Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:23567' (ECDSA) to the list of known hosts. 2025/08/29 11:01:45 fuzzer started 2025/08/29 11:01:45 dialing manager at localhost:43077 syzkaller login: [ 44.967377] cgroup: Unknown subsys name 'net' [ 45.025179] cgroup: Unknown subsys name 'cpuset' [ 45.049188] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:01:58 syscalls: 2214 2025/08/29 11:01:58 code coverage: enabled 2025/08/29 11:01:58 comparison tracing: enabled 2025/08/29 11:01:58 extra coverage: enabled 2025/08/29 11:01:58 setuid sandbox: enabled 2025/08/29 11:01:58 namespace sandbox: enabled 2025/08/29 11:01:58 Android sandbox: enabled 2025/08/29 11:01:58 fault injection: enabled 2025/08/29 11:01:58 leak checking: enabled 2025/08/29 11:01:58 net packet injection: enabled 2025/08/29 11:01:58 net device setup: enabled 2025/08/29 11:01:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:01:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:01:58 USB emulation: enabled 2025/08/29 11:01:58 hci packet injection: enabled 2025/08/29 11:01:58 wifi device emulation: enabled 2025/08/29 11:01:58 802.15.4 emulation: enabled 2025/08/29 11:01:58 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:01:58 fetching corpus: 43, signal 16176/19797 (executing program) 2025/08/29 11:01:58 fetching corpus: 86, signal 24714/29917 (executing program) 2025/08/29 11:01:58 fetching corpus: 136, signal 37384/43798 (executing program) 2025/08/29 11:01:58 fetching corpus: 186, signal 43476/51150 (executing program) 2025/08/29 11:01:58 fetching corpus: 236, signal 47662/56613 (executing program) 2025/08/29 11:01:58 fetching corpus: 286, signal 56462/66217 (executing program) 2025/08/29 11:01:59 fetching corpus: 336, signal 60717/71533 (executing program) 2025/08/29 11:01:59 fetching corpus: 386, signal 64576/76416 (executing program) 2025/08/29 11:01:59 fetching corpus: 435, signal 68812/81529 (executing program) 2025/08/29 11:01:59 fetching corpus: 485, signal 71585/85216 (executing program) 2025/08/29 11:01:59 fetching corpus: 535, signal 74073/88598 (executing program) 2025/08/29 11:01:59 fetching corpus: 585, signal 78030/93157 (executing program) 2025/08/29 11:01:59 fetching corpus: 635, signal 80420/96321 (executing program) 2025/08/29 11:01:59 fetching corpus: 685, signal 82308/99021 (executing program) 2025/08/29 11:01:59 fetching corpus: 735, signal 85393/102688 (executing program) 2025/08/29 11:01:59 fetching corpus: 785, signal 88061/105961 (executing program) 2025/08/29 11:02:00 fetching corpus: 835, signal 89644/108292 (executing program) 2025/08/29 11:02:00 fetching corpus: 885, signal 91809/111033 (executing program) 2025/08/29 11:02:00 fetching corpus: 934, signal 94226/113923 (executing program) 2025/08/29 11:02:00 fetching corpus: 983, signal 95432/115878 (executing program) 2025/08/29 11:02:00 fetching corpus: 1033, signal 97698/118619 (executing program) 2025/08/29 11:02:00 fetching corpus: 1083, signal 100226/121448 (executing program) 2025/08/29 11:02:00 fetching corpus: 1133, signal 101475/123310 (executing program) 2025/08/29 11:02:00 fetching corpus: 1183, signal 102613/125085 (executing program) 2025/08/29 11:02:00 fetching corpus: 1233, signal 104233/127129 (executing program) 2025/08/29 11:02:00 fetching corpus: 1283, signal 105251/128667 (executing program) 2025/08/29 11:02:01 fetching corpus: 1333, signal 106950/130754 (executing program) 2025/08/29 11:02:01 fetching corpus: 1382, signal 108971/132955 (executing program) 2025/08/29 11:02:01 fetching corpus: 1431, signal 110047/134516 (executing program) 2025/08/29 11:02:01 fetching corpus: 1481, signal 111224/136123 (executing program) 2025/08/29 11:02:01 fetching corpus: 1531, signal 112234/137599 (executing program) 2025/08/29 11:02:01 fetching corpus: 1581, signal 114099/139596 (executing program) 2025/08/29 11:02:01 fetching corpus: 1631, signal 114930/140879 (executing program) 2025/08/29 11:02:01 fetching corpus: 1681, signal 116141/142426 (executing program) 2025/08/29 11:02:01 fetching corpus: 1731, signal 117105/143747 (executing program) 2025/08/29 11:02:01 fetching corpus: 1781, signal 118023/144999 (executing program) 2025/08/29 11:02:02 fetching corpus: 1831, signal 119062/146411 (executing program) 2025/08/29 11:02:02 fetching corpus: 1881, signal 120162/147839 (executing program) 2025/08/29 11:02:02 fetching corpus: 1931, signal 121172/149158 (executing program) 2025/08/29 11:02:02 fetching corpus: 1981, signal 122041/150296 (executing program) 2025/08/29 11:02:02 fetching corpus: 2031, signal 123057/151523 (executing program) 2025/08/29 11:02:02 fetching corpus: 2081, signal 124295/152828 (executing program) 2025/08/29 11:02:02 fetching corpus: 2131, signal 125085/153938 (executing program) 2025/08/29 11:02:02 fetching corpus: 2181, signal 125896/155015 (executing program) 2025/08/29 11:02:02 fetching corpus: 2231, signal 126816/156146 (executing program) 2025/08/29 11:02:03 fetching corpus: 2281, signal 127716/157206 (executing program) 2025/08/29 11:02:03 fetching corpus: 2331, signal 128535/158222 (executing program) 2025/08/29 11:02:03 fetching corpus: 2381, signal 129568/159409 (executing program) 2025/08/29 11:02:03 fetching corpus: 2431, signal 130212/160312 (executing program) 2025/08/29 11:02:03 fetching corpus: 2481, signal 131172/161367 (executing program) 2025/08/29 11:02:03 fetching corpus: 2531, signal 132635/162665 (executing program) 2025/08/29 11:02:03 fetching corpus: 2581, signal 133564/163641 (executing program) 2025/08/29 11:02:03 fetching corpus: 2630, signal 134141/164449 (executing program) 2025/08/29 11:02:03 fetching corpus: 2680, signal 