Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:7694' (ECDSA) to the list of known hosts. 2025/08/29 11:19:35 fuzzer started 2025/08/29 11:19:35 dialing manager at localhost:43077 syzkaller login: [ 51.111634] cgroup: Unknown subsys name 'net' [ 51.268436] cgroup: Unknown subsys name 'cpuset' [ 51.324585] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:19:45 syscalls: 2214 2025/08/29 11:19:45 code coverage: enabled 2025/08/29 11:19:45 comparison tracing: enabled 2025/08/29 11:19:45 extra coverage: enabled 2025/08/29 11:19:45 setuid sandbox: enabled 2025/08/29 11:19:45 namespace sandbox: enabled 2025/08/29 11:19:45 Android sandbox: enabled 2025/08/29 11:19:45 fault injection: enabled 2025/08/29 11:19:45 leak checking: enabled 2025/08/29 11:19:45 net packet injection: enabled 2025/08/29 11:19:45 net device setup: enabled 2025/08/29 11:19:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:19:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:19:45 USB emulation: enabled 2025/08/29 11:19:45 hci packet injection: enabled 2025/08/29 11:19:45 wifi device emulation: enabled 2025/08/29 11:19:45 802.15.4 emulation: enabled 2025/08/29 11:19:45 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:19:45 fetching corpus: 50, signal 23719/27244 (executing program) 2025/08/29 11:19:45 fetching corpus: 100, signal 32579/37557 (executing program) 2025/08/29 11:19:45 fetching corpus: 150, signal 40084/46359 (executing program) 2025/08/29 11:19:45 fetching corpus: 200, signal 48508/55865 (executing program) 2025/08/29 11:19:45 fetching corpus: 250, signal 52375/60965 (executing program) 2025/08/29 11:19:46 fetching corpus: 300, signal 56789/66446 (executing program) 2025/08/29 11:19:46 fetching corpus: 350, signal 61382/72075 (executing program) 2025/08/29 11:19:46 fetching corpus: 400, signal 65668/77290 (executing program) 2025/08/29 11:19:46 fetching corpus: 450, signal 69230/81762 (executing program) 2025/08/29 11:19:46 fetching corpus: 500, signal 72768/86124 (executing program) 2025/08/29 11:19:46 fetching corpus: 550, signal 76778/90840 (executing program) 2025/08/29 11:19:46 fetching corpus: 600, signal 80343/95097 (executing program) 2025/08/29 11:19:46 fetching corpus: 650, signal 82307/98023 (executing program) 2025/08/29 11:19:46 fetching corpus: 700, signal 84797/101226 (executing program) 2025/08/29 11:19:46 fetching corpus: 750, signal 86637/103838 (executing program) 2025/08/29 11:19:46 fetching corpus: 800, signal 89313/107097 (executing program) 2025/08/29 11:19:47 fetching corpus: 850, signal 90665/109268 (executing program) 2025/08/29 11:19:47 fetching corpus: 900, signal 92725/111926 (executing program) 2025/08/29 11:19:47 fetching corpus: 950, signal 93799/113774 (executing program) 2025/08/29 11:19:47 fetching corpus: 1000, signal 95219/115898 (executing program) 2025/08/29 11:19:47 fetching corpus: 1050, signal 96658/117956 (executing program) 2025/08/29 11:19:47 fetching corpus: 1100, signal 98032/119948 (executing program) 2025/08/29 11:19:47 fetching corpus: 1150, signal 99877/122341 (executing program) 2025/08/29 11:19:47 fetching corpus: 1200, signal 100613/123741 (executing program) 2025/08/29 11:19:47 fetching corpus: 1250, signal 101689/125398 (executing program) 2025/08/29 11:19:47 fetching corpus: 1300, signal 104037/128017 (executing program) 2025/08/29 11:19:48 fetching corpus: 1350, signal 106348/130522 (executing program) 2025/08/29 11:19:48 fetching corpus: 1400, signal 107381/132107 (executing program) 2025/08/29 11:19:48 fetching corpus: 1450, signal 110808/135361 (executing program) 2025/08/29 11:19:48 fetching corpus: 1500, signal 112451/137292 (executing program) 2025/08/29 11:19:48 fetching corpus: 1550, signal 113859/139054 (executing program) 2025/08/29 11:19:48 fetching corpus: 1600, signal 115193/140689 (executing program) 2025/08/29 11:19:48 fetching corpus: 1650, signal 116128/142069 (executing program) 2025/08/29 11:19:48 fetching corpus: 1700, signal 117872/144049 (executing program) 2025/08/29 11:19:48 fetching corpus: 1750, signal 118934/145459 (executing program) 2025/08/29 11:19:48 fetching corpus: 1800, signal 120155/146939 (executing program) 2025/08/29 11:19:48 fetching corpus: 1850, signal 121934/148673 (executing program) 2025/08/29 11:19:49 