [ 102.207229] [ 102.207233] kmemleak: Object (percpu) 0x607f1a638188 (size 8): [ 102.207240] kmemleak: comm "syz-executor.6", pid 3953, jiffies 4294769054 [ 102.207246] kmemleak: min_count = 1 [ 102.207250] kmemleak: count = 0 [ 102.207253] kmemleak: flags = 0x21 [ 102.207257] kmemleak: checksum = 0 [ 102.207261] kmemleak: backtrace: [ 102.207264] pcpu_alloc_noprof+0x87a/0x1170 [ 102.207279] perf_trace_event_init+0x366/0xa10 [ 102.207292] perf_trace_init+0x1a4/0x2f0 [ 102.207303] perf_tp_event_init+0xa6/0x120 [ 102.207319] perf_try_init_event+0x140/0x9f0 [ 102.207332] perf_event_alloc.part.0+0x118e/0x45f0 [ 102.207348] __do_sys_perf_event_open+0x719/0x2c20 [ 102.207360] do_syscall_64+0xbf/0x360 [ 102.207369] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:31:47 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) [ 102.250906] EXT4-fs warning (device sda): ext4_group_extend:1862: can't shrink FS - resize aborted 08:31:47 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f00000005c0)=[{&(0x7f0000000100)="d9", 0x1}], 0x1, 0x3f, 0x0, 0x0) copy_file_range(r0, &(0x7f0000000080)=0x9, r1, &(0x7f00000000c0), 0x6, 0x0) [ 102.296013] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 102.296864] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 102.297547] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 102.299036] Tainted: [W]=WARN [ 102.299579] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 102.300863] RIP: 0010:perf_tp_event+0x175/0xe70 [ 102.301617] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 102.304640] RSP: 0018:ffff88804396f800 EFLAGS: 00010212 [ 102.305451] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 102.306440] RDX: ffff888042c69b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 102.306972] RBP: ffff88804396fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15188 [ 102.307501] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 102.308029] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 102.308556] FS: 000055556d705400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 102.309147] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.309579] CR2: 000055556d706c18 CR3: 000000000dc7a000 CR4: 0000000000350ef0 [ 102.310113] Call Trace: [ 102.310322] [ 102.310504] ? arch_scale_cpu_capacity+0x17/0xa0 [ 102.310870] ? __pfx_perf_tp_event+0x10/0x10 [ 102.311207] ? __asan_memset+0x24/0x50 [ 102.311521] ? perf_trace_lock+0xb5/0x5d0 [ 102.311841] ? kvm_sched_clock_read+0x16/0x30 [ 102.312184] ? sched_clock+0x37/0x60 [ 102.312476] ? sched_clock_cpu+0x6c/0x4e0 [ 102.312792] ? lock_is_held_type+0x9e/0x120 [ 102.313127] ? perf_trace_run_bpf_submit+0xef/0x180 [ 102.313510] perf_trace_run_bpf_submit+0xef/0x180 [ 102.313897] perf_trace_lock+0x337/0x5d0 [ 102.314214] ? __pfx_perf_trace_lock+0x10/0x10 [ 102.314565] ? lock_acquire+0x15e/0x2f0 [ 102.314868] ? futex_ref_get+0x48/0x300 [ 102.315174] ? futex_ref_get+0x114/0x300 [ 102.315481] ? futex_hash+0x15c/0x390 [ 102.315775] lock_release+0x1ab/0x290 [ 102.316070] ? futex_hash+0x15c/0x390 [ 102.316366] futex_ref_get+0x119/0x300 [ 102.316664] ? futex_hash+0x15c/0x390 [ 102.316955] futex_hash+0x70/0x390 [ 102.317235] futex_wake+0x143/0x540 [ 102.317519] ? put_pid+0x1f/0x30 [ 102.317787] ? kernel_clone+0x204/0x7f0 [ 102.318094] ? __pfx_futex_wake+0x10/0x10 [ 102.318415] ? __pfx_kernel_clone+0x10/0x10 [ 102.318743] ? perf_trace_lock+0xb5/0x5d0 [ 102.319065] do_futex+0x26d/0x370 [ 102.319336] ? __pfx_do_futex+0x10/0x10 [ 102.319638] ? __pfx___do_sys_clone+0x10/0x10 [ 102.319977] ? find_held_lock+0x2b/0x80 [ 102.320288] __x64_sys_futex+0x1c9/0x4d0 [ 102.320599] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 102.321042] ? __pfx___x64_sys_futex+0x10/0x10 [ 102.321393] ? xfd_validate_state+0x55/0x180 [ 102.321749] do_syscall_64+0xbf/0x360 [ 102.322042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.322429] RIP: 0033:0x7f89f62cbb19 [ 102.322712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 102.324037] RSP: 002b:00007ffcec396448 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 102.324598] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f89f62cbb19 [ 102.325122] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f89f63def68 [ 102.325651] RBP: 00007f89f63def60 R08: 00007f89f3841700 R09: 0000000000000000 [ 102.326185] R10: 00007f89f3841700 R11: 0000000000000246 R12: 00007f89f63e3a68 [ 