Warning: Permanently added '[localhost]:34452' (ECDSA) to the list of known hosts. 2025/08/29 08:33:39 fuzzer started 2025/08/29 08:33:39 dialing manager at localhost:43077 syzkaller login: [ 50.035023] cgroup: Unknown subsys name 'net' [ 50.090515] cgroup: Unknown subsys name 'cpuset' [ 50.102624] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:33:49 syscalls: 2214 2025/08/29 08:33:49 code coverage: enabled 2025/08/29 08:33:49 comparison tracing: enabled 2025/08/29 08:33:49 extra coverage: enabled 2025/08/29 08:33:49 setuid sandbox: enabled 2025/08/29 08:33:49 namespace sandbox: enabled 2025/08/29 08:33:49 Android sandbox: enabled 2025/08/29 08:33:49 fault injection: enabled 2025/08/29 08:33:49 leak checking: enabled 2025/08/29 08:33:49 net packet injection: enabled 2025/08/29 08:33:49 net device setup: enabled 2025/08/29 08:33:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:33:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:33:49 USB emulation: enabled 2025/08/29 08:33:49 hci packet injection: enabled 2025/08/29 08:33:49 wifi device emulation: enabled 2025/08/29 08:33:49 802.15.4 emulation: enabled 2025/08/29 08:33:50 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:33:50 fetching corpus: 50, signal 24227/27268 (executing program) 2025/08/29 08:33:50 fetching corpus: 100, signal 36125/39945 (executing program) 2025/08/29 08:33:50 fetching corpus: 150, signal 44353/48813 (executing program) 2025/08/29 08:33:50 fetching corpus: 200, signal 50778/55690 (executing program) 2025/08/29 08:33:50 fetching corpus: 250, signal 54721/60121 (executing program) 2025/08/29 08:33:50 fetching corpus: 300, signal 58217/64040 (executing program) 2025/08/29 08:33:50 fetching corpus: 350, signal 63152/69074 (executing program) 2025/08/29 08:33:51 fetching corpus: 400, signal 66853/72801 (executing program) 2025/08/29 08:33:51 fetching corpus: 450, signal 69832/75788 (executing program) 2025/08/29 08:33:51 fetching corpus: 500, signal 73190/79201 (executing program) 2025/08/29 08:33:51 fetching corpus: 550, signal 75460/81492 (executing program) 2025/08/29 08:33:51 fetching corpus: 600, signal 78902/84501 (executing program) 2025/08/29 08:33:51 fetching corpus: 650, signal 81493/86889 (executing program) 2025/08/29 08:33:51 fetching corpus: 700, signal 84204/89135 (executing program) 2025/08/29 08:33:52 fetching corpus: 750, signal 86163/90764 (executing program) 2025/08/29 08:33:52 fetching corpus: 800, signal 89460/93221 (executing program) 2025/08/29 08:33:52 fetching corpus: 850, signal 91351/94676 (executing program) 2025/08/29 08:33:52 fetching corpus: 900, signal 92923/95848 (executing program) 2025/08/29 08:33:52 fetching corpus: 950, signal 94527/96965 (executing program) 2025/08/29 08:33:52 fetching corpus: 1000, signal 96100/98050 (executing program) 2025/08/29 08:33:52 fetching corpus: 1050, signal 97224/98768 (executing program) 2025/08/29 08:33:53 fetching corpus: 1100, signal 98518/99545 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99626 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99668 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99704 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99741 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99789 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99838 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99881 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99936 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/99985 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100025 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100079 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100121 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100171 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100218 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100260 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100300 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100348 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100394 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100442 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100495 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100548 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100589 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100632 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100680 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100731 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100771 (executing program) 2025/08/29 08:33:53 fetching corpus: 1107, signal 98593/100771 (executing program) 2025/08/29 08:33:55 starting 8 fuzzer processes 08:33:55 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) rt_sigsuspend(0x0, 0x0) 08:33:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 08:33:55 executing program 7: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) 08:33:55 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x40081271, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) [ 65.641162] audit: type=1400 audit(1756456435.237:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:33:55 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x11, 0x0, 0x6) creat(0x0, 0x0) 08:33:55 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0xf}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0) 08:33:55 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) 08:33:55 executing program 4: syz_mount_image$nfs4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00') r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000017c0), 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 66.835726] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.837825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.840728] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.845344] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.848988] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.892954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.896405] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.899862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.906389] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.911514] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.914812] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.920046] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.922625] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.938544] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.941478] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.955402] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.959870] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 66.961828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 66.963521] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.966158] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 66.974248] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.980730] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.984633] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 