135098/165405 (executing program) 2025/08/29 11:02:03 fetching corpus: 2730, signal 137109/166715 (executing program) 2025/08/29 11:02:03 fetching corpus: 2780, signal 137744/167518 (executing program) 2025/08/29 11:02:04 fetching corpus: 2830, signal 138794/168437 (executing program) 2025/08/29 11:02:04 fetching corpus: 2880, signal 139546/169217 (executing program) 2025/08/29 11:02:04 fetching corpus: 2929, signal 140001/169874 (executing program) 2025/08/29 11:02:04 fetching corpus: 2979, signal 140545/170567 (executing program) 2025/08/29 11:02:04 fetching corpus: 3029, signal 141389/171377 (executing program) 2025/08/29 11:02:04 fetching corpus: 3078, signal 142321/172237 (executing program) 2025/08/29 11:02:04 fetching corpus: 3128, signal 143030/172974 (executing program) 2025/08/29 11:02:04 fetching corpus: 3178, signal 143702/173630 (executing program) 2025/08/29 11:02:04 fetching corpus: 3227, signal 144353/174284 (executing program) 2025/08/29 11:02:04 fetching corpus: 3277, signal 145276/174981 (executing program) 2025/08/29 11:02:04 fetching corpus: 3326, signal 145766/175602 (executing program) 2025/08/29 11:02:05 fetching corpus: 3376, signal 146349/176188 (executing program) 2025/08/29 11:02:05 fetching corpus: 3426, signal 146775/176730 (executing program) 2025/08/29 11:02:05 fetching corpus: 3476, signal 147239/177306 (executing program) 2025/08/29 11:02:05 fetching corpus: 3526, signal 148290/177988 (executing program) 2025/08/29 11:02:05 fetching corpus: 3576, signal 148958/178622 (executing program) 2025/08/29 11:02:05 fetching corpus: 3626, signal 149570/179166 (executing program) 2025/08/29 11:02:05 fetching corpus: 3676, signal 150257/179673 (executing program) 2025/08/29 11:02:05 fetching corpus: 3726, signal 150877/180178 (executing program) 2025/08/29 11:02:05 fetching corpus: 3776, signal 151422/180657 (executing program) 2025/08/29 11:02:05 fetching corpus: 3826, signal 151841/181084 (executing program) 2025/08/29 11:02:05 fetching corpus: 3876, signal 152366/181537 (executing program) 2025/08/29 11:02:06 fetching corpus: 3926, signal 152846/181968 (executing program) 2025/08/29 11:02:06 fetching corpus: 3976, signal 153181/182364 (executing program) 2025/08/29 11:02:06 fetching corpus: 4026, signal 153650/182778 (executing program) 2025/08/29 11:02:06 fetching corpus: 4076, signal 154095/183187 (executing program) 2025/08/29 11:02:06 fetching corpus: 4126, signal 154580/183589 (executing program) 2025/08/29 11:02:06 fetching corpus: 4176, signal 155057/183958 (executing program) 2025/08/29 11:02:06 fetching corpus: 4226, signal 155439/184351 (executing program) 2025/08/29 11:02:06 fetching corpus: 4276, signal 155816/184698 (executing program) 2025/08/29 11:02:06 fetching corpus: 4326, signal 156200/185039 (executing program) 2025/08/29 11:02:06 fetching corpus: 4376, signal 156621/185389 (executing program) 2025/08/29 11:02:06 fetching corpus: 4426, signal 157124/185792 (executing program) 2025/08/29 11:02:07 fetching corpus: 4476, signal 157539/185921 (executing program) 2025/08/29 11:02:07 fetching corpus: 4526, signal 158066/185928 (executing program) 2025/08/29 11:02:07 fetching corpus: 4576, signal 158480/185936 (executing program) 2025/08/29 11:02:07 fetching corpus: 4626, signal 158850/185941 (executing program) 2025/08/29 11:02:07 fetching corpus: 4675, signal 159182/185963 (executing program) 2025/08/29 11:02:07 fetching corpus: 4725, signal 159717/186012 (executing program) 2025/08/29 11:02:07 fetching corpus: 4775, signal 160131/186015 (executing program) 2025/08/29 11:02:07 fetching corpus: 4825, signal 160661/186050 (executing program) 2025/08/29 11:02:07 fetching corpus: 4875, signal 161195/186066 (executing program) 2025/08/29 11:02:07 fetching corpus: 4925, signal 161472/186078 (executing program) 2025/08/29 11:02:07 fetching corpus: 4975, signal 161881/186088 (executing program) 2025/08/29 11:02:07 fetching corpus: 5025, signal 162330/186101 (executing program) 2025/08/29 11:02:08 fetching corpus: 5075, signal 162988/186107 (executing program) 2025/08/29 11:02:08 fetching corpus: 5125, signal 163432/186108 (executing program) 2025/08/29 11:02:08 fetching corpus: 5175, signal 164004/186151 (executing program) 2025/08/29 11:02:08 fetching corpus: 5225, signal 164614/186252 (executing program) 2025/08/29 11:02:08 fetching corpus: 5275, signal 164876/186264 (executing program) 2025/08/29 11:02:08 fetching corpus: 5325, signal 165393/186284 (executing program) 2025/08/29 11:02:08 fetching corpus: 5375, signal 165897/186310 (executing program) 2025/08/29 11:02:08 fetching corpus: 5425, signal 166156/186316 (executing program) 2025/08/29 11:02:08 fetching corpus: 5475, signal 166471/186339 (executing program) 2025/08/29 11:02:08 fetching corpus: 5525, signal 166895/186340 (executing program) 2025/08/29 11:02:08 fetching corpus: 5575, signal 167366/186361 (executing program) 2025/08/29 11:02:09 fetching corpus: 5625, signal 167864/186388 (executing program) 2025/08/29 11:02:09 fetching corpus: 5675, signal 168188/186391 (executing program) 2025/08/29 11:02:09 fetching corpus: 5725, signal 168569/186395 (executing program) 2025/08/29 11:02:09 fetching corpus: 5775, signal 169053/186397 (executing program) 2025/08/29 11:02:09 fetching corpus: 5825, signal 169372/186403 (executing program) 2025/08/29 11:02:09 fetching corpus: 5875, signal 170304/186443 (executing program) 2025/08/29 11:02:09 fetching corpus: 5925, signal 170697/186501 (executing program) 2025/08/29 11:02:09 fetching corpus: 5975, signal 171530/186507 (executing program) 2025/08/29 11:02:09 fetching corpus: 6025, signal 171826/186513 (executing