fetching corpus: 1900, signal 122730/149866 (executing program) 2025/08/29 11:19:49 fetching corpus: 1950, signal 124048/151336 (executing program) 2025/08/29 11:19:49 fetching corpus: 2000, signal 124991/152594 (executing program) 2025/08/29 11:19:49 fetching corpus: 2050, signal 125928/153803 (executing program) 2025/08/29 11:19:49 fetching corpus: 2100, signal 126593/154795 (executing program) 2025/08/29 11:19:49 fetching corpus: 2150, signal 127577/155951 (executing program) 2025/08/29 11:19:49 fetching corpus: 2200, signal 128485/157159 (executing program) 2025/08/29 11:19:49 fetching corpus: 2250, signal 129156/158140 (executing program) 2025/08/29 11:19:49 fetching corpus: 2300, signal 130003/159211 (executing program) 2025/08/29 11:19:49 fetching corpus: 2350, signal 130838/160286 (executing program) 2025/08/29 11:19:49 fetching corpus: 2400, signal 132192/161543 (executing program) 2025/08/29 11:19:50 fetching corpus: 2450, signal 133478/162678 (executing program) 2025/08/29 11:19:50 fetching corpus: 2500, signal 134486/163738 (executing program) 2025/08/29 11:19:50 fetching corpus: 2550, signal 135142/164650 (executing program) 2025/08/29 11:19:50 fetching corpus: 2600, signal 136109/165732 (executing program) 2025/08/29 11:19:50 fetching corpus: 2650, signal 137156/166747 (executing program) 2025/08/29 11:19:50 fetching corpus: 2700, signal 137910/167613 (executing program) 2025/08/29 11:19:50 fetching corpus: 2750, signal 138916/168538 (executing program) 2025/08/29 11:19:50 fetching corpus: 2800, signal 139680/169329 (executing program) 2025/08/29 11:19:50 fetching corpus: 2850, signal 140376/170143 (executing program) 2025/08/29 11:19:50 fetching corpus: 2900, signal 141085/170906 (executing program) 2025/08/29 11:19:51 fetching corpus: 2950, signal 141882/171732 (executing program) 2025/08/29 11:19:51 fetching corpus: 3000, signal 142504/172466 (executing program) 2025/08/29 11:19:51 fetching corpus: 3050, signal 143071/173194 (executing program) 2025/08/29 11:19:51 fetching corpus: 3100, signal 143777/173952 (executing program) 2025/08/29 11:19:51 fetching corpus: 3150, signal 144327/174578 (executing program) 2025/08/29 11:19:51 fetching corpus: 3200, signal 145038/175296 (executing program) 2025/08/29 11:19:51 fetching corpus: 3250, signal 145918/176083 (executing program) 2025/08/29 11:19:51 fetching corpus: 3300, signal 146411/176684 (executing program) 2025/08/29 11:19:51 fetching corpus: 3350, signal 146892/177282 (executing program) 2025/08/29 11:19:51 fetching corpus: 3400, signal 147552/177921 (executing program) 2025/08/29 11:19:51 fetching corpus: 3450, signal 148209/178529 (executing program) 2025/08/29 11:19:52 fetching corpus: 3500, signal 148833/179112 (executing program) 2025/08/29 11:19:52 fetching corpus: 3550, signal 149638/179732 (executing program) 2025/08/29 11:19:52 fetching corpus: 3600, signal 150371/180296 (executing program) 2025/08/29 11:19:52 fetching corpus: 3650, signal 150850/180848 (executing program) 2025/08/29 11:19:52 fetching corpus: 3700, signal 151528/181355 (executing program) 2025/08/29 11:19:52 fetching corpus: 3750, signal 151987/181856 (executing program) 2025/08/29 11:19:52 fetching corpus: 3800, signal 152590/182323 (executing program) 2025/08/29 11:19:52 fetching corpus: 3850, signal 153056/182828 (executing program) 2025/08/29 11:19:52 fetching corpus: 3900, signal 153599/183290 (executing program) 2025/08/29 11:19:52 fetching corpus: 3950, signal 153899/183711 (executing program) 2025/08/29 11:19:52 fetching corpus: 4000, signal 154442/184138 (executing program) 2025/08/29 11:19:53 fetching corpus: 4050, signal 155349/184594 (executing program) 2025/08/29 11:19:53 fetching corpus: 4100, signal 155855/185054 (executing program) 2025/08/29 11:19:53 fetching corpus: 4150, signal 156325/185461 (executing program) 2025/08/29 11:19:53 fetching corpus: 4200, signal 156950/185897 (executing program) 2025/08/29 11:19:53 fetching corpus: 4250, signal 157543/186301 (executing program) 2025/08/29 11:19:53 fetching corpus: 4300, signal 158008/186709 (executing program) 2025/08/29 11:19:53 fetching corpus: 4350, signal 158348/187049 (executing program) 2025/08/29 11:19:53 fetching corpus: 4400, signal 158830/187421 (executing program) 2025/08/29 11:19:53 