66.987887] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.991607] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.025653] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.039564] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.047968] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.048236] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.052365] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.055924] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.068592] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.070078] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.073229] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.082527] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.090435] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.091914] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.095454] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.097633] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.132936] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.864639] Bluetooth: hci0: command tx timeout [ 68.928212] Bluetooth: hci1: command tx timeout [ 68.992253] Bluetooth: hci2: command tx timeout [ 69.058180] Bluetooth: hci3: command tx timeout [ 69.120163] Bluetooth: hci6: command tx timeout [ 69.120199] Bluetooth: hci5: command tx timeout [ 69.120697] Bluetooth: hci4: command tx timeout [ 69.248327] Bluetooth: hci7: command tx timeout [ 70.912380] Bluetooth: hci0: command tx timeout [ 70.976195] Bluetooth: hci1: command tx timeout [ 71.040266] Bluetooth: hci2: command tx timeout [ 71.104157] Bluetooth: hci3: command tx timeout [ 71.168195] Bluetooth: hci4: command tx timeout [ 71.168599] Bluetooth: hci5: command tx timeout [ 71.168627] Bluetooth: hci6: command tx timeout [ 71.297542] Bluetooth: hci7: command tx timeout [ 72.960141] Bluetooth: hci0: command tx timeout [ 73.024235] Bluetooth: hci1: command tx timeout [ 73.090127] Bluetooth: hci2: command tx timeout [ 73.152158] Bluetooth: hci3: command tx timeout [ 73.216453] Bluetooth: hci4: command tx timeout [ 73.216474] Bluetooth: hci5: command tx timeout [ 73.217879] Bluetooth: hci6: command tx timeout [ 73.344197] Bluetooth: hci7: command tx timeout [ 75.009286] Bluetooth: hci0: command tx timeout [ 75.073451] Bluetooth: hci1: command tx timeout [ 75.137249] Bluetooth: hci2: command tx timeout [ 75.202197] Bluetooth: hci3: command tx timeout [ 75.266113] Bluetooth: hci6: command tx timeout [ 75.266559] Bluetooth: hci5: command tx timeout [ 75.266944] Bluetooth: hci4: command tx timeout [ 75.393501] Bluetooth: hci7: command tx timeout [ 105.014653] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.015433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.183955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.185037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:35 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0xf}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0) 08:34:35 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0xf}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0) [ 105.853433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.854062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:35 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0xf}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0) [ 106.086123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.086711] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:35 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000840)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x24, 0x2, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT={0x4}]}, 0x24}}, 0x0) 08:34:35 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000840)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x24, 0x2, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT={0x4}]}, 0x24}}, 0x0) 08:34:36 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000840)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x24, 0x2, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT={0x4}]}, 0x24}}, 0x0) 08:34:36 executing program 7: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) [ 106.586068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.586695] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:36 executing program 7: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) [ 106.684714] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.685781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.172908] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.173579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.286749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.287431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.041183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.042823] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.246050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.247378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.403860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.405615] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.481524] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.482372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.539231] kernel write not supported for file /vcsu (pid: 23 comm: kworker/1:0) [ 108.581403] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.582721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.737129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.737833] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.742877] audit: type=1400 audit(1756456478.339:8): avc: denied { open } for pid=3898 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.747245] audit: type=1400 audit(1756456478.339:9): avc: denied { kernel } for pid=3898 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.902847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.904192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.920742] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.921492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:38 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) rt_sigsuspend(0x0, 0x0) 08:34:38 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x40081271, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) 08:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 08:34:38 executing program 4: syz_mount_image$nfs4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00') r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000017c0), 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 08:34:38 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000840)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x24, 0x2, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT={0x4}]}, 0x24}}, 0x0) 08:34:38 executing program 7: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) 08:34:38 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x11, 0x0, 0x6) creat(0x0, 0x0) 08:34:38 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) [ 109.071104] kernel write not supported for file /vcsu (pid: 23 comm: kworker/1:0) 