program) 2025/08/29 11:02:09 fetching corpus: 6075, signal 172429/186515 (executing program) 2025/08/29 11:02:09 fetching corpus: 6124, signal 172749/186529 (executing program) 2025/08/29 11:02:10 fetching corpus: 6174, signal 173009/186535 (executing program) 2025/08/29 11:02:10 fetching corpus: 6224, signal 173344/186535 (executing program) 2025/08/29 11:02:10 fetching corpus: 6274, signal 173734/186537 (executing program) 2025/08/29 11:02:10 fetching corpus: 6324, signal 174016/186540 (executing program) 2025/08/29 11:02:10 fetching corpus: 6373, signal 174302/186574 (executing program) 2025/08/29 11:02:10 fetching corpus: 6423, signal 174657/186594 (executing program) 2025/08/29 11:02:10 fetching corpus: 6473, signal 174927/186595 (executing program) 2025/08/29 11:02:10 fetching corpus: 6523, signal 175256/186607 (executing program) 2025/08/29 11:02:10 fetching corpus: 6573, signal 175595/186613 (executing program) 2025/08/29 11:02:10 fetching corpus: 6622, signal 175874/186624 (executing program) 2025/08/29 11:02:11 fetching corpus: 6672, signal 176236/186689 (executing program) 2025/08/29 11:02:11 fetching corpus: 6722, signal 176457/186696 (executing program) 2025/08/29 11:02:11 fetching corpus: 6772, signal 176711/186702 (executing program) 2025/08/29 11:02:11 fetching corpus: 6821, signal 177033/186703 (executing program) 2025/08/29 11:02:11 fetching corpus: 6871, signal 177424/186714 (executing program) 2025/08/29 11:02:11 fetching corpus: 6921, signal 177865/186719 (executing program) 2025/08/29 11:02:11 fetching corpus: 6971, signal 178034/186720 (executing program) 2025/08/29 11:02:11 fetching corpus: 7021, signal 178336/186727 (executing program) 2025/08/29 11:02:11 fetching corpus: 7071, signal 178532/186732 (executing program) 2025/08/29 11:02:11 fetching corpus: 7121, signal 178784/186764 (executing program) 2025/08/29 11:02:11 fetching corpus: 7171, signal 179036/186781 (executing program) 2025/08/29 11:02:11 fetching corpus: 7221, signal 179354/186812 (executing program) 2025/08/29 11:02:11 fetching corpus: 7271, signal 179751/186824 (executing program) 2025/08/29 11:02:11 fetching corpus: 7321, signal 180087/186829 (executing program) 2025/08/29 11:02:12 fetching corpus: 7371, signal 180440/186843 (executing program) 2025/08/29 11:02:12 fetching corpus: 7421, signal 180827/186863 (executing program) 2025/08/29 11:02:12 fetching corpus: 7471, signal 181253/186863 (executing program) 2025/08/29 11:02:12 fetching corpus: 7521, signal 181450/186871 (executing program) 2025/08/29 11:02:12 fetching corpus: 7571, signal 181736/186889 (executing program) 2025/08/29 11:02:12 fetching corpus: 7621, signal 181944/186892 (executing program) 2025/08/29 11:02:12 fetching corpus: 7671, signal 182358/186917 (executing program) 2025/08/29 11:02:12 fetching corpus: 7721, signal 182566/186935 (executing program) 2025/08/29 11:02:12 fetching corpus: 7770, signal 182856/186979 (executing program) 2025/08/29 11:02:12 fetching corpus: 7820, signal 183182/186982 (executing program) 2025/08/29 11:02:12 fetching corpus: 7870, signal 183414/186990 (executing program) 2025/08/29 11:02:12 fetching corpus: 7919, signal 183731/186993 (executing program) 2025/08/29 11:02:12 fetching corpus: 7922, signal 183737/186993 (executing program) 2025/08/29 11:02:12 fetching corpus: 7922, signal 183737/186993 (executing program) 2025/08/29 11:02:14 starting 8 fuzzer processes 11:02:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000240008000f80100200040000000000000000000800029a0ec11f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ffffffff078000ffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ffffffff078000ffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000c1e670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000c1e670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000c1e670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000c1e670325132510000e6703251090064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e202020202020202020201000c1e670325132510000e67032510300000000002e2e2020202020202020201000c1e670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000c1e670325132510000e670325104001a040000", 0x80, 0x1e00}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x2e00}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x3e00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x7e00}], 0x0, &(0x7f0000010d00)) 11:02:14 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:14 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="be61", 0x2}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev}}}], 0x20}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8040) [ 72.028358] audit: type=1400 audit(1756465334.594:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:02:14 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 11:02:14 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000200), 0x0, 0x0) 11:02:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) r1 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0xd4000a8b) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 11:02:14 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='comm\x00') 11:02:14 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) [ 