fetching corpus: 4450, signal 159142/187728 (executing program) 2025/08/29 11:19:53 fetching corpus: 4500, signal 159573/188026 (executing program) 2025/08/29 11:19:53 fetching corpus: 4550, signal 160037/188186 (executing program) 2025/08/29 11:19:54 fetching corpus: 4600, signal 160490/188199 (executing program) 2025/08/29 11:19:54 fetching corpus: 4650, signal 160917/188203 (executing program) 2025/08/29 11:19:54 fetching corpus: 4700, signal 161361/188210 (executing program) 2025/08/29 11:19:54 fetching corpus: 4750, signal 161702/188216 (executing program) 2025/08/29 11:19:54 fetching corpus: 4800, signal 162194/188308 (executing program) 2025/08/29 11:19:54 fetching corpus: 4850, signal 162843/188324 (executing program) 2025/08/29 11:19:54 fetching corpus: 4900, signal 163182/188326 (executing program) 2025/08/29 11:19:54 fetching corpus: 4950, signal 163606/188342 (executing program) 2025/08/29 11:19:54 fetching corpus: 5000, signal 164033/188371 (executing program) 2025/08/29 11:19:54 fetching corpus: 5050, signal 164404/188377 (executing program) 2025/08/29 11:19:54 fetching corpus: 5100, signal 164833/188384 (executing program) 2025/08/29 11:19:54 fetching corpus: 5150, signal 165382/188387 (executing program) 2025/08/29 11:19:54 fetching corpus: 5200, signal 165784/188403 (executing program) 2025/08/29 11:19:55 fetching corpus: 5250, signal 166192/188422 (executing program) 2025/08/29 11:19:55 fetching corpus: 5300, signal 166438/188425 (executing program) 2025/08/29 11:19:55 fetching corpus: 5350, signal 166928/188426 (executing program) 2025/08/29 11:19:55 fetching corpus: 5400, signal 167202/188439 (executing program) 2025/08/29 11:19:55 fetching corpus: 5450, signal 167557/188445 (executing program) 2025/08/29 11:19:55 fetching corpus: 5500, signal 167916/188448 (executing program) 2025/08/29 11:19:55 fetching corpus: 5550, signal 168205/188467 (executing program) 2025/08/29 11:19:55 fetching corpus: 5600, signal 168598/188473 (executing program) 2025/08/29 11:19:55 fetching corpus: 5650, signal 169088/188483 (executing program) 2025/08/29 11:19:55 fetching corpus: 5700, signal 169397/188493 (executing program) 2025/08/29 11:19:55 fetching corpus: 5750, signal 169881/188502 (executing program) 2025/08/29 11:19:55 fetching corpus: 5800, signal 170337/188504 (executing program) 2025/08/29 11:19:56 fetching corpus: 5850, signal 170590/188506 (executing program) 2025/08/29 11:19:56 fetching corpus: 5900, signal 170927/188513 (executing program) 2025/08/29 11:19:56 fetching corpus: 5950, signal 171194/188517 (executing program) 2025/08/29 11:19:56 fetching corpus: 6000, signal 171496/188520 (executing program) 2025/08/29 11:19:56 fetching corpus: 6050, signal 172025/188543 (executing program) 2025/08/29 11:19:56 fetching corpus: 6100, signal 172424/188557 (executing program) 2025/08/29 11:19:56 fetching corpus: 6150, signal 172852/188558 (executing program) 2025/08/29 11:19:56 fetching corpus: 6200, signal 173152/188560 (executing program) 2025/08/29 11:19:56 fetching corpus: 6250, signal 173485/188572 (executing program) 2025/08/29 11:19:56 fetching corpus: 6300, signal 173781/188577 (executing program) 2025/08/29 11:19:56 fetching corpus: 6350, signal 174146/188600 (executing program) 2025/08/29 11:19:57 fetching corpus: 6400, signal 174473/188604 (executing program) 2025/08/29 11:19:57 fetching corpus: 6450, signal 174746/188610 (executing program) 2025/08/29 11:19:57 fetching corpus: 6500, signal 175640/188654 (executing program) 2025/08/29 11:19:57 fetching corpus: 6550, signal 175939/188665 (executing program) 2025/08/29 11:19:57 fetching corpus: 6600, signal 176266/188669 (executing program) 2025/08/29 11:19:57 fetching corpus: 6650, signal 176609/188673 (executing program) 2025/08/29 11:19:57 fetching corpus: 6700, signal 176981/188682 (executing program) 2025/08/29 11:19:57 fetching corpus: 6750, signal 177264/188690 (executing program) 2025/08/29 11:19:57 fetching corpus: 6800, signal 177489/188707 (executing program) 2025/08/29 11:19:57 fetching corpus: 6850, signal 177712/188708 (executing program) 2025/08/29 11:19:58 fetching corpus: 6900, signal 178174/188742 (executing program) 2025/08/29 11:19:58 fetching corpus: 6950, signal 178433/188742 (executing program) 2025/08/29 11:19:58 