08:34:38 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) rt_sigsuspend(0x0, 0x0) 08:34:38 executing program 4: syz_mount_image$nfs4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00') r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000017c0), 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 109.171237] kernel write not supported for file /vcsu (pid: 23 comm: kworker/1:0) 08:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 08:34:38 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) 08:34:38 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x11, 0x0, 0x6) creat(0x0, 0x0) 08:34:38 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) 08:34:38 executing program 4: syz_mount_image$nfs4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00') r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000017c0), 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 08:34:38 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) rt_sigsuspend(0x0, 0x0) 08:34:38 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x40081271, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) 08:34:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) [ 109.258182] kernel write not supported for file /vcsu (pid: 23 comm: kworker/1:0) 08:34:38 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) 08:34:38 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x11, 0x0, 0x6) creat(0x0, 0x0) 08:34:38 executing program 4: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) 08:34:38 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) 08:34:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 08:34:39 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x40081271, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) 08:34:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 08:34:39 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) 08:34:39 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 08:34:39 executing program 4: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) 08:34:39 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0) 08:34:39 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc02c5341, &(0x7f0000000040)={0x0, @tick=0x4d7}) 08:34:39 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000040)=0x20) [ 109.497224] audit: type=1326 audit(1756456479.093:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3963 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b9f0bcb19 code=0x0 08:34:39 executing program 4: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) [ 109.510952] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 08:34:39 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc02c5341, &(0x7f0000000040)={0x0, @tick=0x4d7}) 08:34:39 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) getpid() r2 = dup3(r0, r1, 0x0) getpeername$unix(r2, 0x0, &(0x7f0000000180)) 08:34:39 executing program 7: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{@fat=@dmask}]}) 08:34:39 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000040)=0x20) 08:34:39 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:39 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAW(r0, 0x5607, 0x0) [ 109.601799] No source specified [ 109.605385] No source specified [ 109.655755] kmemleak: Found object by alias at 0x607f1a638f4c [ 109.655774] CPU: 0 UID: 0 PID: 3981 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.655793] Tainted: [W]=WARN [ 109.655797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.655804] Call Trace: [ 109.655808] [ 109.655813] dump_stack_lvl+0xca/0x120 [ 109.655840] __lookup_object+0x94/0xb0 [ 109.655857] delete_object_full+0x27/0x70 [ 109.655873] free_percpu+0x30/0x1160 [ 109.655889] ? arch_uprobe_clear_state+0x16/0x140 [ 109.655909] futex_hash_free+0x38/0xc0 [ 109.655924] mmput+0x2d3/0x390 [ 109.655942] do_exit+0x79d/0x2970 [ 109.655955] ? signal_wake_up_state+0x85/0x120 [ 109.655971] ? zap_other_threads+0x2b9/0x3a0 [ 109.655986] ? __pfx_do_exit+0x10/0x10 [ 109.655999] ? do_group_exit+0x1c3/0x2a0 [ 109.656012] ? lock_release+0xc8/0x290 [ 109.656029] do_group_exit+0xd3/0x2a0 [ 109.656043] __x64_sys_exit_group+0x3e/0x50 [ 109.656057] x64_sys_call+0x18c5/0x18d0 [ 109.656081] do_syscall_64+0xbf/0x360 [ 109.656098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.656115] RIP: 0033:0x7f339a191b19 [ 109.656124] Code: Unable to access opcode bytes at 0x7f339a191aef. [ 109.656129] RSP: 002b:00007ffde206e2c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 109.656140] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f339a191b19 [ 109.656148] RDX: 00007f339a14472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 109.656155] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 109.656162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.656169] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffde206e3b0 [ 109.656184] [ 109.656188] kmemleak: Object (percpu) 0x607f1a638f48 (size 8): [ 109.656195] kmemleak: comm "syz-executor.5", pid 3982, jiffies 4294776519 [ 109.656202] kmemleak: min_count = 1 [ 109.656206] kmemleak: count = 0 [ 109.656210] kmemleak: flags = 0x21 [ 109.656213] kmemleak: checksum = 0 [ 109.656217] kmemleak: backtrace: [ 109.656220] pcpu_alloc_noprof+0x87a/0x1170 [ 109.656235] perf_trace_event_init+0x366/0xa10 [ 109.656249] perf_trace_init+0x1a4/0x2f0 [ 109.656260] perf_tp_event_init+0xa6/0x120 [ 109.656275] perf_try_init_event+0x140/0x9f0 [ 109.656288] perf_event_alloc.part.0+0x118e/0x45f0 [ 109.656304] __do_sys_perf_event_open+0x719/0x2c20 [ 109.656316] do_syscall_64+0xbf/0x360 [ 109.656325] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:34:39 executing program 4: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:39 executing program 7: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{@fat=@dmask}]}) [ 109.705952] No source specified [ 110.316865] audit: type=1326 audit(1756456479.913:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3963 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b9f0bcb19 code=0x0 08:34:39 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc02c5341, &(0x7f0000000040)={0x0, @tick=0x4d7}) 08:34:39 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAW(r0, 0x5607, 0x0) 08:34:39 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:39 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) getpid() r2 = dup3(r0, r1, 0x0) getpeername$unix(r2, 0x0, &(0x7f0000000180)) 08:34:39 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000040)=0x20) 08:34:39 executing program 7: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{@fat=@dmask}]}) 08:34:39 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) 08:34:39 executing program 4: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') [ 110.424177] audit: type=1326 audit(1756456480.019:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4004 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b9f0bcb19 code=0x0 [ 110.424526] No source specified 08:34:40 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:40 executing program 4: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:40 