73.148449] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.152429] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.154433] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.158631] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.162173] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.284234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.285653] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.288491] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.299798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.305227] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.338276] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.343695] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.346222] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.349731] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.352404] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.354756] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.356670] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.360038] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.366080] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.368304] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.425383] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.430026] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.431342] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.432398] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.436528] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.441269] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.445528] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.446935] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.449979] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.450633] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.452530] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.461052] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.464571] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.466112] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.479285] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.481474] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.489876] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.496352] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.502214] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.503292] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.243458] Bluetooth: hci0: command tx timeout [ 75.370880] Bluetooth: hci1: command tx timeout [ 75.435516] Bluetooth: hci3: command tx timeout [ 75.436308] Bluetooth: hci2: command tx timeout [ 75.497950] Bluetooth: hci4: command tx timeout [ 75.563579] Bluetooth: hci6: command tx timeout [ 75.564395] Bluetooth: hci5: command tx timeout [ 75.565446] Bluetooth: hci7: command tx timeout [ 77.289854] Bluetooth: hci0: command tx timeout [ 77.417871] Bluetooth: hci1: command tx timeout [ 77.483217] Bluetooth: hci3: command tx timeout [ 77.483626] Bluetooth: hci2: command tx timeout [ 77.547007] Bluetooth: hci4: command tx timeout [ 77.609902] Bluetooth: hci6: command tx timeout [ 77.610328] Bluetooth: hci7: command tx timeout [ 77.610692] Bluetooth: hci5: command tx timeout [ 79.337979] Bluetooth: hci0: command tx timeout [ 79.467860] Bluetooth: hci1: command tx timeout [ 79.530852] Bluetooth: hci2: command tx timeout [ 79.531300] Bluetooth: hci3: command tx timeout [ 79.593944] Bluetooth: hci4: command tx timeout [ 79.658856] Bluetooth: hci6: command tx timeout [ 79.659299] Bluetooth: hci5: command tx timeout [ 79.659716] Bluetooth: hci7: command tx timeout [ 81.386993] Bluetooth: hci0: command tx timeout [ 81.514912] Bluetooth: hci1: command tx timeout [ 81.577932] Bluetooth: hci3: command tx timeout [ 81.578406] Bluetooth: hci2: command tx timeout [ 81.641845] Bluetooth: hci4: command tx timeout [ 81.706863] Bluetooth: hci7: command tx timeout [ 81.707315] Bluetooth: hci5: command tx timeout [ 81.707672] Bluetooth: hci6: command tx timeout [ 108.766087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.766763] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.937648] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.938329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.168469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.169068] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.256540] audit: type=1400 audit(1756465371.821:8): avc: denied { open } for pid=3803 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 109.262408] audit: type=1400 audit(1756465371.821:9): avc: denied { kernel } for pid=3803 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 109.355996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.356549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="be61", 0x2}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev}}}], 0x20}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8040) 11:02:52 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="be61", 0x2}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev}}}], 0x20}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8040) [ 109.538296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.539486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:52 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="be61", 0x2}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev}}}], 0x20}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8040) 11:02:52 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x400454a4, &(0x7f0000000040)={{0x3}}) [ 109.666753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.667429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:52 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x400454a4, &(0x7f0000000040)={{0x3}}) 11:02:52 executing program 7: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 11:02:52 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x400454a4, &(0x7f0000000040)={{0x3}}) [ 109.860256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.861031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:52 