Warning: Permanently added '[localhost]:64987' (ECDSA) to the list of known hosts. 2025/08/29 13:23:36 fuzzer started 2025/08/29 13:23:36 dialing manager at localhost:43077 syzkaller login: [ 52.304158] cgroup: Unknown subsys name 'net' [ 52.448545] cgroup: Unknown subsys name 'cpuset' [ 52.509263] cgroup: Unknown subsys name 'rlimit' 2025/08/29 13:23:47 syscalls: 2214 2025/08/29 13:23:47 code coverage: enabled 2025/08/29 13:23:47 comparison tracing: enabled 2025/08/29 13:23:47 extra coverage: enabled 2025/08/29 13:23:47 setuid sandbox: enabled 2025/08/29 13:23:47 namespace sandbox: enabled 2025/08/29 13:23:47 Android sandbox: enabled 2025/08/29 13:23:47 fault injection: enabled 2025/08/29 13:23:47 leak checking: enabled 2025/08/29 13:23:47 net packet injection: enabled 2025/08/29 13:23:47 net device setup: enabled 2025/08/29 13:23:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 13:23:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 13:23:47 USB emulation: enabled 2025/08/29 13:23:47 hci packet injection: enabled 2025/08/29 13:23:47 wifi device emulation: enabled 2025/08/29 13:23:47 802.15.4 emulation: enabled 2025/08/29 13:23:47 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 13:23:47 fetching corpus: 49, signal 20324/23916 (executing program) 2025/08/29 13:23:47 fetching corpus: 99, signal 30515/35608 (executing program) 2025/08/29 13:23:47 fetching corpus: 149, signal 39948/46390 (executing program) 2025/08/29 13:23:48 fetching corpus: 199, signal 48248/55836 (executing program) 2025/08/29 13:23:48 fetching corpus: 249, signal 53642/62495 (executing program) 2025/08/29 13:23:48 fetching corpus: 299, signal 57476/67547 (executing program) 2025/08/29 13:23:48 fetching corpus: 349, signal 62242/73355 (executing program) 2025/08/29 13:23:48 fetching corpus: 399, signal 65936/78061 (executing program) 2025/08/29 13:23:48 fetching corpus: 449, signal 68918/82062 (executing program) 2025/08/29 13:23:48 fetching corpus: 499, signal 71343/85520 (executing program) 2025/08/29 13:23:48 fetching corpus: 549, signal 76304/91199 (executing program) 2025/08/29 13:23:48 fetching corpus: 599, signal 78534/94417 (executing program) 2025/08/29 13:23:49 fetching corpus: 649, signal 81205/97938 (executing program) 2025/08/29 13:23:49 fetching corpus: 699, signal 83895/101337 (executing program) 2025/08/29 13:23:49 fetching corpus: 749, signal 86666/104890 (executing program) 2025/08/29 13:23:49 fetching corpus: 799, signal 89127/108089 (executing program) 2025/08/29 13:23:49 fetching corpus: 849, signal 91251/110980 (executing program) 2025/08/29 13:23:49 fetching corpus: 899, signal 92506/113071 (executing program) 2025/08/29 13:23:49 fetching corpus: 949, signal 94529/115783 (executing program) 2025/08/29 13:23:49 fetching corpus: 999, signal 96850/118690 (executing program) 2025/08/29 13:23:49 fetching corpus: 1049, signal 98048/120668 (executing program) 2025/08/29 13:23:49 fetching corpus: 1099, signal 99631/122957 (executing program) 2025/08/29 13:23:50 fetching corpus: 1149, signal 101678/125580 (executing program) 2025/08/29 13:23:50 fetching corpus: 1199, signal 103141/127678 (executing program) 2025/08/29 13:23:50 fetching corpus: 1249, signal 104406/129610 (executing program) 2025/08/29 13:23:50 fetching corpus: 1298, signal 105538/131410 (executing program) 2025/08/29 13:23:50 fetching corpus: 1348, signal 107001/133437 (executing program) 2025/08/29 13:23:50 fetching corpus: 1398, signal 109398/136116 (executing program) 2025/08/29 13:23:50 fetching corpus: 1448, signal 110028/137448 (executing program) 2025/08/29 13:23:50 fetching corpus: 1498, signal 112143/139859 (executing program) 2025/08/29 13:23:50 fetching corpus: 1548, signal 113342/141596 (executing program) 2025/08/29 13:23:50 fetching corpus: 1598, signal 114401/143178 (executing program) 2025/08/29 13:23:51 fetching corpus: 1648, signal 115536/144826 (executing program) 2025/08/29 13:23:51 fetching corpus: 1698, signal 116507/146289 (executing program) 2025/08/29 13:23:51 fetching corpus: 1748, signal 117732/147938 (executing program) 2025/08/29 13:23:51 fetching corpus: 1798, signal 118707/149394 (executing program) 2025/08/29 13:23:51 fetching corpus: 1848, signal 119469/150638 (executing program) 2025/08/29 13:23:51 fetching corpus: 1898, signal 120823/152256 (executing program) 2025/08/29 13:23:51 fetching corpus: 1948, signal 121827/153704 (executing program) 2025/08/29 13:23:51 fetching corpus: 1998, signal 122848/155136 (executing program) 2025/08/29 13:23:51 fetching corpus: 2048, signal 123786/156502 (executing program) 2025/08/29 13:23:51 fetching corpus: 2098, signal 124473/157666 (executing program) 2025/08/29 13:23:51 fetching corpus: 2148, signal 125129/158813 (executing program) 2025/08/29 13:23:52 fetching corpus: 2198, signal 125893/160022 (executing program) 2025/08/29 13:23:52 fetching corpus: 2248, signal 126983/161407 (executing program) 2025/08/29 13:23:52 fetching corpus: 2298, signal 127735/162569 (executing program) 2025/08/29 13:23:52 fetching corpus: 2348, signal 129132/164040 (executing program) 2025/08/29 13:23:52 fetching corpus: 2398, signal 130137/165252 (executing program) 2025/08/29 13:23:52 fetching corpus: 2448, signal 131108/166418 (executing program) 2025/08/29 13:23:52 fetching corpus: 2497, signal 131711/167443 (executing program) 2025/08/29 13:23:53 fetching corpus: 2547, signal 132437/168507 (executing program) 2025/08/29 13:23:53 fetching corpus: 2597, signal 133135/169528 (executing program) 2025/08/29 13:23:53 fetching corpus: 2647, signal 134384/170808 (executing program) 2025/08/29 13:23:53 fetching corpus: 2697, signal 135104/171802 (executing program) 2025/08/29 13:23:53 fetching corpus: 2746, signal 135689/172712 (executing program) 2025/08/29 13:23:53 fetching corpus: 2796, signal 136546/173759 (executing program) 2025/08/29 13:23:53 fetching corpus: 2846, signal 137277/174763 (executing program) 2025/08/29 13:23:53 fetching corpus: 2896, signal 138045/175722 (executing program) 2025/08/29 13:23:53 fetching corpus: 2946, signal 138775/176620 (executing program) 2025/08/29 13:23:53 fetching corpus: 2996, signal 139530/177550 (executing program) 2025/08/29 13:23:53 fetching corpus: 3046, signal 140013/178349 (executing program) 2025/08/29 13:23:54 fetching corpus: 3096, signal 141056/179347 (executing program) 2025/08/29 13:23:54 fetching corpus: 3146, signal 141793/180218 (executing program) 2025/08/29 13:23:54 fetching corpus: 3196, signal 142461/181058 (executing program) 2025/08/29 13:23:54 fetching corpus: 3246, signal 143229/181901 (executing program) 2025/08/29 13:23:54 fetching corpus: 3296, signal 144180/182852 (executing program) 2025/08/29 13:23:54 fetching corpus: 3346, signal 144711/183654 (executing program) 2025/08/29 13:23:54 fetching corpus: 3396, signal 145470/184462 (executing program) 2025/08/29 13:23:54 fetching corpus: 3446, signal 146000/185218 (executing program) 2025/08/29 13:23:54 fetching corpus: 3496, signal 146408/185942 (executing program) 2025/08/29 13:23:54 fetching corpus: 3546, signal 146903/186629 (executing program) 2025/08/29 13:23:54 fetching corpus: 3596, signal 147579/187372 (executing program) 2025/08/29 13:23:55 fetching corpus: 3646, signal 148344/188140 (executing program) 2025/08/29 13:23:55 fetching corpus: 3696, signal 148904/188822 (executing program) 2025/08/29 13:23:55 fetching corpus: 3746, signal 149414/189524 (executing program) 2025/08/29 13:23:55 fetching corpus: 3796, signal 149867/190151 (executing program) 2025/08/29 13:23:55 fetching corpus: 3846, signal 150426/190872 (executing program) 2025/08/29 13:23:55 fetching corpus: 3895, signal 151351/191637 (executing program) 2025/08/29 13:23:55 fetching corpus: 3945, signal 151748/192247 (executing program) 2025/08/29 13:23:55 fetching corpus: 3995, signal 152121/192819 (executing program) 2025/08/29 13:23:55 fetching corpus: 4045, signal 152671/193409 (executing program) 2025/08/29 13:23:55 fetching corpus: 4095, signal 153288/194027 (executing program) 2025/08/29 13:23:55 fetching corpus: 4145, signal 153790/194609 (executing program) 2025/08/29 13:23:56 fetching corpus: 4195, signal 154281/195248 (executing program) 2025/08/29 13:23:56 fetching corpus: 4245, signal 154696/195804 (executing program) 2025/08/29 13:23:56 fetching corpus: 4295, signal 155128/196305 (executing program) 2025/08/29 13:23:56 fetching corpus: 4345, signal 155635/196889 (executing program) 2025/08/29 13:23:56 fetching corpus: 4395, signal 156064/197402 (executing program) 2025/08/29 13:23:56 fetching corpus: 4445, signal 156642/197921 (executing program) 2025/08/29 13:23:56 fetching corpus: 4495, signal 157217/198426 (executing program) 2025/08/29 13:23:56 fetching corpus: 4545, signal 157605/198922 (executing program) 2025/08/29 13:23:56 fetching corpus: 4595, signal 158190/199432 (executing program) 2025/08/29 13:23:56 fetching corpus: 4645, signal 158843/200056 (executing program) 2025/08/29 13:23:57 fetching corpus: 4695, signal 159319/200559 (executing program) 2025/08/29 13:23:57 fetching corpus: 4745, signal 159704/201020 (executing program) 2025/08/29 13:23:57 fetching corpus: 4795, signal 160354/201553 (executing program) 2025/08/29 13:23:57 fetching corpus: 4845, signal 160723/201995 (executing program) 2025/08/29 13:23:57 fetching corpus: 4895, signal 162608/202207 (executing program) 2025/08/29 13:23:57 fetching corpus: 4945, signal 163015/202230 (executing program) 2025/08/29 13:23:57 fetching corpus: 4995, signal 163366/202234 (executing program) 2025/08/29 13:23:57 fetching corpus: 5045, signal 163650/202238 (executing program) 2025/08/29 13:23:57 fetching corpus: 5095, signal 164588/202261 (executing program) 2025/08/29 13:23:57 fetching corpus: 5145, signal 165223/202275 (executing program) 2025/08/29 13:23:57 fetching corpus: 5195, signal 165569/202278 (executing program) 2025/08/29 13:23:58 fetching corpus: 5245, signal 165973/202293 (executing program) 2025/08/29 13:23:58 fetching corpus: 5295, signal 166252/202311 (executing program) 2025/08/29 13:23:58 fetching corpus: 5345, signal 166600/202314 (executing program) 2025/08/29 13:23:58 fetching corpus: 5395, signal 167199/202324 (executing program) 2025/08/29 13:23:58 fetching corpus: 5445, signal 167521/202329 (executing program) 2025/08/29 13:23:58 fetching corpus: 5495, signal 167815/202370 (executing program) 2025/08/29 13:23:58 fetching corpus: 5545, signal 168194/202375 (executing program) 2025/08/29 13:23:58 fetching corpus: 5595, signal 168584/202381 (executing program) 2025/08/29 13:23:58 fetching corpus: 5645, signal 168835/202389 (executing program) 2025/08/29 13:23:58 fetching corpus: 5695, signal 169206/202409 (executing program) 2025/08/29 13:23:58 fetching corpus: 5745, signal 169623/202480 (executing program) 2025/08/29 13:23:58 fetching corpus: 5795, signal 170120/202488 (executing program) 2025/08/29 13:23:58 fetching corpus: 5845, signal 170526/202491 (executing program) 2025/08/29 13:23:59 fetching corpus: 5895, signal 171346/202497 (executing program) 2025/08/29 13:23:59 fetching corpus: 5945, signal 171844/202597 (executing program) 2025/08/29 13:23:59 fetching corpus: 5995, signal 172281/202598 (executing program) 2025/08/29 13:23:59 fetching corpus: 6045, signal 172604/202609 (executing program) 2025/08/29 13:23:59 fetching corpus: 6095, signal 173008/202645 (executing program) 2025/08/29 13:23:59 fetching corpus: 6145, signal 173339/202647 (executing program) 2025/08/29 13:23:59 fetching corpus: 6195, signal 173697/202667 (executing program) 2025/08/29 13:23:59 fetching corpus: 6245, signal 174158/202671 (executing program) 2025/08/29 13:23:59 fetching corpus: 6295, signal 174481/202684 (executing program) 2025/08/29 13:24:00 fetching corpus: 6345, signal 175102/202694 (executing program) 2025/08/29 13:24:00 fetching corpus: 6394, signal 175431/202699 (executing program) 2025/08/29 13:24:00 fetching corpus: 6444, signal 175685/202707 (executing program) 2025/08/29 13:24:00 fetching corpus: 6493, signal 176115/202708 (executing program) 2025/08/29 13:24:00 fetching corpus: 6543, signal 176485/202711 (executing program) 2025/08/29 13:24:00 fetching corpus: 6593, signal 176777/202737 (executing program) 2025/08/29 13:24:00 fetching corpus: 6643, signal 177046/202743 (executing program) 2025/08/29 13:24:00 fetching corpus: 6693, signal 177374/202760 (executing program) 2025/08/29 13:24:00 fetching corpus: 6743, signal 177709/202765 (executing program) 2025/08/29 13:24:00 fetching corpus: 6793, signal 177986/202769 (executing program) 2025/08/29 13:24:00 fetching corpus: 6843, signal 178185/202778 (executing program) 2025/08/29 13:24:00 fetching corpus: 6893, signal 178487/202821 (executing program) 2025/08/29 13:24:01 fetching corpus: 6943, signal 178730/202829 (executing program) 2025/08/29 13:24:01 fetching corpus: 6993, signal 178967/202837 (executing program) 2025/08/29 13:24:01 fetching corpus: 7043, signal 179243/202844 (executing program) 2025/08/29 13:24:01 fetching corpus: 7093, signal 179546/202848 (executing program) 2025/08/29 13:24:01 fetching corpus: 7143, signal 179863/202899 (executing program) 2025/08/29 13:24:01 fetching corpus: 7193, signal 180252/202906 (executing program) 2025/08/29 13:24:01 fetching corpus: 7243, signal 180640/202908 (executing program) 2025/08/29 13:24:01 fetching corpus: 7293, signal 180973/202915 (executing program) 2025/08/29 13:24:01 fetching corpus: 7343, signal 181189/202915 (executing program) 2025/08/29 13:24:01 fetching corpus: 7393, signal 181430/202918 (executing program) 2025/08/29 13:24:01 fetching corpus: 7443, signal 181884/202928 (executing program) 2025/08/29 13:24:02 fetching corpus: 7493, signal 182134/202939 (executing program) 2025/08/29 13:24:02 fetching corpus: 7543, signal 182430/202953 (executing program) 2025/08/29 13:24:02 fetching corpus: 7593, signal 182760/202957 (executing program) 2025/08/29 13:24:02 fetching corpus: 7643, signal 183451/202958 (executing program) 2025/08/29 13:24:02 