102.326718] R13: 00007ffcec396550 R14: 00007f89f63def60 R15: 0000000000018f2c [ 102.327255] [ 102.327437] Modules linked in: [ 102.327716] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 102.328525] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 102.329081] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 102.329959] Tainted: [D]=DIE, [W]=WARN [ 102.330246] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 102.330847] RIP: 0010:perf_tp_event+0x175/0xe70 [ 102.331202] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 102.332520] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 102.332914] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 102.333447] RDX: ffff888042c69b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 102.333974] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15188 [ 102.334498] R10: 0000000000000000 R11: ffff888016a06098 R12: dffffc0000000000 [ 102.335021] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 102.335549] FS: 000055556d705400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 102.336136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.336567] CR2: 000055556d706c18 CR3: 000000000dc7a000 CR4: 0000000000350ef0 [ 102.337093] Call Trace: [ 102.337292] [ 102.337469] ? __pfx_perf_tp_event+0x10/0x10 [ 102.337817] ? lock_is_held_type+0x9e/0x120 [ 102.338148] ? trace_pelt_se_tp+0xdf/0x130 [ 102.338468] ? __update_load_avg_se+0x428/0xa40 [ 102.338825] ? match_held_lock+0xb0/0xd0 [ 102.339137] ? perf_trace_lock+0xb5/0x5d0 [ 102.339452] ? perf_trace_lock+0xb5/0x5d0 [ 102.339768] ? place_entity+0x300/0x410 [ 102.340067] ? kvm_sched_clock_read+0x16/0x30 [ 102.340410] ? __pfx_perf_trace_lock+0x10/0x10 [ 102.340759] ? kvm_sched_clock_read+0x16/0x30 [ 102.341101] ? sched_clock+0x37/0x60 [ 102.341395] ? sched_clock_cpu+0x6c/0x4e0 [ 102.341727] ? perf_trace_run_bpf_submit+0xef/0x180 [ 102.342124] perf_trace_run_bpf_submit+0xef/0x180 [ 102.342501] perf_trace_lock+0x337/0x5d0 [ 102.342809] ? place_entity+0x300/0x410 [ 102.343109] ? kvm_sched_clock_read+0x16/0x30 [ 102.343456] ? __pfx_perf_trace_lock+0x10/0x10 [ 102.343802] ? check_preempt_wakeup_fair+0x6e/0x950 [ 102.344180] ? sched_ttwu_pending+0x2e0/0x4a0 [ 102.344523] lock_release+0x1ab/0x290 [ 102.344813] ? ttwu_do_activate+0x1a4/0x8a0 [ 102.345142] _raw_spin_unlock+0x16/0x40 [ 102.345445] sched_ttwu_pending+0x2e0/0x4a0 [ 102.345787] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 102.346153] ? hrtimer_interrupt+0x652/0x830 [ 102.346490] __flush_smp_call_function_queue+0x434/0x740 [ 102.346902] __sysvec_call_function_single+0x6d/0x370 [ 102.347292] sysvec_call_function_single+0xa1/0xc0 [ 102.347662] [ 102.347838] [ 102.348015] asm_sysvec_call_function_single+0x1a/0x20 [ 102.348410] RIP: 0010:oops_exit+0x0/0x50 [ 102.348717] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 102.350042] RSP: 0018:ffff88804396f690 EFLAGS: 00000202 [ 102.350436] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 102.350957] RDX: ffff888042c69b80 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 102.351483] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 102.352008] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804396f758 [ 102.352532] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 102.353061] ? add_taint+0x5f/0xd0 [ 102.353336] ? oops_end+0x4a/0xe0 [ 102.353609] oops_end+0x65/0xe0 [ 102.353878] exc_general_protection+0x1a2/0x330 [ 102.354239] asm_exc_general_protection+0x26/0x30 [ 102.354603] RIP: 0010:perf_tp_event+0x175/0xe70 [ 102.354957] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 102.356276] RSP: 0018:ffff88804396f800 EFLAGS: 00010212 [ 102.356672] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 102.357193] RDX: ffff888042c69b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 102.357729] RBP: ffff88804396fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15188 [ 102.358263] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 102.358790] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 102.359324] ? perf_tp_event+0x167/0xe70 [ 102.359640] ? arch_scale_cpu_capacity+0x17/0xa0 [ 102.360003] ? __pfx_perf_tp_event+0x10/0x10 [ 102.360341] ? __asan_memset+0x24/0x50 [ 102.360650] ? perf_trace_lock+0xb5/0x5d0 [ 102.360967] ? kvm_sched_clock_read+0x16/0x30 [ 102.361312] ? sched_clock+0x37/0x60 [ 102.361601] ? sched_clock_cpu+0x6c/0x4e0 [ 