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x400454a4, &(0x7f0000000040)={{0x3}}) [ 109.923517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.924585] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.102380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.103230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.194124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.194741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.236809] loop2: detected capacity change from 0 to 6 [ 110.251356] FAT-fs (loop2): Directory bread(block 6) failed [ 110.252173] FAT-fs (loop2): Directory bread(block 7) failed [ 110.255122] FAT-fs (loop2): Directory bread(block 8) failed [ 110.255599] FAT-fs (loop2): Directory bread(block 9) failed [ 110.260313] audit: type=1400 audit(1756465372.825:10): avc: denied { watch_reads } for pid=3886 comm="syz-executor.5" path="/syzkaller-testdir726998097/syzkaller.wvscOp/0" dev="sda" ino=15973 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 [ 110.280528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.281015] FAT-fs (loop2): Directory bread(block 138) failed [ 110.281451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.281658] FAT-fs (loop2): Directory bread(block 139) failed [ 110.285412] FAT-fs (loop2): Directory bread(block 140) failed [ 110.285933] FAT-fs (loop2): Directory bread(block 141) failed [ 110.286409] FAT-fs (loop2): Directory bread(block 142) failed [ 110.288867] FAT-fs (loop2): Directory bread(block 143) failed [ 110.289836] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 110.290391] FAT-fs (loop2): Filesystem has been set read-only [ 110.371192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.371858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.407260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.407855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.419006] loop0: detected capacity change from 0 to 128 [ 110.474028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.474589] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.497977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.498532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.549086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.549661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:53 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:53 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000200), 0x0, 0x0) 11:02:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:53 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 11:02:53 executing program 7: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 11:02:53 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffee6, &(0x7f0000000000)={&(0x7f0000002640)="19b2c8e9a1173c54", 0x48}}, 0xc810) 11:02:53 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 11:02:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) r1 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0xd4000a8b) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') [ 110.760394] ieee802154 phy0 wpan0: encryption failed: -22 [ 110.762092] loop2: detected capacity change from 0 to 6 [ 110.773511] FAT-fs (loop2): Directory bread(block 6) failed [ 110.774011] FAT-fs (loop2): Directory bread(block 7) failed [ 110.775002] FAT-fs (loop2): Directory bread(block 8) failed [ 110.775472] FAT-fs (loop2): Directory bread(block 9) failed [ 110.798009] FAT-fs (loop2): Directory bread(block 138) failed [ 110.798501] FAT-fs (loop2): Directory bread(block 139) failed 11:02:53 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000200), 0x0, 0x0) 11:02:53 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) [ 110.811131] FAT-fs (loop2): Directory bread(block 140) failed [ 110.811625] FAT-fs (loop2): Directory bread(block 141) failed [ 110.812155] FAT-fs (loop2): Directory bread(block 142) failed 11:02:53 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffee6, &(0x7f0000000000)={&(0x7f0000002640)="19b2c8e9a1173c54", 0x48}}, 0xc810) [ 110.827695] FAT-fs (loop2): Directory bread(block 143) failed [ 110.828685] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 110.829282] FAT-fs (loop2): Filesystem has been set read-only 11:02:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:53 executing program 7: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 11:02:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) r1 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0xd4000a8b) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') [ 110.865353] ieee802154 phy0 wpan0: encryption failed: -22 11:02:53 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:53 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffee6, &(0x7f0000000000)={&(0x7f0000002640)="19b2c8e9a1173c54", 0x48}}, 0xc810) 11:02:53 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 11:02:53 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000200), 0x0, 0x0) 11:02:53 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 11:02:53 executing program 7: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 11:02:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) r1 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0xd4000a8b) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') [ 110.992062] ieee802154 phy0 wpan0: encryption failed: -22 [ 110.996427] loop2: detected capacity change from 0 to 6 [ 111.025110] FAT-fs (loop2): Directory bread(block 6) failed [ 111.025629] FAT-fs (loop2): Directory bread(block 7) failed [ 111.026769] FAT-fs (loop2): Directory bread(block 8) failed [ 111.050877] FAT-fs (loop2): Directory bread(block 9) failed [ 111.076067] FAT-fs (loop2): Directory