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAW(r0, 0x5607, 0x0) 08:34:40 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000040)=0x20) 08:34:40 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) getpid() r2 = dup3(r0, r1, 0x0) getpeername$unix(r2, 0x0, &(0x7f0000000180)) 08:34:40 executing program 7: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{@fat=@dmask}]}) 08:34:40 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc02c5341, &(0x7f0000000040)={0x0, @tick=0x4d7}) [ 110.521224] No source specified 08:34:40 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:40 executing program 7: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:40 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) getpid() r2 = dup3(r0, r1, 0x0) getpeername$unix(r2, 0x0, &(0x7f0000000180)) 08:34:40 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAW(r0, 0x5607, 0x0) 08:34:40 executing program 4: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:40 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) 08:34:40 executing program 6: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:40 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) [ 111.337159] audit: type=1326 audit(1756456480.929:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4028 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb5f142fb19 code=0x0 [ 111.390553] audit: type=1326 audit(1756456480.981:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4039 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b9f0bcb19 code=0x0 08:34:41 executing program 7: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:41 executing program 6: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:41 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:41 executing program 5: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) 08:34:41 executing program 4: syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x3, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @dev}, "0000010000000000"}}}}}, 0x0) 08:34:41 executing program 7: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') [ 111.594035] kmemleak: Found object by alias at 0x607f1a638f4c [ 111.594065] CPU: 0 UID: 0 PID: 4047 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.594105] Tainted: [W]=WARN [ 111.594112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.594123] Call Trace: [ 111.594130] [ 111.594138] dump_stack_lvl+0xca/0x120 [ 111.594178] __lookup_object+0x94/0xb0 [ 111.594207] delete_object_full+0x27/0x70 [ 111.594235] free_percpu+0x30/0x1160 [ 111.594264] ? arch_uprobe_clear_state+0x16/0x140 [ 111.594299] futex_hash_free+0x38/0xc0 [ 111.594324] mmput+0x2d3/0x390 [ 111.594356] do_exit+0x79d/0x2970 [ 111.594380] ? signal_wake_up_state+0x85/0x120 [ 111.594408] ? zap_other_threads+0x2b9/0x3a0 [ 111.594436] ? __pfx_do_exit+0x10/0x10 [ 111.594459] ? do_group_exit+0x1c3/0x2a0 [ 111.594483] ? lock_release+0xc8/0x290 [ 111.594513] do_group_exit+0xd3/0x2a0 [ 111.594540] __x64_sys_exit_group+0x3e/0x50 [ 111.594565] x64_sys_call+0x18c5/0x18d0 [ 111.594592] do_syscall_64+0xbf/0x360 [ 111.594613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.594633] RIP: 0033:0x7f339a191b19 [ 111.594648] Code: Unable to access opcode bytes at 0x7f339a191aef. [ 111.594657] RSP: 002b:00007ffde206e2c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 111.594678] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f339a191b19 [ 111.594691] RDX: 00007f339a14472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 111.594704] RBP: 0000000000000000 R08: 0000001b2ce211e8 R09: 0000000000000000 [ 111.594716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.594728] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffde206e3b0 [ 111.594756] [ 111.594763] kmemleak: Object (percpu) 0x607f1a638f48 (size 8): [ 111.594775] kmemleak: comm "syz-executor.1", pid 4050, jiffies 4294778454 [ 111.594787] kmemleak: min_count = 1 [ 111.594794] kmemleak: count = 0 [ 111.594801] kmemleak: flags = 0x21 [ 111.594807] kmemleak: checksum = 0 [ 111.594814] kmemleak: backtrace: [ 111.594819] pcpu_alloc_noprof+0x87a/0x1170 [ 111.594846] perf_trace_event_init+0x366/0xa10 [ 111.594870] perf_trace_init+0x1a4/0x2f0 [ 111.594891] perf_tp_event_init+0xa6/0x120 [ 111.594918] perf_try_init_event+0x140/0x9f0 [ 111.594941] perf_event_alloc.part.0+0x118e/0x45f0 [ 111.594971] __do_sys_perf_event_open+0x719/0x2c20 [ 111.594993] do_syscall_64+0xbf/0x360 [ 111.595008] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:34:41 executing program 4: syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x3, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @dev}, "0000010000000000"}}}}}, 0x0) 08:34:41 executing program 5: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) 08:34:41 executing program 6: r0 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='./file0\x00') 08:34:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:41 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:41 executing program 5: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) 08:34:41 executing program 4: syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x3, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @dev}, "0000010000000000"}}}}}, 0x0) 08:34:41 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:41 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) 08:34:41 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) [ 112.291638] audit: type=1326 audit(1756456481.888:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4063 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb5f142fb19 code=0x0 [ 112.321022] audit: type=1326 audit(1756456481.917:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4072 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b9f0bcb19 code=0x0 08:34:41 executing program 4: syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x3, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @dev}, "0000010000000000"}}}}}, 0x0) 08:34:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:41 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:42 executing program 6: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) 08:34:42 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0) 08:34:42 executing program 5: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) 08:34:42 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) 08:34:42 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:42 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:42 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 08:34:42 executing program 6: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) 08:34:42 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x3, 0x0, 0x0, 0x8}, {0x6}]}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) [ 113.230185] audit: type=1326 audit(1756456482.823:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4091 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb5f142fb19 code=0x0 08:34:42 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:42 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) [ 