102.361928] ? lock_is_held_type+0x9e/0x120 [ 102.362260] ? perf_trace_run_bpf_submit+0xef/0x180 [ 102.362637] perf_trace_run_bpf_submit+0xef/0x180 [ 102.363008] perf_trace_lock+0x337/0x5d0 [ 102.363321] ? __pfx_perf_trace_lock+0x10/0x10 [ 102.363668] ? lock_acquire+0x15e/0x2f0 [ 102.363970] ? futex_ref_get+0x48/0x300 [ 102.364271] ? futex_ref_get+0x114/0x300 [ 102.364578] ? futex_hash+0x15c/0x390 [ 102.364870] lock_release+0x1ab/0x290 [ 102.365161] ? futex_hash+0x15c/0x390 [ 102.365454] futex_ref_get+0x119/0x300 [ 102.365757] ? futex_hash+0x15c/0x390 [ 102.366049] futex_hash+0x70/0x390 [ 102.366326] futex_wake+0x143/0x540 [ 102.366608] ? put_pid+0x1f/0x30 [ 102.366866] ? kernel_clone+0x204/0x7f0 [ 102.367169] ? __pfx_futex_wake+0x10/0x10 [ 102.367485] ? __pfx_kernel_clone+0x10/0x10 [ 102.367813] ? perf_trace_lock+0xb5/0x5d0 [ 102.368131] do_futex+0x26d/0x370 [ 102.368401] ? __pfx_do_futex+0x10/0x10 [ 102.368704] ? __pfx___do_sys_clone+0x10/0x10 [ 102.369042] ? find_held_lock+0x2b/0x80 [ 102.369354] __x64_sys_futex+0x1c9/0x4d0 [ 102.369663] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 102.370115] ? __pfx___x64_sys_futex+0x10/0x10 [ 102.370468] ? xfd_validate_state+0x55/0x180 [ 102.370813] do_syscall_64+0xbf/0x360 [ 102.371102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.371485] RIP: 0033:0x7f89f62cbb19 [ 102.371766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 102.373088] RSP: 002b:00007ffcec396448 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 102.373658] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f89f62cbb19 [ 102.374192] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f89f63def68 [ 102.374720] RBP: 00007f89f63def60 R08: 00007f89f3841700 R09: 0000000000000000 [ 102.375251] R10: 00007f89f3841700 R11: 0000000000000246 R12: 00007f89f63e3a68 [ 102.375776] R13: 00007ffcec396550 R14: 00007f89f63def60 R15: 0000000000018f2c [ 102.376311] [ 102.376491] Modules linked in: [ 102.376741] ---[ end trace 0000000000000000 ]--- [ 102.377093] RIP: 0010:perf_tp_event+0x175/0xe70 [ 102.377454] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 102.378781] RSP: 0018:ffff88804396f800 EFLAGS: 00010212 [ 102.379178] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 102.379707] RDX: ffff888042c69b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 102.380233] RBP: ffff88804396fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15188 [ 102.380764] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 102.381292] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 102.381828] FS: 000055556d705400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 102.382423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.382855] CR2: 000055556d706c18 CR3: 000000000dc7a000 CR4: 0000000000350ef0 [ 102.383387] Kernel panic - not syncing: Fatal exception in interrupt [ 103.481232] Shutting down cpus with NMI [ 103.482128] Kernel Offset: disabled [ 103.482671] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:31:47 Registers: info registers vcpu 0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804396f0f0 R8 =0000000000000000 R9 =ffffed10014a0046 R10=0000000000000031 R11=0000000065646f43 R12=0000000000000031 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556d705400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055556d706c18 CR3=000000000dc7a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f89f63b27c000007f89f63b27c8 XMM02=00007f89f63b27e000007f89f63b27c0 XMM03=00007f89f63b27c800007f89f63b27c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff81835326 RBX=dffffc0000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff81830cd4 RDI=ffffffff85842c18 RBP=ffff88801577fd18 RSP=ffff88801577fc50 R8 =0000000000000000 R9 =ffffed1002edcc02 R10=000000007fff0000 R11=0000000000000000 R12=00000000000000bf R13=ffff88801577fd50 R14=ffffc90000691058 R15=00000000000000bf RIP=ffffffff8183532a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f00130bb900 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f001253b180 CR3=0000000009c77000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ef63d2b7339aa72c0000000000152048 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=6e264fa8fdfe664300000000000ae988 XMM07=a1fcdcf819d7e1e500000000000ae728 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=20000000000000002000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000