fetching corpus: 7693, signal 183696/202983 (executing program) 2025/08/29 13:24:02 fetching corpus: 7743, signal 184034/203008 (executing program) 2025/08/29 13:24:02 fetching corpus: 7793, signal 184285/203013 (executing program) 2025/08/29 13:24:02 fetching corpus: 7843, signal 184485/203013 (executing program) 2025/08/29 13:24:02 fetching corpus: 7893, signal 184763/203018 (executing program) 2025/08/29 13:24:02 fetching corpus: 7943, signal 185054/203018 (executing program) 2025/08/29 13:24:02 fetching corpus: 7993, signal 185357/203029 (executing program) 2025/08/29 13:24:02 fetching corpus: 8043, signal 185684/203033 (executing program) 2025/08/29 13:24:02 fetching corpus: 8093, signal 186044/203037 (executing program) 2025/08/29 13:24:03 fetching corpus: 8143, signal 186335/203058 (executing program) 2025/08/29 13:24:03 fetching corpus: 8193, signal 186620/203063 (executing program) 2025/08/29 13:24:03 fetching corpus: 8243, signal 186975/203080 (executing program) 2025/08/29 13:24:03 fetching corpus: 8293, signal 187375/203102 (executing program) 2025/08/29 13:24:03 fetching corpus: 8343, signal 187544/203103 (executing program) 2025/08/29 13:24:03 fetching corpus: 8393, signal 187855/203103 (executing program) 2025/08/29 13:24:03 fetching corpus: 8443, signal 188087/203114 (executing program) 2025/08/29 13:24:03 fetching corpus: 8493, signal 188482/203144 (executing program) 2025/08/29 13:24:03 fetching corpus: 8543, signal 188775/203162 (executing program) 2025/08/29 13:24:03 fetching corpus: 8593, signal 189058/203164 (executing program) 2025/08/29 13:24:03 fetching corpus: 8643, signal 189430/203164 (executing program) 2025/08/29 13:24:04 fetching corpus: 8693, signal 189678/203172 (executing program) 2025/08/29 13:24:04 fetching corpus: 8743, signal 189883/203191 (executing program) 2025/08/29 13:24:04 fetching corpus: 8793, signal 190155/203197 (executing program) 2025/08/29 13:24:04 fetching corpus: 8843, signal 190390/203197 (executing program) 2025/08/29 13:24:04 fetching corpus: 8893, signal 190573/203201 (executing program) 2025/08/29 13:24:04 fetching corpus: 8943, signal 190822/203205 (executing program) 2025/08/29 13:24:04 fetching corpus: 8993, signal 191145/203206 (executing program) 2025/08/29 13:24:04 fetching corpus: 9043, signal 191361/203214 (executing program) 2025/08/29 13:24:04 fetching corpus: 9093, signal 191521/203215 (executing program) 2025/08/29 13:24:04 fetching corpus: 9143, signal 191830/203219 (executing program) 2025/08/29 13:24:05 fetching corpus: 9193, signal 192048/203221 (executing program) 2025/08/29 13:24:05 fetching corpus: 9243, signal 192267/203225 (executing program) 2025/08/29 13:24:05 fetching corpus: 9293, signal 192483/203240 (executing program) 2025/08/29 13:24:05 fetching corpus: 9343, signal 192694/203242 (executing program) 2025/08/29 13:24:05 fetching corpus: 9393, signal 192866/203252 (executing program) 2025/08/29 13:24:05 fetching corpus: 9443, signal 193050/203258 (executing program) 2025/08/29 13:24:05 fetching corpus: 9493, signal 193228/203259 (executing program) 2025/08/29 13:24:05 fetching corpus: 9543, signal 193522/203278 (executing program) 2025/08/29 13:24:05 fetching corpus: 9593, signal 193800/203326 (executing program) 2025/08/29 13:24:05 fetching corpus: 9643, signal 194125/203386 (executing program) 2025/08/29 13:24:05 fetching corpus: 9693, signal 194273/203388 (executing program) 2025/08/29 13:24:05 fetching corpus: 9743, signal 194409/203394 (executing program) 2025/08/29 13:24:06 fetching corpus: 9793, signal 194650/203396 (executing program) 2025/08/29 13:24:06 fetching corpus: 9843, signal 194855/203423 (executing program) 2025/08/29 13:24:06 fetching corpus: 9893, signal 195537/203429 (executing program) 2025/08/29 13:24:06 fetching corpus: 9942, signal 195742/203429 (executing program) 2025/08/29 13:24:06 fetching corpus: 9992, signal 196099/203438 (executing program) 2025/08/29 13:24:06 fetching corpus: 10042, signal 196361/203439 (executing program) 2025/08/29 13:24:06 fetching corpus: 10092, signal 196642/203450 (executing program) 2025/08/29 13:24:06 fetching corpus: 10142, signal 196828/203451 (executing program) 2025/08/29 13:24:06 fetching corpus: 10192, signal 197001/203453 (executing program) 2025/08/29 13:24:06 fetching corpus: 10242, signal 197189/203457 (executing program) 2025/08/29 13:24:06 fetching corpus: 10292, signal 197419/203460 (executing program) 2025/08/29 13:24:06 fetching corpus: 10342, signal 197718/203461 (executing program) 2025/08/29 13:24:07 fetching corpus: 10392, signal 197890/203465 (executing program) 2025/08/29 13:24:07 fetching corpus: 10442, signal 198097/203468 (executing program) 2025/08/29 13:24:07 fetching corpus: 10492, signal 198487/203469 (executing program) 2025/08/29 13:24:07 fetching corpus: 10542, signal 198663/203472 (executing program) 2025/08/29 13:24:07 fetching corpus: 10592, signal 198947/203486 (executing program) 2025/08/29 13:24:07 fetching corpus: 10642, signal 199201/203487 (executing program) 2025/08/29 13:24:07 fetching corpus: 10692, signal 199378/203487 (executing program) 2025/08/29 13:24:07 fetching corpus: 10703, signal 199438/203487 (executing program) 2025/08/29 13:24:07 fetching corpus: 10703, signal 199438/203487 (executing program) 2025/08/29 13:24:10 starting 8 fuzzer processes 13:24:10 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000400)={0x800180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000240)=""/202, &(0x7f00000003c0)=[0xffffffffffffffff], 0x1}, 0x58) 13:24:10 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() pidfd_open(r0, 0x0) 13:24:10 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x4b46, &(0x7f00000000c0)) 13:24:10 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000140)=@ethtool_eee={0x44}}) 13:24:10 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000000)=""/52, 0x34, 0x3) 13:24:10 executing program 3: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) 13:24:10 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e29b005f9700000020b978657d17480824"}) 13:24:10 executing program 6: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x41}]) [ 85.589686] audit: type=1400 audit(1756473850.351:7): avc: denied { execmem } for pid=275 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 