113.252585] loop2: detected capacity change from 0 to 9 08:34:42 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) 08:34:42 executing program 6: openat$vcs(0xffffffffffffff9c, 0x0, 0x109801, 0x0) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000080)={@lba, 0x0, 0x1}) [ 113.302041] FAT-fs (loop2): FAT read failed (blocknr 32) 08:34:42 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) 08:34:42 executing program 1: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) 08:34:42 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) [ 113.385592] kmemleak: Found object by alias at 0x607f1a638f4c [ 113.385616] CPU: 1 UID: 0 PID: 4092 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 113.385638] Tainted: [W]=WARN [ 113.385642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.385651] Call Trace: [ 113.385656] [ 113.385662] dump_stack_lvl+0xca/0x120 [ 113.385691] __lookup_object+0x94/0xb0 [ 113.385711] delete_object_full+0x27/0x70 [ 113.385730] free_percpu+0x30/0x1160 [ 113.385749] ? arch_uprobe_clear_state+0x16/0x140 [ 113.385774] futex_hash_free+0x38/0xc0 [ 113.385791] mmput+0x2d3/0x390 [ 113.385813] do_exit+0x79d/0x2970 [ 113.385830] ? signal_wake_up_state+0x9f/0x120 [ 113.385849] ? zap_other_threads+0x2b9/0x3a0 [ 113.385868] ? __pfx_do_exit+0x10/0x10 [ 113.385883] ? do_group_exit+0x1c3/0x2a0 [ 113.385900] ? lock_release+0xc8/0x290 [ 113.385920] do_group_exit+0xd3/0x2a0 [ 113.385938] __x64_sys_exit_group+0x3e/0x50 [ 113.385955] x64_sys_call+0x18c5/0x18d0 [ 113.385974] do_syscall_64+0xbf/0x360 [ 113.385990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.386006] RIP: 0033:0x7f339a191b19 [ 113.386016] Code: Unable to access opcode bytes at 0x7f339a191aef. [ 113.386022] RSP: 002b:00007ffde206e2c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 113.386036] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f339a191b19 [ 113.386045] RDX: 00007f339a14472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 113.386054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 113.386062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.386074] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffde206e3b0 [ 113.386093] [ 113.386098] kmemleak: Object (percpu) 0x607f1a638f48 (size 8): [ 113.386106] kmemleak: comm "syz-executor.2", pid 4097, jiffies 4294780112 [ 113.386114] kmemleak: min_count = 1 [ 113.386119] kmemleak: count = 0 [ 113.386124] kmemleak: flags = 0x21 [ 113.386128] kmemleak: checksum = 0 [ 113.386133] kmemleak: backtrace: [ 113.386137] pcpu_alloc_noprof+0x87a/0x1170 [ 113.386155] __alloc_workqueue+0x74b/0x1820 [ 113.386176] alloc_workqueue_noprof+0xc7/0x200 [ 113.386187] loop_configure+0xf73/0x1590 [ 113.386204] lo_ioctl+0x66d/0x1c70 [ 113.386219] blkdev_ioctl+0x27c/0x6c0 [ 113.386240] __x64_sys_ioctl+0x18f/0x210 [ 113.386258] do_syscall_64+0xbf/0x360 [ 113.386268] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:34:43 executing program 1: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) 08:34:43 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) 08:34:43 executing program 7: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) 08:34:43 executing program 5: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) 08:34:43 executing program 1: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) 08:34:43 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 08:34:43 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 08:34:43 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 114.143285] loop6: detected capacity change from 0 to 9 [ 114.160737] loop2: detected capacity change from 0 to 9 [ 114.164834] FAT-fs (loop6): FAT read failed (blocknr 32) 08:34:43 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000140)={0x20, 0x0, 0x0, "0f551cf65613349e27929d71410dbf3d3f4ab0d7fbbdd81328e44db3f734555c"}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x60801) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0x120) [ 114.187267] FAT-fs (loop2): FAT read failed (blocknr 32) 08:34:43 executing program 7: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) 08:34:43 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 114.240636] kmemleak: Found object by alias at 0x607f1a638f4c [ 114.240656] CPU: 1 UID: 0 PID: 4134 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.240674] Tainted: [W]=WARN [ 114.240678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.240685] Call Trace: [ 114.240689] [ 114.240693] dump_stack_lvl+0xca/0x120 [ 114.240723] __lookup_object+0x94/0xb0 [ 114.240739] delete_object_full+0x27/0x70 [ 114.240754] free_percpu+0x30/0x1160 [ 114.240770] ? arch_uprobe_clear_state+0x16/0x140 [ 114.240790] futex_hash_free+0x38/0xc0 [ 114.240804] mmput+0x2d3/0x390 [ 114.240822] do_exit+0x79d/0x2970 [ 114.240835] ? lock_release+0xc8/0x290 [ 114.240852] ? __pfx_do_exit+0x10/0x10 [ 114.240865] ? find_held_lock+0x2b/0x80 [ 114.240882] ? get_signal+0x835/0x2340 [ 114.240902] do_group_exit+0xd3/0x2a0 [ 114.240916] get_signal+0x2315/0x2340 [ 114.240935] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 114.240956] ? __pfx_get_signal+0x10/0x10 [ 114.240972] ? do_futex+0x135/0x370 [ 114.240985] ? __pfx_do_futex+0x10/0x10 [ 114.241000] arch_do_signal_or_restart+0x80/0x790 [ 114.241017] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.241033] ? __x64_sys_futex+0x1c9/0x4d0 [ 114.241045] ? __x64_sys_futex+0x1d2/0x4d0 [ 114.241059] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.241072] ? getname_flags.part.0+0x1c6/0x540 [ 114.241093] exit_to_user_mode_loop+0x8b/0x110 [ 114.241105] do_syscall_64+0x2f7/0x360 [ 114.241117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.241129] RIP: 0033:0x7f339a191b19 [ 114.241138] Code: Unable to access opcode bytes at 0x7f339a191aef. [ 114.241143] RSP: 002b:00007f3397707218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.241154] RAX: fffffffffffffe00 RBX: 00007f339a2a4f68 RCX: 00007f339a191b19 [ 114.241161] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f339a2a4f68 [ 114.241168] RBP: 00007f339a2a4f60 R08: 0000000000000000 R09: 0000000000000000 [ 114.241175] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f339a2a4f6c [ 114.241181] R13: 00007ffde206e09f R14: 00007f3397707300 R15: 0000000000022000 [ 114.241197] [ 114.241201] kmemleak: Object (percpu) 0x607f1a638f48 (size 8): [ 114.241207] kmemleak: comm "syz-executor.6", pid 4131, jiffies 4294781018 [ 114.241214] kmemleak: min_count = 1 [ 114.241218] kmemleak: count = 0 [ 114.241221] kmemleak: flags = 0x21 [ 114.241225] kmemleak: checksum = 0 [ 114.241229] kmemleak: backtrace: [ 114.241232] pcpu_alloc_noprof+0x87a/0x1170 [ 114.241247] __alloc_workqueue+0x74b/0x1820 [ 114.241264] alloc_workqueue_noprof+0xc7/0x200 [ 114.241273] loop_configure+0xf73/0x1590 [ 114.241287] lo_ioctl+0x66d/0x1c70 [ 114.241299] blkdev_ioctl+0x27c/0x6c0 [ 114.241317] __x64_sys_ioctl+0x18f/0x210 [ 114.241331] do_syscall_64+0xbf/0x360 [ 114.241339] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:34:43 executing program 3: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:43 