fetching corpus: 7000, signal 178829/188753 (executing program) 2025/08/29 11:19:58 fetching corpus: 7050, signal 179197/188754 (executing program) 2025/08/29 11:19:58 fetching corpus: 7100, signal 179517/188791 (executing program) 2025/08/29 11:19:58 fetching corpus: 7150, signal 179824/188796 (executing program) 2025/08/29 11:19:58 fetching corpus: 7200, signal 180127/188811 (executing program) 2025/08/29 11:19:58 fetching corpus: 7250, signal 180480/188858 (executing program) 2025/08/29 11:19:58 fetching corpus: 7300, signal 180720/188866 (executing program) 2025/08/29 11:19:58 fetching corpus: 7350, signal 180904/188887 (executing program) 2025/08/29 11:19:58 fetching corpus: 7400, signal 181134/188904 (executing program) 2025/08/29 11:19:59 fetching corpus: 7450, signal 181445/188905 (executing program) 2025/08/29 11:19:59 fetching corpus: 7500, signal 181733/188916 (executing program) 2025/08/29 11:19:59 fetching corpus: 7550, signal 182140/188921 (executing program) 2025/08/29 11:19:59 fetching corpus: 7600, signal 182529/188967 (executing program) 2025/08/29 11:19:59 fetching corpus: 7650, signal 182807/189013 (executing program) 2025/08/29 11:20:00 fetching corpus: 7700, signal 183190/189022 (executing program) 2025/08/29 11:20:00 fetching corpus: 7750, signal 183449/189024 (executing program) 2025/08/29 11:20:00 fetching corpus: 7800, signal 183820/189026 (executing program) 2025/08/29 11:20:00 fetching corpus: 7850, signal 184084/189027 (executing program) 2025/08/29 11:20:00 fetching corpus: 7900, signal 184318/189036 (executing program) 2025/08/29 11:20:00 fetching corpus: 7950, signal 184599/189047 (executing program) 2025/08/29 11:20:00 fetching corpus: 8000, signal 184885/189048 (executing program) 2025/08/29 11:20:01 fetching corpus: 8050, signal 185213/189048 (executing program) 2025/08/29 11:20:01 fetching corpus: 8100, signal 185433/189057 (executing program) 2025/08/29 11:20:01 fetching corpus: 8150, signal 185748/189090 (executing program) 2025/08/29 11:20:01 fetching corpus: 8182, signal 185877/189096 (executing program) 2025/08/29 11:20:01 fetching corpus: 8182, signal 185877/189096 (executing program) 2025/08/29 11:20:03 starting 8 fuzzer processes 11:20:03 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x6}) 11:20:03 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000280)={0x100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58) 11:20:03 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:20:03 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = getpgrp(0xffffffffffffffff) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000038c0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20}}], 0x2, 0x0) 11:20:03 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, &(0x7f00000000c0)) 11:20:03 executing program 4: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28002, 0x0) poll(&(0x7f0000000640)=[{r0}], 0x1, 0x4) 11:20:03 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x1}}) 11:20:03 executing program 6: timer_create(0x2, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0) timer_delete(0x0) [ 79.409228] audit: type=1400 audit(1756466404.061:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 80.747894] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.750086] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.752228] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.754003] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.757086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.760557] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.764617] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.766476] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.769505] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.774445] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.785904] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.796717] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.801362] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.806465] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.808495] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.818849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.820521] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.821552] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