86.908682] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.911475] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.914574] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.916357] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.919314] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.923075] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.925596] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.932448] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.935095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.936711] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.980610] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.989393] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.998248] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.003011] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.008068] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.012166] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.014671] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.016626] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.016653] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.023853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.024315] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.026185] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.027026] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.035993] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.037810] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.043120] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.044587] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.046646] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.052893] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.054249] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.056369] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.057388] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.058080] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.059891] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.062701] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.065155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.076085] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.077630] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.080092] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.081292] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.992079] Bluetooth: hci1: command tx timeout [ 89.054887] Bluetooth: hci0: command tx timeout [ 89.120763] Bluetooth: hci3: command tx timeout [ 89.121272] Bluetooth: hci2: command tx timeout [ 89.122026] Bluetooth: hci4: command tx timeout [ 89.183039] Bluetooth: hci6: command tx timeout [ 89.183516] Bluetooth: hci7: command tx timeout [ 89.184301] Bluetooth: hci5: command tx timeout [ 91.039230] Bluetooth: hci1: command tx timeout [ 91.102820] Bluetooth: hci0: command tx timeout [ 91.166984] Bluetooth: hci3: command tx timeout [ 91.168467] Bluetooth: hci2: command tx timeout [ 91.169785] Bluetooth: hci4: command tx timeout [ 91.230796] Bluetooth: hci7: command tx timeout [ 91.231201] Bluetooth: hci6: command tx timeout [ 91.231227] Bluetooth: hci5: command tx timeout [ 93.086837] Bluetooth: hci1: command tx timeout [ 93.152843] Bluetooth: hci0: command tx timeout [ 93.214798] Bluetooth: hci2: command tx timeout [ 93.214826] Bluetooth: hci4: command tx timeout [ 93.215199] Bluetooth: hci3: command tx timeout [ 93.278865] Bluetooth: hci7: command tx timeout [ 93.278898] Bluetooth: hci6: command tx timeout [ 93.280477] Bluetooth: hci5: command tx timeout [ 95.135807] Bluetooth: hci1: command tx timeout [ 95.201840] Bluetooth: hci0: command tx timeout [ 95.262965] Bluetooth: hci3: command tx timeout [ 95.263033] Bluetooth: hci4: command tx timeout [ 95.263933] Bluetooth: hci2: command tx timeout [ 95.326796] Bluetooth: hci5: command tx timeout [ 95.327202] Bluetooth: hci7: command tx timeout [ 95.327582] Bluetooth: hci6: command tx timeout [ 123.404232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.405083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.604918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.605515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:24:48 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @ipv4=@empty}]}]}, 0x28}], 0x1}, 0x0) [ 124.152861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.153482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:24:48 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @ipv4=@empty}]}]}, 0x28}], 0x1}, 0x0) 13:24:49 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @ipv4=@empty}]}]}, 0x28}], 0x1}, 0x0) [ 124.353682] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.354387] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:24:49 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @ipv4=@empty}]}]}, 0x28}], 0x1}, 0x0) [ 124.508855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.509480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.701630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.702393] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:24:49 executing program 4: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_io_uring_setup(0x3f13, &(0x7f00000001c0)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff9000/0x6000)=nil, &(0x7f0000000240), &(0x7f0000000280)) 13:24:49 executing program 4: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, 0x0) 13:24:49 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x19, 0x0, 0x0) 13:24:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73662a7b3b00088001000240000004f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100016e870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200016e870325132510000e870325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200016e870325132510000e870325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200016e870325132510000e8703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100016e870325132510000e87032510300000000002e2e202020202020202020100016e870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200016e870325132510000e870325104001a040000", 0x80, 0x42000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x82000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xc2000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x142000}], 0x0, &(0x7f0000010d00)) [ 125.169230] loop4: detected capacity change from 0 to 5152 [ 125.305132] audit: type=1400 audit(1756473890.065:8): avc: denied { open } for pid=3843 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.317139] audit: type=1400 audit(1756473890.066:9): avc: denied { kernel } for pid=3843 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.354796] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.354833] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.539638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.542159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.640467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.641201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.802152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.802894] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.097264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.098566] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.275094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.275932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.413844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.414563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.486445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.487179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.088842] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.090148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.130663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.131817] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:24:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73662a7b3b00088001000240000004f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100016e870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200016e870325132510000e870325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200016e870325132510000e870325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200016e870325132510000e8703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100016e870325132510000e87032510300000000002e2e202020202020202020100016e870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200016e870325132510000e870325104001a040000", 