bread(block 138) failed [ 111.076609] FAT-fs (loop2): Directory bread(block 139) failed [ 111.080627] FAT-fs (loop2): Directory bread(block 140) failed [ 111.081237] FAT-fs (loop2): Directory bread(block 141) failed [ 111.097876] FAT-fs (loop2): Directory bread(block 142) failed [ 111.098379] FAT-fs (loop2): Directory bread(block 143) failed [ 111.100743] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 111.101352] FAT-fs (loop2): Filesystem has been set read-only [ 111.134323] ------------[ cut here ]------------ [ 111.134808] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#0: syz-executor.2/282 [ 111.135607] Modules linked in: [ 111.136000] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.137972] Tainted: [W]=WARN [ 111.138574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.139829] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 111.140572] Code: c7 a0 45 d1 85 e8 01 7c fa 02 49 8d 7d 40 5b 48 c7 c6 10 e2 be 81 5d 41 5c 41 5d 41 5e 41 5f e9 57 b3 9c ff e8 82 46 b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 74 46 b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 111.143453] RSP: 0018:ffff88801a02fe20 EFLAGS: 00010293 [ 111.144328] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bf9de5 [ 111.145914] RDX: ffff88801518d280 RSI: ffffffff81bfa0fe RDI: 0000000000000005 [ 111.146986] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 111.148117] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801518db58 [ 111.149280] R13: ffff8880160e7880 R14: 0000000000000001 R15: ffff8880160e78c0 [ 111.150397] FS: 0000555567a69400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.151684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.152167] CR2: 00007fffca8f2fe8 CR3: 000000003aca1000 CR4: 0000000000350ef0 [ 111.152730] Call Trace: [ 111.152964] [ 111.153151] task_work_run+0x172/0x280 [ 111.153470] ? __pfx_task_work_run+0x10/0x10 [ 111.153851] ? __x64_sys_umount+0x114/0x190 [ 111.154196] ? __pfx___x64_sys_umount+0x10/0x10 [ 111.154568] exit_to_user_mode_loop+0xef/0x110 [ 111.154953] do_syscall_64+0x2f7/0x360 [ 111.155268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.155686] RIP: 0033:0x7f7f73e85f87 [ 111.156007] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.157437] RSP: 002b:00007fffca8f37b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.158057] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00007f7f73e85f87 [ 111.158614] RDX: 00007fffca8f3889 RSI: 000000000000000a RDI: 00007fffca8f3880 [ 111.159193] RBP: 00007fffca8f3880 R08: 00000000ffffffff R09: 00007fffca8f3650 [ 111.159795] R10: 0000555567a6ac7b R11: 0000000000000246 R12: 00007f7f73ede105 [ 111.160356] R13: 00007fffca8f4940 R14: 0000555567a6ac20 R15: 00007fffca8f4980 [ 111.160938] [ 111.161129] irq event stamp: 163293 [ 111.161416] hardirqs last enabled at (163301): [] __up_console_sem+0x78/0x80 [ 111.162126] hardirqs last disabled at (163310): [] __up_console_sem+0x5d/0x80 [ 111.162825] softirqs last enabled at (163158): [] handle_softirqs+0x50c/0x770 [ 111.163527] softirqs last disabled at (163153): [] __irq_exit_rcu+0xc4/0x100 [ 111.164225] ---[ end trace 0000000000000000 ]--- 11:02:53 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffee6, &(0x7f0000000000)={&(0x7f0000002640)="19b2c8e9a1173c54", 0x48}}, 0xc810) 11:02:53 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup(r1) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:53 executing program 1: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 11:02:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) r1 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0xd4000a8b) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 11:02:53 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) r1 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0xd4000a8b) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 11:02:53 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 11:02:53 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x3, 0x1}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@empty, 0x10000, 0x1}, 0x20) write$binfmt_script(r1, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) 11:02:53 executing program 5: request_key(&(0x7f00000001c0)='logon\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000240)='#@\x00', 0x0) [ 111.220733] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 111.221939] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 111.222655] CPU: 1 UID: 0 PID: 3960 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.223609] Tainted: [W]=WARN [ 111.223860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.224514] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.224903] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.226341] RSP: 0018:ffff88804742f800 EFLAGS: 00010212 [ 111.226764] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 111.227321] RDX: ffff888016d63700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 111.227884] RBP: ffff88804742fa70 R08: ffff88806cf31340 R09: ffffe8ffffd10698 [ 111.228441] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.228993] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 111.229548] FS: 000055558aeed400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.230174] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.230628] CR2: 0000000020002640 CR3: 000000000d60c000 CR4: 0000000000350ef0 [ 111.231182] Call Trace: [ 111.231399] [ 111.231602] ? __pfx_perf_tp_event+0x10/0x10 [ 111.231960] ? do_raw_spin_unlock+0x53/0x220 [ 111.232320] ? __kasan_unpoison_pages+0x2f/0x40 [ 111.232696] ? get_page_from_freelist+0x194a/0x24b0 [ 111.233103] ? should_fail_alloc_page+0xe8/0x110 [ 