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 114.310379] loop6: detected capacity change from 0 to 9 [ 114.318038] loop2: detected capacity change from 0 to 9 08:34:43 executing program 5: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:43 executing program 7: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x1011000) keyctl$get_security(0x11, r0, 0x0, 0x0) [ 114.332548] FAT-fs (loop2): FAT read failed (blocknr 32) [ 114.343524] FAT-fs (loop6): FAT read failed (blocknr 32) [ 114.359827] kmemleak: Found object by alias at 0x607f1a638f4c [ 114.359842] CPU: 1 UID: 0 PID: 4144 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.359860] Tainted: [W]=WARN [ 114.359863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.359870] Call Trace: [ 114.359874] [ 114.359878] dump_stack_lvl+0xca/0x120 [ 114.359902] __lookup_object+0x94/0xb0 [ 114.359918] delete_object_full+0x27/0x70 [ 114.359934] free_percpu+0x30/0x1160 [ 114.359950] ? arch_uprobe_clear_state+0x16/0x140 [ 114.359970] futex_hash_free+0x38/0xc0 [ 114.359984] mmput+0x2d3/0x390 [ 114.360002] do_exit+0x79d/0x2970 [ 114.360015] ? lock_release+0xc8/0x290 [ 114.360032] ? __pfx_do_exit+0x10/0x10 [ 114.360046] ? find_held_lock+0x2b/0x80 [ 114.360062] ? get_signal+0x835/0x2340 [ 114.360085] do_group_exit+0xd3/0x2a0 [ 114.360100] get_signal+0x2315/0x2340 [ 114.360122] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 114.360136] ? __pfx_get_signal+0x10/0x10 [ 114.360152] ? do_futex+0x135/0x370 [ 114.360165] ? __pfx_do_futex+0x10/0x10 [ 114.360180] arch_do_signal_or_restart+0x80/0x790 [ 114.360197] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.360212] ? __x64_sys_futex+0x1c9/0x4d0 [ 114.360224] ? __x64_sys_futex+0x1d2/0x4d0 [ 114.360238] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.360251] ? xfd_validate_state+0x55/0x180 [ 114.360272] exit_to_user_mode_loop+0x8b/0x110 [ 114.360284] do_syscall_64+0x2f7/0x360 [ 114.360296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.360307] RIP: 0033:0x7f339a191b19 [ 114.360316] Code: Unable to access opcode bytes at 0x7f339a191aef. [ 114.360321] RSP: 002b:00007f3397707218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.360333] RAX: fffffffffffffe00 RBX: 00007f339a2a4f68 RCX: 00007f339a191b19 [ 114.360340] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f339a2a4f68 [ 114.360347] RBP: 00007f339a2a4f60 R08: 0000000000000000 R09: 0000000000000000 [ 114.360354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f339a2a4f6c [ 114.360360] R13: 00007ffde206e09f R14: 00007f3397707300 R15: 0000000000022000 [ 114.360376] [ 114.360379] kmemleak: Object (percpu) 0x607f1a638f48 (size 8): [ 114.360386] kmemleak: comm "syz-executor.6", pid 4131, jiffies 4294781018 [ 114.360393] kmemleak: min_count = 1 [ 114.360397] kmemleak: count = 0 [ 114.360400] kmemleak: flags = 0x21 [ 114.360404] kmemleak: checksum = 0 [ 114.360407] kmemleak: backtrace: [ 114.360411] pcpu_alloc_noprof+0x87a/0x1170 [ 114.360425] __alloc_workqueue+0x74b/0x1820 [ 114.360442] alloc_workqueue_noprof+0xc7/0x200 [ 114.360451] loop_configure+0xf73/0x1590 [ 114.360465] lo_ioctl+0x66d/0x1c70 [ 114.360477] blkdev_ioctl+0x27c/0x6c0 [ 114.360495] __x64_sys_ioctl+0x18f/0x210 [ 114.360510] do_syscall_64+0xbf/0x360 [ 114.360518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.414849] kmemleak: Found object by alias at 0x607f1a639ba8 08:34:44 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x28, r1, 0xe8d1d2a726c149b9, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) [ 114.414880] CPU: 0 UID: 0 PID: 4141 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.414913] Tainted: [W]=WARN [ 114.414920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.414932] Call Trace: [ 114.414939] [ 114.414947] dump_stack_lvl+0xca/0x120 [ 114.414987] __lookup_object+0x94/0xb0 [ 114.415016] delete_object_full+0x27/0x70 [ 114.415045] free_percpu+0x30/0x1160 [ 114.415080] ? arch_uprobe_clear_state+0x16/0x140 [ 114.415116] futex_hash_free+0x38/0xc0 [ 114.415141] mmput+0x2d3/0x390 [ 114.415174] do_exit+0x79d/0x2970 [ 114.415206] ? __pfx_do_exit+0x10/0x10 [ 114.415230] ? trace_irq_enable.constprop.0+0x26/0x100 [ 114.415253] ? _raw_spin_unlock_irq+0x23/0x40 [ 114.415285] do_group_exit+0xd3/0x2a0 [ 114.415311] __x64_sys_exit_group+0x3e/0x50 [ 114.415336] x64_sys_call+0x18c5/0x18d0 [ 114.415363] do_syscall_64+0xbf/0x360 [ 114.415384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.415404] RIP: 0033:0x7fdbc813bb19 [ 114.415419] Code: Unable to access opcode bytes at 0x7fdbc813baef. [ 114.415429] RSP: 002b:00007fff92f39958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 114.415449] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fdbc813bb19 [ 114.415462] RDX: 00007fdbc80ee72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 114.415475] RBP: 0000000000000000 R08: 0000001b2d428270 R09: 0000000000000000 [ 114.415488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.415500] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff92f39a40 [ 114.415528] [ 114.415535] kmemleak: Object (percpu) 0x607f1a639ba4 (size 8): [ 114.415547] kmemleak: comm "syz-executor.2", pid 4144, jiffies 4294781208 [ 114.415560] kmemleak: min_count = 1 [ 114.415566] kmemleak: count = 0 [ 114.415573] kmemleak: flags = 0x21 [ 114.415580] kmemleak: checksum = 0 [ 114.415586] kmemleak: backtrace: [ 114.415593] pcpu_alloc_noprof+0x87a/0x1170 [ 114.415620] alloc_vfsmnt+0x135/0x6e0 [ 114.415644] vfs_create_mount.part.0+0x40/0x440 [ 114.415670] path_mount+0x1637/0x1dd0 [ 114.415689] __x64_sys_mount+0x27b/0x300 [ 114.415709] do_syscall_64+0xbf/0x360 [ 114.415724] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:34:44 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 08:34:44 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') 08:34:44 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x28, r1, 0xe8d1d2a726c149b9, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 08:34:44 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 08:34:44 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/245, 0xf5}], 0x1) [ 114.544991] kmemleak: Found object by alias at 0x607f1a638f4c [ 114.545012] CPU: 1 UID: 0 PID: 4156 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.545030] Tainted: [W]=WARN [ 114.545033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.545040] Call Trace: [ 114.545044] [ 114.545049] dump_stack_lvl+0xca/0x120 [ 114.545077] __lookup_object+0x94/0xb0 [ 114.545094] delete_object_full+0x27/0x70 [ 114.545113] free_percpu+0x30/0x1160 [ 114.545129] ? arch_uprobe_clear_state+0x16/0x140 [ 114.545149] futex_hash_free+0x38/0xc0 [ 114.545163] mmput+0x2d3/0x390 [ 114.545182] do_exit+0x79d/0x2970 [ 114.545194] ? signal_wake_up_state+0x85/0x120 [ 114.545210] ? zap_other_threads+0x2b9/0x3a0 [ 114.545226] ? __pfx_do_exit+0x10/0x10 [ 114.545238] ? do_group_exit+0x1c3/0x2a0 [ 114.545251] ? lock_release+0xc8/0x290 [ 114.545268] do_group_exit+0xd3/0x2a0 [ 114.545282] __x64_sys_exit_group+0x3e/0x50 [ 114.545295] x64_sys_call+0x18c5/0x18d0 [ 114.545311] do_syscall_64+0xbf/0x360 [ 