0x80, 0x42000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x82000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xc2000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x142000}], 0x0, &(0x7f0000010d00)) 13:24:52 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/195, 0xfdef}], 0x1) 13:24:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f8000020004000000000000000000001", 0x25}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0f", 0xc, 0x10000}], 0x0, &(0x7f0000011000)) statfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/69) 13:24:52 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sync() 13:24:52 executing program 5: write$tun(0xffffffffffffffff, &(0x7f00000000c0)={@val, @val, @llc={@llc={0x0, 0x0, 'Y'}}}, 0x11) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="866369ed", 0x4}], 0x1}, 0x0) 13:24:52 executing program 3: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) 13:24:52 executing program 2: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) 13:24:52 executing program 7: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) [ 127.397410] loop0: detected capacity change from 0 to 256 [ 127.413674] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 127.416636] loop4: detected capacity change from 0 to 5152 [ 127.438017] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 13:24:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f8000020004000000000000000000001", 0x25}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0f", 0xc, 0x10000}], 0x0, &(0x7f0000011000)) statfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/69) 13:24:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73662a7b3b00088001000240000004f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100016e870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200016e870325132510000e870325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200016e870325132510000e870325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200016e870325132510000e8703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100016e870325132510000e87032510300000000002e2e202020202020202020100016e870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200016e870325132510000e870325104001a040000", 0x80, 0x42000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x82000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xc2000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x142000}], 0x0, &(0x7f0000010d00)) 13:24:52 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sync() 13:24:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f8000020004000000000000000000001", 0x25}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0f", 0xc, 0x10000}], 0x0, &(0x7f0000011000)) statfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/69) 13:24:52 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/195, 0xfdef}], 0x1) 13:24:52 executing program 5: write$tun(0xffffffffffffffff, &(0x7f00000000c0)={@val, @val, @llc={@llc={0x0, 0x0, 'Y'}}}, 0x11) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="866369ed", 0x4}], 0x1}, 0x0) 13:24:52 executing program 2: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) 13:24:52 executing program 3: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) 13:24:52 executing program 7: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) [ 127.956317] loop0: detected capacity change from 0 to 256 [ 127.966426] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 128.004609] loop4: detected capacity change from 0 to 5152 [ 128.023339] kmemleak: Found object by alias at 0x607f1a639484 [ 128.023357] CPU: 0 UID: 0 PID: 3953 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.023375] Tainted: [W]=WARN [ 128.023378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.023385] Call Trace: [ 128.023389] [ 128.023394] dump_stack_lvl+0xca/0x120 [ 128.023418] __lookup_object+0x94/0xb0 [ 128.023434] delete_object_full+0x27/0x70 [ 128.023450] free_percpu+0x30/0x1160 [ 128.023466] ? arch_uprobe_clear_state+0x16/0x140 [ 128.023486] futex_hash_free+0x38/0xc0 [ 128.023501] mmput+0x2d3/0x390 [ 128.023519] do_exit+0x79d/0x2970 [ 128.023532] ? signal_wake_up_state+0x85/0x120 [ 128.023553] ? zap_other_threads+0x2b9/0x3a0 [ 128.023569] ? __pfx_do_exit+0x10/0x10 [ 128.023582] ? do_group_exit+0x1c3/0x2a0 [ 128.023597] ? lock_release+0xc8/0x290 [ 128.023619] do_group_exit+0xd3/0x2a0 [ 128.023637] __x64_sys_exit_group+0x3e/0x50 [ 128.023654] x64_sys_call+0x18c5/0x18d0 [ 128.023673] do_syscall_64+0xbf/0x360 [ 128.023687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.023701] RIP: 0033:0x7f785b16eb19 [ 128.023712] Code: Unable to access opcode bytes at 0x7f785b16eaef. [ 128.023718] RSP: 002b:00007fff3badd018 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.023732] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f785b16eb19 [ 128.023742] RDX: 00007f785b12172b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.023751] RBP: 0000000000000000 R08: 0000001b2d428ed8 R09: 0000000000000000 [ 128.023759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.023767] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff3badd100 [ 128.023793] [ 128.023798] kmemleak: Object (percpu) 0x607f1a639480 (size 8): [ 128.023808] kmemleak: comm "syz-executor.6", pid 3933, jiffies 4294794611 [ 128.023816] kmemleak: min_count = 1 [ 128.023820] kmemleak: count = 0 [ 128.023825] kmemleak: flags = 0x21 [ 128.023830] kmemleak: checksum = 0 [ 128.023835] kmemleak: backtrace: [ 128.023839] pcpu_alloc_noprof+0x87a/0x1170 [ 128.023860] percpu_ref_init+0x37/0x400 [ 128.023886] blkg_alloc+0xe9/0x7d0 [ 128.023903] blkg_create+0xe08/0x1420 [ 128.023920] bio_associate_blkg_from_css+0xe06/0x1380 [ 128.023937] bio_associate_blkg+0x10e/0x2a0 [ 128.023955] bio_init+0x2dd/0x570 [ 128.023973] bio_alloc_bioset+0x2cf/0x8c0 [ 128.023994] submit_bh_wbc+0x286/0x720 [ 128.024015] __block_write_full_folio+0x723/0xde0 [ 128.024030] block_write_full_folio+0x2d6/0x390 [ 128.024045] blkdev_writepages+0x96/0x120 [ 128.024058] do_writepages+0x244/0x5c0 [ 128.024074] filemap_fdatawrite_wbc+0x10b/0x150 [ 128.024094] __filemap_fdatawrite_range+0xb9/0x100 [ 128.024117] sync_bdevs+0x2e6/0x360 [ 