111.233484] ? __is_insn_slot_addr+0x140/0x290 [ 111.233854] ? trace_mm_page_alloc+0xfc/0x150 [ 111.234211] ? __alloc_frozen_pages_noprof+0x296/0x1f20 [ 111.234636] ? perf_trace_lock+0xb5/0x5d0 [ 111.234972] ? perf_trace_run_bpf_submit+0xef/0x180 [ 111.235369] perf_trace_run_bpf_submit+0xef/0x180 [ 111.235769] perf_trace_lock+0x337/0x5d0 [ 111.236096] ? __pfx_perf_trace_lock+0x10/0x10 [ 111.236461] ? lock_acquire+0x15e/0x2f0 [ 111.236778] ? futex_ref_get+0x48/0x300 [ 111.237095] ? futex_ref_get+0x114/0x300 [ 111.237415] ? futex_hash+0x15c/0x390 [ 111.237718] lock_release+0x1ab/0x290 [ 111.238026] ? futex_hash+0x15c/0x390 [ 111.238329] futex_ref_get+0x119/0x300 [ 111.238639] ? futex_hash+0x15c/0x390 [ 111.238943] futex_hash+0x70/0x390 [ 111.239228] futex_wake+0x143/0x540 [ 111.239531] ? lock_release+0xc8/0x290 [ 111.239844] ? __pfx_futex_wake+0x10/0x10 [ 111.240175] ? __handle_mm_fault+0x753/0x3260 [ 111.240541] ? perf_trace_lock+0xb5/0x5d0 [ 111.240872] do_futex+0x26d/0x370 [ 111.241154] ? __pfx_do_futex+0x10/0x10 [ 111.241470] ? __pfx_perf_trace_lock+0x10/0x10 [ 111.241836] ? find_held_lock+0x2b/0x80 [ 111.242159] __x64_sys_futex+0x1c9/0x4d0 [ 111.242486] ? exc_page_fault+0xb0/0x180 [ 111.242817] ? __pfx___x64_sys_futex+0x10/0x10 [ 111.243184] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 111.243607] do_syscall_64+0xbf/0x360 [ 111.243913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.244318] RIP: 0033:0x7f588ffd7b19 [ 111.244613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.246017] RSP: 002b:00007fff6baf24e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.246608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f588ffd7b19 [ 111.247162] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f58900eaf68 [ 111.247721] RBP: 00007f58900eaf60 R08: 00007f58900e70a0 R09: 0000000000000000 [ 111.248277] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58900ef268 [ 111.248830] R13: 00007fff6baf25f0 R14: 00007f58900eaf60 R15: 000000000001b1f4 [ 111.249392] [ 111.249581] Modules linked in: [ 111.249870] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 111.250735] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 111.251415] CPU: 1 UID: 0 PID: 3960 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.252342] Tainted: [D]=DIE, [W]=WARN [ 111.252647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.253289] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.253664] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.255072] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 111.255495] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 111.256052] RDX: ffff888016d63700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 111.256604] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd10698 [ 111.257157] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 111.257713] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 111.258268] FS: 000055558aeed400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.258894] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.259347] CR2: 0000000020002640 CR3: 000000000d60c000 CR4: 0000000000350ef0 [ 111.259908] Call Trace: [ 111.260117] [ 111.260297] ? __pfx_perf_tp_event+0x10/0x10 [ 111.260652] ? stack_depot_save_flags+0x2c/0xa20 [ 111.261030] ? kasan_save_stack+0x34/0x50 [ 111.261360] ? kasan_save_stack+0x24/0x50 [ 111.261688] ? kasan_save_track+0x14/0x30 [ 111.262019] ? __kasan_save_free_info+0x3a/0x60 [ 111.262386] ? __kasan_slab_free+0x3f/0x50 [ 111.262719] ? kmem_cache_free+0x2a1/0x540 [ 111.263050] ? rcu_core+0x7c8/0x1800 [ 111.263349] ? handle_softirqs+0x1b1/0x770 [ 111.263698] ? __irq_exit_rcu+0xc4/0x100 [ 111.264021] ? irq_exit_rcu+0x9/0x20 [ 111.264316] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 111.264718] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.265141] ? lock_release+0x3c/0x290 [ 111.265449] ? unwind_next_frame+0x3b7/0x2540 [ 111.265812] ? arch_stack_walk+0x86/0xf0 [ 111.266133] ? stack_trace_save+0x8e/0xc0 [ 111.266462] ? kasan_save_stack+0x24/0x50 [ 111.266796] ? kasan_save_track+0x14/0x30 [ 111.267126] ? __kasan_save_free_info+0x3a/0x60 [ 111.267504] ? __kasan_slab_free+0x3f/0x50 [ 111.267843] ? kmem_cache_free+0x2a1/0x540 [ 111.268181] ? mas_destroy+0x5b6/0x9c0 [ 111.268496] ? mas_store_prealloc+0x66d/0xb00 [ 111.268854] ? vma_complete+0xb62/0x12a0 [ 111.269183] ? __split_vma+0x9f9/0xde0 [ 111.269497] ? vma_modify+0xa9c/0x2030 [ 111.269816] ? vma_modify_flags+0x1b0/0x250 [ 111.270168] ? mprotect_fixup+0x1f4/0xba0 [ 111.270504] ? do_mprotect_pkey+0xa0f/0xd30 [ 111.270852] ? __x64_sys_mprotect+0x78/0xc0 [ 111.271200] ? do_syscall_64+0xbf/0x360 [ 111.271521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.271947] ? perf_trace_run_bpf_submit+0xef/0x180 [ 111.272346] perf_trace_run_bpf_submit+0xef/0x180 [ 111.272738] perf_trace_lock+0x337/0x5d0 [ 111.273066] ? mark_held_locks+0x49/0x80 [ 111.273393] ? __pfx_perf_trace_lock+0x10/0x10 [ 111.273764] ? mark_held_locks+0x49/0x80 [ 111.274092] ? hrtimer_interrupt+0x114/0x830 [ 111.274446] lock_release+0x1ab/0x290 [ 111.274755] ktime_get_update_offsets_now+0xab/0x3c0 [ 111.275163] ? hrtimer_interrupt+0x114/0x830 [ 111.275526] ? __pfx_rcu_core+0x10/0x10 [ 111.275850] hrtimer_interrupt+0x114/0x830 [ 111.276188] ? __pfx_do_sync_core+0x10/0x10 [ 111.276533] ? trace_csd_function_exit+0x134/0x190 [ 111.276929] ? __flush_smp_call_function_queue+0x28c/0x740 [ 111.277377] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 111.277792] sysvec_apic_timer_interrupt+0x6b/0x80 [ 111.278185] [ 111.278367] [ 111.278553] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.278969] RIP: 0010:oops_exit+0x0/0x50 [ 