.822544] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.823813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.829076] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.835535] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.835684] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.838966] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.843300] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.843449] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.844123] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.846319] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.849720] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.852672] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.853708] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.856083] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.856686] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.860645] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.861670] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.862094] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.864613] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.870394] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.880297] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.880556] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.834913] Bluetooth: hci1: command tx timeout [ 82.835904] Bluetooth: hci0: command tx timeout [ 82.897325] Bluetooth: hci2: command tx timeout [ 82.961266] Bluetooth: hci4: command tx timeout [ 82.962998] Bluetooth: hci6: command tx timeout [ 82.963873] Bluetooth: hci3: command tx timeout [ 82.963972] Bluetooth: hci5: command tx timeout [ 82.964836] Bluetooth: hci7: command tx timeout [ 84.881227] Bluetooth: hci0: command tx timeout [ 84.881757] Bluetooth: hci1: command tx timeout [ 84.945259] Bluetooth: hci2: command tx timeout [ 85.009168] Bluetooth: hci6: command tx timeout [ 85.009695] Bluetooth: hci7: command tx timeout [ 85.010083] Bluetooth: hci3: command tx timeout [ 85.010648] Bluetooth: hci4: command tx timeout [ 85.011618] Bluetooth: hci5: command tx timeout [ 86.931386] Bluetooth: hci0: command tx timeout [ 86.933265] Bluetooth: hci1: command tx timeout [ 86.993238] Bluetooth: hci2: command tx timeout [ 87.058392] Bluetooth: hci3: command tx timeout [ 87.059396] Bluetooth: hci5: command tx timeout [ 87.059442] Bluetooth: hci4: command tx timeout [ 87.059471] Bluetooth: hci7: command tx timeout [ 87.059494] Bluetooth: hci6: command tx timeout [ 88.977196] Bluetooth: hci0: command tx timeout [ 88.978233] Bluetooth: hci1: command tx timeout [ 89.042199] Bluetooth: hci2: command tx timeout [ 89.105217] Bluetooth: hci6: command tx timeout [ 89.105663] Bluetooth: hci7: command tx timeout [ 89.105711] Bluetooth: hci4: command tx timeout [ 89.106047] Bluetooth: hci5: command tx timeout [ 89.107204] Bluetooth: hci3: command tx timeout [ 124.492192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.492909] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.615630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.616288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.731317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.731944] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.819216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.819849] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.903730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.904388] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.957933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.959911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.999491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.000810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.103196] audit: type=1400 audit(1756466449.753:8): avc: denied { open } for pid=3859 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.108303] audit: type=1400 audit(1756466449.753:9): avc: denied { kernel } for pid=3859 