128.032810] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 13:24:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f8000020004000000000000000000001", 0x25}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0f", 0xc, 0x10000}], 0x0, &(0x7f0000011000)) statfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/69) 13:24:52 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/195, 0xfdef}], 0x1) 13:24:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73662a7b3b00088001000240000004f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100016e870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200016e870325132510000e870325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200016e870325132510000e870325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200016e870325132510000e8703251070064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100016e870325132510000e87032510300000000002e2e202020202020202020100016e870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200016e870325132510000e870325104001a040000", 0x80, 0x42000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x82000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0xc2000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x142000}], 0x0, &(0x7f0000010d00)) 13:24:52 executing program 5: write$tun(0xffffffffffffffff, &(0x7f00000000c0)={@val, @val, @llc={@llc={0x0, 0x0, 'Y'}}}, 0x11) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="866369ed", 0x4}], 0x1}, 0x0) 13:24:53 executing program 3: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) [ 128.274208] loop0: detected capacity change from 0 to 256 [ 128.279283] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 128.360102] kmemleak: Found object by alias at 0x607f1a639484 [ 128.360121] CPU: 0 UID: 0 PID: 3974 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.360139] Tainted: [W]=WARN [ 128.360142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.360149] Call Trace: [ 128.360153] [ 128.360158] dump_stack_lvl+0xca/0x120 [ 128.360183] __lookup_object+0x94/0xb0 [ 128.360200] delete_object_full+0x27/0x70 [ 128.360216] free_percpu+0x30/0x1160 [ 128.360233] ? arch_uprobe_clear_state+0x16/0x140 [ 128.360259] futex_hash_free+0x38/0xc0 [ 128.360274] mmput+0x2d3/0x390 [ 128.360293] do_exit+0x79d/0x2970 [ 128.360306] ? signal_wake_up_state+0x85/0x120 [ 128.360323] ? zap_other_threads+0x2b9/0x3a0 [ 128.360338] ? __pfx_do_exit+0x10/0x10 [ 128.360351] ? do_group_exit+0x1c3/0x2a0 [ 128.360364] ? lock_release+0xc8/0x290 [ 128.360382] do_group_exit+0xd3/0x2a0 [ 128.360397] __x64_sys_exit_group+0x3e/0x50 [ 128.360411] x64_sys_call+0x18c5/0x18d0 [ 128.360427] do_syscall_64+0xbf/0x360 [ 128.360439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.360450] RIP: 0033:0x7f785b16eb19 [ 128.360458] Code: Unable to access opcode bytes at 0x7f785b16eaef. [ 128.360463] RSP: 002b:00007fff3badd018 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.360474] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f785b16eb19 [ 128.360481] RDX: 00007f785b12172b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.360488] RBP: 0000000000000000 R08: 0000001b2d428f6c R09: 0000000000000000 [ 128.360495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.360502] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff3badd100 [ 128.360519] [ 128.360522] kmemleak: Object (percpu) 0x607f1a639480 (size 8): [ 128.360529] kmemleak: comm "syz-executor.0", pid 3975, jiffies 4294795131 [ 128.360536] kmemleak: min_count = 1 [ 128.360539] kmemleak: count = 0 [ 128.360543] kmemleak: flags = 0x21 [ 128.360546] kmemleak: checksum = 0 [ 128.360550] kmemleak: backtrace: [ 128.360553] pcpu_alloc_noprof+0x87a/0x1170 [ 128.360568] alloc_vfsmnt+0x135/0x6e0 [ 128.360581] vfs_create_mount.part.0+0x40/0x440 [ 128.360596] path_mount+0x1637/0x1dd0 [ 128.360607] __x64_sys_mount+0x27b/0x300 [ 128.360617] do_syscall_64+0xbf/0x360 [ 128.360626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.405973] loop4: detected capacity change from 0 to 5152 13:24:53 executing program 5: write$tun(0xffffffffffffffff, &(0x7f00000000c0)={@val, @val, @llc={@llc={0x0, 0x0, 'Y'}}}, 0x11) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="866369ed", 0x4}], 0x1}, 0x0) 13:24:53 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/195, 0xfdef}], 0x1) 13:24:53 executing program 2: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) [ 128.451643] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 128.554518] ------------[ cut here ]------------ [ 128.555855] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.4/289 [ 128.556660] Modules linked in: [ 128.557091] CPU: 0 UID: 0 PID: 289 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.560984] Tainted: [W]=WARN [ 128.561709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.562809] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 128.563243] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b [ 128.564810] RSP: 0018:ffff888018e67ce0 EFLAGS: 00010293 [ 128.565306] RAX: 0000000000000000 RBX: 1ffff110031ccfa1 RCX: ffffffff81bf96d3 [ 128.565985] RDX: ffff8880169f0000 RSI: ffffffff81bf96dd RDI: 0000000000000005 [ 128.566628] RBP: ffff8880163f61c0 R08: 0000000000000001 R09: 0000000000000000 [ 128.567213] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888018e67d48 [ 128.567856] R13: 00000000ffffffff R14: ffff8880163f61c0 R15: ffff8880163f62a8 [ 128.568521] FS: 0000555578a9c400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 128.569222] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.569765] CR2: 000000c00eb5e000 CR3: 0000000044627000 CR4: 0000000000350ef0 [ 128.570358] Call Trace: [ 128.570569] [ 128.570781] ? __pfx_mntput_no_expire+0x10/0x10 [ 128.571203] ? dput.part.0+0xce/0x930 [ 128.571568] ? lock_release+0xc8/0x290 [ 128.571919] path_umount+0x6e0/0x1100 [ 128.572238] ? kmem_cache_free+0x2a1/0x540 [ 128.572580] ? __pfx_path_umount+0x10/0x10 [ 128.572962] ? putname.part.0+0x11b/0x160 [ 128.573334] __x64_sys_umount+0x15c/0x190 [ 128.573747] ? __pfx___x64_sys_umount+0x10/0x10 [ 128.574160] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.574650] do_syscall_64+0xbf/0x360 [ 128.575052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.575502] RIP: 0033:0x7f49f96e0f87 [ 128.575874] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.577397] RSP: 002b:00007ffd203858b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 128.578078] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00007f49f96e0f87 [ 128.578661] RDX: 00007ffd2038598a RSI: 000000000000000a RDI: 00007ffd20385980 [ 128.579284] RBP: 00007ffd20385980 R08: 00000000ffffffff R09: 00007ffd20385750 [ 128.579958] R10: 0000555578a9dc7b R11: 0000000000000246 R12: 00007f49f9739105 [ 128.580577] R13: 00007ffd20386a40 R14: 0000555578a9dc20 R15: 00007ffd20386a80 [ 128.581267] [ 128.581454] irq event stamp: 219101 [ 128.581773] hardirqs last enabled at (219111): [] __up_console_sem+0x78/0x80 [ 128.582475] hardirqs last disabled at (219118): [] __up_console_sem+0x5d/0x80 [ 128.583252] softirqs