111.279297] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 111.280731] RSP: 0018:ffff88804742f690 EFLAGS: 00000202 [ 111.281153] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 111.281713] RDX: ffff888016d63700 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 111.282273] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 111.282835] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804742f758 [ 111.283402] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 111.283969] ? add_taint+0x5f/0xd0 [ 111.284260] ? oops_end+0x4a/0xe0 [ 111.284551] oops_end+0x65/0xe0 [ 111.284825] exc_general_protection+0x1a2/0x330 [ 111.285204] asm_exc_general_protection+0x26/0x30 [ 111.285591] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.285968] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.287402] RSP: 0018:ffff88804742f800 EFLAGS: 00010212 [ 111.287826] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 111.288398] RDX: ffff888016d63700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 111.288962] RBP: ffff88804742fa70 R08: ffff88806cf31340 R09: ffffe8ffffd10698 [ 111.289525] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.290089] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 111.290654] ? perf_tp_event+0x167/0xe70 [ 111.290989] ? __pfx_perf_tp_event+0x10/0x10 [ 111.291346] ? do_raw_spin_unlock+0x53/0x220 [ 111.291712] ? __kasan_unpoison_pages+0x2f/0x40 [ 111.292089] ? get_page_from_freelist+0x194a/0x24b0 [ 111.292495] ? should_fail_alloc_page+0xe8/0x110 [ 111.292877] ? __is_insn_slot_addr+0x140/0x290 [ 111.293247] ? trace_mm_page_alloc+0xfc/0x150 [ 111.293611] ? __alloc_frozen_pages_noprof+0x296/0x1f20 [ 111.294040] ? perf_trace_lock+0xb5/0x5d0 [ 111.294376] ? perf_trace_run_bpf_submit+0xef/0x180 [ 111.294777] perf_trace_run_bpf_submit+0xef/0x180 [ 111.295171] perf_trace_lock+0x337/0x5d0 [ 111.295507] ? __pfx_perf_trace_lock+0x10/0x10 [ 111.295879] ? lock_acquire+0x15e/0x2f0 [ 111.296200] ? futex_ref_get+0x48/0x300 [ 111.296520] ? futex_ref_get+0x114/0x300 [ 111.296845] ? futex_hash+0x15c/0x390 [ 111.297154] lock_release+0x1ab/0x290 [ 111.297461] ? futex_hash+0x15c/0x390 [ 111.297764] futex_ref_get+0x119/0x300 [ 111.298076] ? futex_hash+0x15c/0x390 [ 111.298379] futex_hash+0x70/0x390 [ 111.298670] futex_wake+0x143/0x540 [ 111.298966] ? lock_release+0xc8/0x290 [ 111.299281] ? __pfx_futex_wake+0x10/0x10 [ 111.299622] ? __handle_mm_fault+0x753/0x3260 [ 111.299986] ? perf_trace_lock+0xb5/0x5d0 [ 111.300320] do_futex+0x26d/0x370 [ 111.300602] ? __pfx_do_futex+0x10/0x10 [ 111.300922] ? __pfx_perf_trace_lock+0x10/0x10 [ 111.301288] ? find_held_lock+0x2b/0x80 [ 111.301611] __x64_sys_futex+0x1c9/0x4d0 [ 111.301939] ? exc_page_fault+0xb0/0x180 [ 111.302266] ? __pfx___x64_sys_futex+0x10/0x10 [ 111.302635] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 111.303056] do_syscall_64+0xbf/0x360 [ 111.303361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.303775] RIP: 0033:0x7f588ffd7b19 [ 111.304071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.305493] RSP: 002b:00007fff6baf24e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.306088] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f588ffd7b19 [ 111.306652] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f58900eaf68 [ 111.307214] RBP: 00007f58900eaf60 R08: 00007f58900e70a0 R09: 0000000000000000 [ 111.307781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58900ef268 [ 111.308340] R13: 00007fff6baf25f0 R14: 00007f58900eaf60 R15: 000000000001b1f4 [ 111.308911] [ 111.309100] Modules linked in: [ 111.309360] ---[ end trace 0000000000000000 ]--- [ 111.309737] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.310116] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.311549] RSP: 0018:ffff88804742f800 EFLAGS: 00010212 [ 111.311970] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 111.312521] RDX: ffff888016d63700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 111.313085] RBP: ffff88804742fa70 R08: ffff88806cf31340 R09: ffffe8ffffd10698 [ 111.313637] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.314199] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 111.314760] FS: 000055558aeed400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.315398] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.315858] CR2: 0000000020002640 CR3: 000000000d60c000 CR4: 0000000000350ef0 [ 111.316425] Kernel panic - not syncing: Fatal exception in interrupt [ 111.317116] Kernel Offset: disabled [ 111.317406] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:02:53 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801a02f750 R8 =0000000000000001 R9 =ffffed1003405ee0 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400 RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555567a69400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fffca8f2fe8 CR3=000000003aca1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff868237bc RDX=0000000000000008 RSI=ffff888015f2fd70 RDI=ffff888015f2f9f0 RBP=ffff888015f2fa48 RSP=ffff888015f2f978 R8 =0000000000000001 R9 =ffff888015f2fa30 R10=000000000003be53 R11=000000000001193c R12=ffff888015f2fa50 R13=ffff888015f2fa38 R14=ffff888015f2fd70 R15=ffff888015f2f9f0 RIP=ffffffff8135817a RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe09591a8c0 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9c1a4b1000 CR3=000000000ca22000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=7269762f736563697665642f7379732f XMM03=2f6b636f6c622f6c6175747269762f73 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055ee65e7e620000055ee65e6f080 XMM06=000055ee65e6f060ffffffff00000002 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000