114.545323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.545334] RIP: 0033:0x7f339a191b19 [ 114.545343] Code: Unable to access opcode bytes at 0x7f339a191aef. [ 114.545348] RSP: 002b:00007ffde206e2c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 114.545360] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f339a191b19 [ 114.545367] RDX: 00007f339a14472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 114.545374] RBP: 0000000000000000 R08: 0000001b2ce25af4 R09: 0000000000000000 [ 114.545381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.545387] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffde206e3b0 [ 114.545403] [ 114.545406] kmemleak: Object (percpu) 0x607f1a638f48 (size 8): [ 114.545413] kmemleak: comm "syz-executor.6", pid 4131, jiffies 4294781018 [ 114.545420] kmemleak: min_count = 1 [ 114.545424] kmemleak: count = 1 [ 114.545427] kmemleak: flags = 0x21 [ 114.545431] kmemleak: checksum = 0 [ 114.545435] kmemleak: backtrace: [ 114.545438] pcpu_alloc_noprof+0x87a/0x1170 [ 114.545453] __alloc_workqueue+0x74b/0x1820 [ 114.545470] alloc_workqueue_noprof+0xc7/0x200 [ 114.545479] loop_configure+0xf73/0x1590 [ 114.545492] lo_ioctl+0x66d/0x1c70 [ 114.545505] blkdev_ioctl+0x27c/0x6c0 [ 114.545522] __x64_sys_ioctl+0x18f/0x210 [ 114.545536] do_syscall_64+0xbf/0x360 [ 114.545544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.606269] audit: type=1400 audit(1756456484.201:18): avc: denied { read } for pid=4163 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:34:44 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x28, r1, 0xe8d1d2a726c149b9, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 08:34:44 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x28, r1, 0xe8d1d2a726c149b9, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 08:34:44 executing program 5: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:44 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') 08:34:44 executing program 3: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:44 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:44 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/245, 0xf5}], 0x1) 08:34:44 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') 08:34:44 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') 08:34:44 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/245, 0xf5}], 0x1) 08:34:45 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:45 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') 08:34:45 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/245, 0xf5}], 0x1) 08:34:45 executing program 3: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:34:45 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') 08:34:45 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/245, 0xf5}], 0x1) 08:34:45 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000100)) 08:34:45 executing program 5: r0 = memfd_create(&(0x7f0000000000)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{yt\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x3) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0xfffffd1f) fcntl$addseals(r0, 0x409, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 115.614019] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 115.614934] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.615532] CPU: 0 UID: 0 PID: 4208 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.616479] Tainted: [W]=WARN [ 115.616730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.617755] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.619000] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.623610] RSP: 0018:ffff8880422d7780 EFLAGS: 00010012 [ 115.624840] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900015f0000 [ 115.626510] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.627580] RBP: ffff8880422d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15f48 [ 115.628139] R10: 0000000000000000 R11: ffff88801dc49098 R12: dffffc0000000000 [ 115.628690] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.629253] FS: 00007f4b9c632700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.629876] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.630331] CR2: 00007f4b9f1d0018 CR3: 000000004318a000 CR4: 0000000000350ef0 [ 115.630890] Call Trace: [ 115.631099] [ 115.631281] ? __pfx_perf_tp_event+0x10/0x10 [ 115.631632] ? __kernel_text_address+0xd/0x40 [ 115.631996] ? arch_stack_walk+0x9c/0xf0 [ 115.632329] ? __lock_acquire+0x694/0x1b70 [ 115.632667] ? __lock_acquire+0x694/0x1b70 [ 115.633016] ? lock_acquire+0x15e/0x2f0 [ 115.633335] ? __is_insn_slot_addr+0x2e/0x290 [ 115.633701] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.634101] perf_trace_run_bpf_submit+0xef/0x180 [ 115.634491] perf_trace_preemptirq_template+0x259/0x430 [ 115.634914] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 115.635353] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.635823] ? __pfx___resched_curr+0x10/0x10 [ 115.636185] ? find_held_lock+0x2b/0x80 [ 115.636509] ? try_to_wake_up+0x8ae/0x11d0 [ 115.636850] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 115.637263] trace_irq_enable.constprop.0+0xa6/0x100 [ 115.637663] trace_hardirqs_on+0x26/0x40 [ 115.637982] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 115.638378] try_to_wake_up+0x8ae/0x11d0 [ 115.638705] ? __pfx_try_to_wake_up+0x10/0x10 [ 115.639065] ? plist_del+0x122/0x270 [ 115.639369] ? find_held_lock+0x2b/0x80 [ 115.639690] ? futex_wake+0x474/0x540 [ 115.639997] wake_up_q+0xa1/0x130 [ 115.640280] futex_wake+0x47e/0x540 [ 115.640573] ? __pfx_futex_wake+0x10/0x10 [ 115.640904] ? lock_acquire+0x15e/0x2f0 [ 115.641228] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.641697] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.642162] ? lock_release+0xc8/0x290 [ 115.642472] do_futex+0x26d/0x370 [ 115.642753] ? __pfx_do_futex+0x10/0x10 [ 115.643068] ? kasan_quarantine_put+0x84/0x1e0 [ 115.643435] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.643847] ? kasan_quarantine_put+0x84/0x1e0 [ 115.644213] __x64_sys_futex+0x1c9/0x4d0 [ 115.644534] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.645005] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.645376] ? __x64_sys_memfd_create+0x1cd/0x280 [ 115.645764] ? __pfx___x64_sys_memfd_create+0x10/0x10 [ 115.646180] do_syscall_64+0xbf/0x360 [ 115.646484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.646892] RIP: 0033:0x7f4b9f0bcb19 [ 115.647183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.648592] RSP: 002b:00007f4b9c632218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.649188] RAX: ffffffffffffffda RBX: 00007f4b9f1cff68 RCX: 00007f4b9f0bcb19 [ 115.649745] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4b9f1cff6c [ 115.650297] RBP: 00007f4b9f1cff60 R08: 000000000000000e R09: 0000000000000000 [ 115.650850] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4b9f1cff6c [ 115.651413] R13: 00007ffce676dd7f R14: 00007f4b9c632300 R15: 0000000000022000 [ 115.651971] [ 115.652158] Modules linked in: [ 115.652420] ---[ end trace 0000000000000000 ]--- [ 