last enabled at (218878): [] handle_softirqs+0x50c/0x770 [ 128.584056] softirqs last disabled at (218873): [] __irq_exit_rcu+0xc4/0x100 [ 128.584842] ---[ end trace 0000000000000000 ]--- 13:24:53 executing program 7: r0 = gettid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) rt_tgsigqueueinfo(r1, r0, 0x3e, &(0x7f0000000040)={0x19, 0x7ff, 0x15e3}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) r2 = fork() r3 = getpgrp(r2) r4 = gettid() r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0xaa80) waitid$P_PIDFD(0x3, r6, &(0x7f00000000c0), 0x8, &(0x7f0000000140)) tgkill(r3, r4, 0xb) gettid() ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000000280)=ANY=[@ANYBLOB="63615843550a000000f4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) sendfile(r5, r7, &(0x7f0000000240)=0x6, 0x0) r8 = getpgrp(0x0) r9 = gettid() tgkill(r8, r9, 0xb) fork() setpgid(r4, r9) 13:24:53 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0) 13:24:53 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) sync() 13:24:53 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x1]}, 0x8, 0x800) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0xa0840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5325, 0x0) preadv2(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/212, 0xd4}, {&(0x7f0000000100)=""/97, 0x61}, {&(0x7f0000000300)=""/244, 0xf4}, {&(0x7f0000000080)}, {&(0x7f0000000480)=""/194, 0xc2}, {&(0x7f0000000400)=""/6, 0x6}], 0x6, 0x101, 0x9518, 0xf) 13:24:53 executing program 4: setresuid(0xee01, 0xee00, 0x0) acct(0x0) [ 128.776430] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 128.778535] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 128.780206] CPU: 1 UID: 0 PID: 4004 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.782689] Tainted: [W]=WARN [ 128.783230] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.784584] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.785392] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.788379] RSP: 0018:ffff8880476b77c0 EFLAGS: 00010212 [ 128.789251] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 128.790449] RDX: ffff888048291b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 128.791627] RBP: ffff8880476b7a30 R08: ffff88806cf31340 R09: ffffe8ffffd16480 [ 128.792805] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 128.793996] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 128.795176] FS: 000055558725e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.796513] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.797474] CR2: 0000001b2cf22000 CR3: 000000004615b000 CR4: 0000000000350ef0 [ 128.798659] Call Trace: [ 128.799089] [ 128.799493] ? __pfx_perf_tp_event+0x10/0x10 [ 128.800253] ? cpu_util.constprop.0+0x17d/0x340 [ 128.801052] ? __asan_memset+0x24/0x50 [ 128.801716] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 128.802624] ? lock_release+0xc8/0x290 [ 128.803299] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 128.804236] ? __lock_acquire+0x694/0x1b70 [ 128.804960] ? perf_trace_run_bpf_submit+0xef/0x180 [ 128.805817] perf_trace_run_bpf_submit+0xef/0x180 [ 128.806641] perf_trace_lock_acquire+0x3c2/0x700 [ 128.807463] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 128.808355] ? lock_acquire+0x15e/0x2f0 [ 128.809040] lock_acquire+0xc5/0x2f0 [ 128.809686] ? futex_private_hash_put+0x4c/0x2d0 [ 128.810499] ? futex_hash+0x2d8/0x390 [ 128.811141] ? lock_release+0xc8/0x290 [ 128.811799] futex_private_hash_put+0x5d/0x2d0 [ 128.812595] ? futex_private_hash_put+0x4c/0x2d0 [ 128.813388] futex_hash_put+0x3f/0x50 [ 128.814043] futex_wake+0x1bb/0x540 [ 128.814669] ? kernel_clone+0x204/0x7f0 [ 128.815350] ? __pfx_futex_wake+0x10/0x10 [ 128.816041] ? __pfx_kernel_clone+0x10/0x10 [ 128.816765] ? __lock_acquire+0x694/0x1b70 [ 128.817483] do_futex+0x26d/0x370 [ 128.818098] ? __pfx_do_futex+0x10/0x10 [ 128.818789] ? __pfx___do_sys_clone+0x10/0x10 [ 128.819544] ? find_held_lock+0x2b/0x80 [ 128.820229] __x64_sys_futex+0x1c9/0x4d0 [ 128.820919] ? __pfx___x64_sys_futex+0x10/0x10 [ 128.821699] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.822600] do_syscall_64+0xbf/0x360 [ 128.823246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.824106] RIP: 0033:0x7f785b16eb19 [ 128.824726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.827689] RSP: 002b:00007fff3badce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.828967] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f785b16eb19 [ 128.830149] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f785b281f68 [ 128.831338] RBP: 00007f785b281f60 R08: 00007f78586e4700 R09: 0000000000000000 [ 128.832508] R10: 00007f78586e4700 R11: 0000000000000246 R12: 00007f785b286060 [ 128.833679] R13: 00007fff3badcf70 R14: 00007f785b281f60 R15: 000000000001f696 [ 128.834881] [ 128.835275] Modules linked in: [ 128.835884] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 128.837713] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 128.839159] CPU: 1 UID: 0 PID: 4004 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.841131] Tainted: [D]=DIE, [W]=WARN [ 128.841772] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.843158] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.843951] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.846951] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 128.847826] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 128.849006] RDX: ffff888048291b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 128.850206] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16480 [ 128.851375] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 128.852554] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 128.853722] FS: 000055558725e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.855070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.856036] CR2: 0000001b2cf22000 CR3: 000000004615b000 CR4: 0000000000350ef0 [ 128.857412] Call Trace: [ 128.857874] [ 128.858266] ? __pfx_perf_tp_event+0x10/0x10 [ 128.859180] ? __pfx_css_rstat_updated+0x10/0x10 [ 128.860124] ? lock_is_held_type+0x9e/0x120 [ 128.860898] ? trace_pelt_se_tp+0xdf/0x130 13:24:53 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0xa, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x4e21}, 0x10) 13:24:53 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x32}}, 0x14}}, 0x0) [ 128.861750] ? __update_load_avg_se+0x428/0xa40 [ 128.862788] ? lock_is_held_type+0x9e/0x120 [ 128.863536] ? trace_sched_set_need_resched_tp+0xd4/0x110 13:24:53 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x4, 0x0, &(0x7f0000000100)) [ 128.864546] ? __resched_curr+0x2a2/0x330 [ 128.865331] ? __pfx___resched_curr+0x10/0x10 [ 128.866304] ? perf_trace_lock_acquire+0xc9/0x700 [ 128.867281] ? perf_trace_run_bpf_submit+0xef/0x180 [ 128.868259] ? perf_trace_lock_acquire+0xc9/0x700 [ 128.869294] perf_trace_run_bpf_submit+0xef/0x180 [ 128.870262] perf_trace_lock_acquire+0x3c2/0x700 [ 128.871249] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.872199] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 