115.652789] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.653169] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.654595] RSP: 0018:ffff8880422d7780 EFLAGS: 00010012 [ 115.655013] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900015f0000 [ 115.655562] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.656111] RBP: ffff8880422d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15f48 [ 115.656663] R10: 0000000000000000 R11: ffff88801dc49098 R12: dffffc0000000000 [ 115.657223] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.657778] FS: 00007f4b9c632700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.658399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.658849] CR2: 00007f4b9f1d0018 CR3: 000000004318a000 CR4: 0000000000350ef0 [ 115.659400] note: syz-executor.0[4208] exited with irqs disabled [ 115.659926] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 115.660792] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.661383] CPU: 0 UID: 0 PID: 4208 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.662307] Tainted: [D]=DIE, [W]=WARN [ 115.662608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.663240] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.663621] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.665034] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 115.665446] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.665994] RDX: ffff88800f4fb700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.666544] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15f48 [ 115.667092] R10: 0000000000000000 R11: ffff88801e8cec98 R12: dffffc0000000000 [ 115.667648] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 115.668197] FS: 00007f4b9c632700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.668820] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.669275] CR2: 00007f4b9f1d0018 CR3: 000000004318a000 CR4: 0000000000350ef0 [ 115.669825] Call Trace: [ 115.670028] [ 115.670205] ? __pfx_perf_tp_event+0x10/0x10 [ 115.670565] ? enqueue_task_fair+0xded/0x1e00 [ 115.670921] ? check_preempt_wakeup_fair+0x6e/0x950 [ 115.671316] ? wakeup_preempt+0x140/0x2a0 [ 115.671644] ? lock_release+0x1c7/0x290 [ 115.671957] ? lock_release+0x1c7/0x290 [ 115.672271] ? do_raw_spin_unlock+0x53/0x220 [ 115.672620] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 115.673027] ? try_to_wake_up+0x8ae/0x11d0 [ 115.673365] ? do_raw_spin_lock+0x123/0x260 [ 115.673705] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 115.674074] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.674468] perf_trace_run_bpf_submit+0xef/0x180 [ 115.674850] perf_trace_preemptirq_template+0x259/0x430 [ 115.675274] ? read_tsc+0x9/0x20 [ 115.675548] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.676010] ? clockevents_program_event+0x135/0x360 [ 115.676416] ? tick_program_event+0xac/0x140 [ 115.676766] ? handle_softirqs+0x16e/0x770 [ 115.677115] trace_irq_enable.constprop.0+0xa6/0x100 [ 115.677514] trace_hardirqs_on+0x26/0x40 [ 115.677831] handle_softirqs+0x16e/0x770 [ 115.678157] __irq_exit_rcu+0xc4/0x100 [ 115.678470] irq_exit_rcu+0x9/0x20 [ 115.678750] sysvec_apic_timer_interrupt+0x70/0x80 [ 115.679139] [ 115.679318] [ 115.679501] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.679912] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 115.680280] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 115.681683] RSP: 0018:ffff8880422d7f28 EFLAGS: 00000246 [ 115.682099] RAX: 0000000000000001 RBX: ffff88800f4fb700 RCX: ffffffff817c2b86 [ 115.682646] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 115.683194] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 115.683754] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800f4fb700 [ 115.684304] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 115.684856] ? trace_irq_enable.constprop.0+0x26/0x100 [ 115.685277] ? make_task_dead+0x214/0x3b0 [ 115.685607] ? make_task_dead+0x214/0x3b0 [ 115.685936] ? do_syscall_64+0xbf/0x360 [ 115.686252] rewind_stack_and_make_dead+0x16/0x20 [ 115.686640] RIP: 0033:0x7f4b9f0bcb19 [ 115.686930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.688325] RSP: 002b:00007f4b9c632218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.688912] RAX: ffffffffffffffda RBX: 00007f4b9f1cff68 RCX: 00007f4b9f0bcb19 [ 115.689471] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4b9f1cff6c [ 115.690022] RBP: 00007f4b9f1cff60 R08: 000000000000000e R09: 0000000000000000 [ 115.690572] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4b9f1cff6c [ 115.691121] R13: 00007ffce676dd7f R14: 00007f4b9c632300 R15: 0000000000022000 [ 115.691674] [ 115.691861] Modules linked in: [ 115.692116] ---[ end trace 0000000000000000 ]--- [ 115.692484] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.692858] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.694269] RSP: 0018:ffff8880422d7780 EFLAGS: 00010012 [ 115.694686] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900015f0000 [ 115.695235] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.695787] RBP: ffff8880422d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15f48 [ 115.696339] R10: 0000000000000000 R11: ffff88801dc49098 R12: dffffc0000000000 [ 115.696893] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.697454] FS: 00007f4b9c632700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.698078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.698536] CR2: 00007f4b9f1d0018 CR3: 000000004318a000 CR4: 0000000000350ef0 [ 115.699087] Kernel panic - not syncing: Fatal exception in interrupt [ 115.699771] Kernel Offset: disabled [ 115.700057] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:34:45 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880422d7070 R8 =0000000000000000 R9 =ffffed10014eb046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4b9c632700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4b9f1d0018 CR3=000000004318a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f4b9f1a37c000007f4b9f1a37c8 XMM02=00007f4b9f1a37e000007f4b9f1a37c0 XMM03=00007f4b9f1a37c800007f4b9f1a37c0 XMM04=b4bd7b88c58f3ab18698a8645416ce02 XMM05=fc6e5dc53c4281a326ab731c5be27f8f XMM06=53d4ae0d90c666beb889c1518f6c326a XMM07=a1b708c8dc784c4a0b465e46eea0032d XMM08=d54b186da2a6ce54d1248a02c1ad8fea XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff81a1d0a1 RBX=00000000200fc000 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff888042819f7c RBP=ffff88804358f898 RSP=ffff88804358f7c0 R8 =0000000000000000 R9 =0000000000000000 R10=000000001e872007 R11=0000000000000000 R12=00000000200fc000 R13=ffff88800d34a800 R14=ffff88800d34a800 R15=ffff8880434d1000 RIP=ffffffff81a1d0a6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb5ee9a5700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000200fc000 CR3=000000001f1a3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=7269762f736563697665642f7379732f XMM01=2f6b636f6c622f6c6175747269762f73 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=000055de7058972000000002ffffffff XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000