128.873311] ? lock_acquire+0x15e/0x2f0 [ 128.874111] ? find_held_lock+0x2b/0x80 [ 128.874956] ? clockevents_program_event+0x14f/0x360 [ 128.875981] ? lock_release+0xc8/0x290 [ 128.876819] lock_acquire+0xc5/0x2f0 [ 128.877613] ? hrtimer_interrupt+0xd6/0x830 [ 128.878399] ? __pfx_native_flush_tlb_one_user+0x10/0x10 [ 128.879541] ? __pfx_lapic_next_deadline+0x10/0x10 [ 128.880373] _raw_spin_lock_irqsave+0x3a/0x60 [ 128.881362] ? hrtimer_interrupt+0xd6/0x830 [ 128.882229] hrtimer_interrupt+0xd6/0x830 [ 128.883085] ? __pfx_flush_tlb_func+0x10/0x10 [ 128.884005] ? trace_csd_function_exit+0x134/0x190 [ 128.884890] ? __flush_smp_call_function_queue+0x28c/0x740 [ 128.886035] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 128.887111] sysvec_apic_timer_interrupt+0x6b/0x80 [ 128.888085] [ 128.888485] [ 128.888956] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 128.890035] RIP: 0010:oops_exit+0x0/0x50 [ 128.890919] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 128.894604] RSP: 0018:ffff8880476b7650 EFLAGS: 00000202 [ 128.895583] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 128.896973] RDX: ffff888048291b80 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 128.898297] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 128.899744] R10: 0000000000000000 R11: 000000000000002c R12: ffff8880476b7718 [ 128.901194] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 128.902630] ? add_taint+0x5f/0xd0 [ 128.903386] ? oops_end+0x4a/0xe0 [ 128.904176] oops_end+0x65/0xe0 [ 128.904893] exc_general_protection+0x1a2/0x330 [ 128.905841] asm_exc_general_protection+0x26/0x30 [ 128.906810] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.907762] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.910944] RSP: 0018:ffff8880476b77c0 EFLAGS: 00010212 [ 128.911838] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 128.913024] RDX: ffff888048291b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 128.914219] RBP: ffff8880476b7a30 R08: ffff88806cf31340 R09: ffffe8ffffd16480 [ 128.915388] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 128.916573] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 128.917753] ? perf_tp_event+0x167/0xe70 [ 128.918465] ? __pfx_perf_tp_event+0x10/0x10 [ 128.919213] ? cpu_util.constprop.0+0x17d/0x340 [ 128.920022] ? __asan_memset+0x24/0x50 [ 128.920678] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 128.921577] ? lock_release+0xc8/0x290 [ 128.922251] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 128.923193] ? __lock_acquire+0x694/0x1b70 [ 128.923913] ? perf_trace_run_bpf_submit+0xef/0x180 [ 128.924751] perf_trace_run_bpf_submit+0xef/0x180 [ 128.925563] perf_trace_lock_acquire+0x3c2/0x700 [ 128.926383] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 128.927285] ? lock_acquire+0x15e/0x2f0 [ 128.927954] lock_acquire+0xc5/0x2f0 [ 128.928592] ? futex_private_hash_put+0x4c/0x2d0 [ 128.929394] ? futex_hash+0x2d8/0x390 [ 128.930056] ? lock_release+0xc8/0x290 [ 128.930720] futex_private_hash_put+0x5d/0x2d0 [ 128.931495] ? futex_private_hash_put+0x4c/0x2d0 [ 128.932287] futex_hash_put+0x3f/0x50 [ 128.932923] futex_wake+0x1bb/0x540 [ 128.933551] ? kernel_clone+0x204/0x7f0 [ 128.934252] ? __pfx_futex_wake+0x10/0x10 [ 128.934955] ? __pfx_kernel_clone+0x10/0x10 [ 128.935671] ? __lock_acquire+0x694/0x1b70 [ 128.936381] do_futex+0x26d/0x370 [ 128.936975] ? __pfx_do_futex+0x10/0x10 [ 128.937636] ? __pfx___do_sys_clone+0x10/0x10 [ 128.938397] ? find_held_lock+0x2b/0x80 [ 128.939077] __x64_sys_futex+0x1c9/0x4d0 [ 128.939764] ? __pfx___x64_sys_futex+0x10/0x10 [ 128.940535] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.941392] do_syscall_64+0xbf/0x360 [ 128.942052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.942909] RIP: 0033:0x7f785b16eb19 [ 128.943529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.946496] RSP: 002b:00007fff3badce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.947736] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f785b16eb19 [ 128.948932] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f785b281f68 [ 128.950120] RBP: 00007f785b281f60 R08: 00007f78586e4700 R09: 0000000000000000 [ 128.951323] R10: 00007f78586e4700 R11: 0000000000000246 R12: 00007f785b286060 [ 128.952536] R13: 00007fff3badcf70 R14: 00007f785b281f60 R15: 000000000001f696 [ 128.953768] [ 128.954193] Modules linked in: [ 128.954760] ---[ end trace 0000000000000000 ]--- [ 128.955562] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.956372] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.959450] RSP: 0018:ffff8880476b77c0 EFLAGS: 00010212 [ 128.960354] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 128.961562] RDX: ffff888048291b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 128.962781] RBP: ffff8880476b7a30 R08: ffff88806cf31340 R09: ffffe8ffffd16480 [ 128.963990] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 128.965193] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 128.966422] FS: 000055558725e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.967779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.968773] CR2: 0000001b2cf22000 CR3: 000000004615b000 CR4: 0000000000350ef0 [ 128.969998] Kernel panic - not syncing: Fatal exception in interrupt [ 128.971476] Kernel Offset: disabled [ 128.972103] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 13:24:53 Registers: info registers vcpu 0 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888018e67620 R8 =0000000000000000 R9 =ffffed10015fd046 R10=0000000000000035 R11=0000000000000001 R12=0000000000000035 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555578a9c400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c00eb5e000 CR3=0000000044627000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=5333859d3baa70768792b4c0a9a8b5ac XMM02=8edecce870d5822b26f03b252ebbe61f XMM03=80e4ffbdb228f97f1c1c44d8f5749107 XMM04=4b695348f03d66de161bfdf12b28b5be XMM05=61dfa93d2582855cd1324ae07a0c68e6 XMM06=c801bd46cd8d5caec062cf8349a624fa XMM07=3057ce8dd04ae6658ef0337399de8fdd XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000100 RCX=ffffffff81b96dd8 RDX=ffff88801595d280 RSI=ffffffff81b96da3 RDI=0000000000000001 RBP=ffff8880154cfae0 RSP=ffff8880154cfa50 R8 =0000000000000001 R9 =ffffffff81b964d3 R10=0000000000000001 R11=0000000000000001 R12=ffff8880154cfc74 R13=000000000000079f R14=ffff8880154cfc38 R15=0000000000000001 RIP=ffffffff81b96da5 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f89fb9808c0 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb40327a958 CR3=000000000eaff000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00343a372f6b636f6c622f7665642f73 XMM02=00ff0000000000000000000000000000 XMM03=696e656420737365636341002f737973 XMM04=00000000000000000000000000000000 XMM05=0000000300000002000055bcb89996d0 XMM06=000055bcb89997700000000100000009 XMM07=00000000000000000000000000000000 XMM08=610064253a64252f6b636f6c622f7665 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000