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.113186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.113821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.138734] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.139522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.194183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.194816] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.273217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.273849] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.358311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.358955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.391943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.392624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.487115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.487755] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.526921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.527834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.580507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.581416] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:20:50 executing program 6: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4) r1 = dup2(r0, r0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x23, &(0x7f00000000c0)=0x2148, 0x4) 11:20:50 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='oom_adj\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) pread64(r0, 0x0, 0x0, 0x0) 11:20:50 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000280)={0x100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58) 11:20:50 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x6, 0x0}, @dev={0xfe, 0x80, '\x00', 0x18}, @private0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x440247, r2}) 11:20:50 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000006f00), 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x40045402, &(0x7f0000000040)) 11:20:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x6}) 11:20:50 executing program 4: arch_prctl$ARCH_SET_GS(0x1001, 0x0) 11:20:50 executing program 2: creat(&(0x7f00000003c0)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) lchown(&(0x7f0000000180)='./file0\x00', 0x0, 0xffffffffffffffff) [ 125.800012] audit: type=1326 audit(1756466450.444:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3895 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c975b3b19 code=0x0 11:20:50 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udp\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x8000000000000) 11:20:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x6}) 11:20:50 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) setgid(0x0) 11:20:50 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b44, 0xf0ff1f00000000) [ 126.625421] audit: type=1326 audit(1756466451.276:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3895 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c975b3b19 code=0x0 11:20:51 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udp\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x8000000000000) 11:20:51 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x6}) 11:20:51 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@seclabel}]}}) 11:20:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@rodir}]}) 11:20:51 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b44, 0xf0ff1f00000000) 11:20:51 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000280)={0x100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58) 11:20:51 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0505405, &(0x7f0000000040)={{0x1}}) 11:20:51 executing program 2: r0 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000240)={0x0, "a8017b3faef01dfbc4aa9bfba00ab3b7a601dcedbae04aeebf7a6792efd271a959e65b8e64d276523bfdec7b34499a46606b8c2574c79ca0b9a10ffa82b0ac95"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000002c0)='.request_key_auth\x00', &(0x7f0000000300)=@keyring) [ 126.681744] No source specified [ 126.687149] No source specified [ 126.712003] kmemleak: Found object by alias at 0x607f1a639230 [ 126.712022] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 126.712041] Tainted: [W]=WARN [ 126.712045] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.712053] Call Trace: [ 126.712057] [ 126.712062] dump_stack_lvl+0xca/0x120 [ 126.712088] __lookup_object+0x94/0xb0 [ 126.712110] delete_object_full+0x27/0x70 [ 126.712127] free_percpu+0x30/0x1160 [ 126.712144] ? arch_uprobe_clear_state+0x16/0x140 [ 126.712165] futex_hash_free+0x38/0xc0 [ 126.712180] mmput+0x2d3/0x390 [ 126.712199] do_exit+0x79d/0x2970 [ 126.712213] ? signal_wake_up_state+0x85/0x120 [ 126.712231] ? zap_other_threads+0x2b9/0x3a0 [ 126.712246] ? __pfx_do_exit+0x10/0x10 [ 126.712259] ? do_group_exit+0x1c3/0x2a0 [ 126.712272] ? lock_release+0xc8/0x290 [ 126.712290] do_group_exit+0xd3/0x2a0 [ 126.712305] __x64_sys_exit_group+0x3e/0x50 [ 126.712319] x64_sys_call+0x18c5/0x18d0 [ 126.712334] do_syscall_64+0xbf/0x360 [ 126.712347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.712358] RIP: 0033:0x7f06bcfa9b19 [ 126.712367] Code: Unable to access opcode bytes at 0x7f06bcfa9aef. [ 126.712373] RSP: 002b:00007ffe6c576a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 126.712384] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f06bcfa9b19 [ 126.712392] RDX: 00007f06bcf5c72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 126.712399] RBP: 0000000000000000 R08: 0000001b2cf23cac R09: 0000000000000000 [ 126.712406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.712412] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe6c576b50 [ 126.712430] [ 126.712433] kmemleak: Object (percpu) 0x607f1a639228 (size 16): [ 126.712440] kmemleak: comm "systemd-udevd", pid 113, jiffies 4294792825 [ 126.712447] kmemleak: min_count = 1 [ 126.712451] kmemleak: count = 0 [ 126.712455] kmemleak: flags = 0x21 [ 126.712459] kmemleak: checksum = 0 [ 126.712463] kmemleak: backtrace: [ 126.712466] pcpu_alloc_noprof+0x87a/0x1170 [ 126.712481] mm_init+0x99b/0x1170 [ 126.712489] copy_process+0x3ab7/0x73c0 [ 126.712499] kernel_clone+0xea/0x7f0 [ 126.712508] __do_sys_clone+0xce/0x120 [ 126.712518] do_syscall_64+0xbf/0x360 [ 126.712527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.737670] kmemleak: Found object by alias at 0x607f1a63922c [ 126.737686] CPU: 1 UID: 0 PID: 3935 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 126.737703] Tainted: [W]=WARN [ 126.737707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.737714] Call Trace: [ 126.737718] [ 126.737722] dump_stack_lvl+0xca/0x120 [ 126.737747] __lookup_object+0x94/0xb0 [ 126.737764] delete_object_full+0x27/0x70 [ 126.737780] free_percpu+0x30/0x1160 [ 126.737796] ? arch_uprobe_clear_state+0x16/0x140 [ 126.737816] futex_hash_free+0x38/0xc0 [ 126.737830] mmput+0x2d3/0x390 [ 126.737849] do_exit+0x79d/0x2970 [ 126.737863] ? lock_release+0xc8/0x290 [ 126.737880] ? __pfx_do_exit+0x10/0x10 [ 126.737894] ? find_held_lock+0x2b/0x80 [ 126.737911] ? get_signal+0x835/0x2340 [ 126.737931] do_group_exit+0xd3/0x2a0 [ 126.737947] get_signal+0x2315/0x2340 [ 126.737964] ? __virt_addr_valid+0x2e8/0x5d0 [ 126.737987] ? __pfx_get_signal+0x10/0x10 [ 126.738003] ? do_futex+0x135/0x370 [ 126.738017] ? __pfx_do_futex+0x10/0x10 [ 126.738029] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 126.738045] arch_do_signal_or_restart+0x80/0x790 [ 126.738063] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 126.738079] ? __x64_sys_futex+0x1c9/0x4d0 [ 126.738097] ? __x64_sys_futex+0x1d2/0x4d0 [ 126.738115] ? __pfx___x64_sys_futex+0x10/0x10 [ 126.738131] ? __pfx___x64_sys_mount+0x10/0x10 [ 126.738150] exit_to_user_mode_loop+0x8b/0x110 [ 126.738164] do_syscall_64+0x2f7/0x360 [ 126.738176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.738188] RIP: 0033:0x7fe9a4affb19 [ 126.738197] Code: Unable to access opcode bytes at 0x7fe9a4affaef. [ 126.738202] RSP: 002b:00007fe9a2075218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.738214] RAX: fffffffffffffe00 RBX: 00007fe9a4c12f68 RCX: 00007fe9a4affb19 [ 126.738222] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe9a4c12f68 [ 126.738229] RBP: 00007fe9a4c12f60 R08: 0000000000000000 R09: 0000000000000000 [ 126.738235] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9a4c12f6c [ 126.738242] R13: 00007ffdc715441f R14: 00007fe9a2075300 R15: 0000000000022000 [ 126.738260] [ 126.738263] kmemleak: Object (percpu) 0x607f1a639228 (size 16): [ 126.738270] kmemleak: comm "systemd-udevd", pid 113, jiffies 4294792825 [ 126.738277] kmemleak: min_count = 1 [ 126.738281] kmemleak: count = 0 [ 126.738284] kmemleak: flags = 0x21 [ 126.738288] kmemleak: checksum = 0 [ 126.738292] kmemleak: backtrace: [ 126.738296] pcpu_alloc_noprof+0x87a/0x1170 [ 126.738310] mm_init+0x99b/0x1170 [ 126.738318] copy_process+0x3ab7/0x73c0 [ 126.738328] kernel_clone+0xea/0x7f0 [ 126.738338] __do_sys_clone+0xce/0x120 [ 126.738347] do_syscall_64+0xbf/0x360 [ 126.738356] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:20:51 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0505405, &(0x7f0000000040)={{0x1}}) 11:20:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@rodir}]}) 11:20:51 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b44, 0xf0ff1f00000000) 11:20:51 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0505405, &(0x7f0000000040)={{0x1}}) 11:20:51 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udp\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x8000000000000) 11:20:51 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x25}) [ 126.871551] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 126.910867] No source specified 11:20:51 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udp\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x8000000000000) 11:20:51 executing program 2: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="05b0003fa4710c"], 0xe) 11:20:51 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b44, 0xf0ff1f00000000) 11:20:51 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000280)={0x100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58) 11:20:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@rodir}]}) 11:20:51 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) 11:20:51 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0505405, &(0x7f0000000040)={{0x1}}) 11:20:51 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x51, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 127.027327] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 127.049939] No source specified [ 127.071780] Bluetooth: hci5: ISO packet for unknown connection handle 176 [ 127.072610] Bluetooth: hci5: ISO packet for unknown connection handle 176 [ 127.085931] kmemleak: Found object by alias at 0x607f1a63922c [ 127.085947] CPU: 1 UID: 0 PID: 3972 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.085966] Tainted: [W]=WARN [ 127.085974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.085982] Call Trace: [ 127.085986] [ 127.085991] dump_stack_lvl+0xca/0x120 [ 127.086020] __lookup_object+0x94/0xb0 [ 127.086038] delete_object_full+0x27/0x70 [ 127.086055] free_percpu+0x30/0x1160 [ 127.086072] ? arch_uprobe_clear_state+0x16/0x140 [ 127.086093] futex_hash_free+0x38/0xc0 [ 127.086108] mmput+0x2d3/0x390 [ 127.086127] do_exit+0x79d/0x2970 [ 127.086142] ? lock_release+0xc8/0x290 [ 127.086160] ? __pfx_do_exit+0x10/0x10 [ 127.086174] ? find_held_lock+0x2b/0x80 [ 127.086191] ? get_signal+0x835/0x2340 [ 127.086212] do_group_exit+0xd3/0x2a0 [ 127.086227] get_signal+0x2315/0x2340 [ 127.086244] ? __virt_addr_valid+0x2e8/0x5d0 [ 127.086268] ? __pfx_get_signal+0x10/0x10 [ 127.086283] ? do_futex+0x135/0x370 [ 127.086298] ? __pfx_do_futex+0x10/0x10 [ 127.086310] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 127.086325] arch_do_signal_or_restart+0x80/0x790 [ 127.086344] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 127.086360] ? __x64_sys_futex+0x1c9/0x4d0 [ 127.086372] ? __x64_sys_futex+0x1d2/0x4d0 [ 127.086387] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.086400] ? xfd_validate_state+0x55/0x180 [ 127.086417] ? __pfx___x64_sys_mount+0x10/0x10 [ 127.086436] exit_to_user_mode_loop+0x8b/0x110 [ 127.086449] do_syscall_64+0x2f7/0x360 [ 127.086462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.086474] RIP: 0033:0x7fe9a4affb19 [ 127.086484] Code: Unable to access opcode bytes at 0x7fe9a4affaef. [ 127.086489] RSP: 002b:00007fe9a2075218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.086500] RAX: fffffffffffffe00 RBX: 00007fe9a4c12f68 RCX: 00007fe9a4affb19 [ 127.086508] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe9a4c12f68 [ 127.086515] RBP: 00007fe9a4c12f60 R08: 0000000000000000 R09: 0000000000000000 [ 127.086523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9a4c12f6c [ 127.086530] R13: 00007ffdc715441f R14: 00007fe9a2075300 R15: 0000000000022000 [ 127.086547] [ 127.086551] kmemleak: Object (percpu) 0x607f1a639228 (size 16): [ 127.086558] kmemleak: comm "syz-executor.2", pid 286, jiffies 4294793792 [ 127.086565] kmemleak: min_count = 1 [ 127.086568] kmemleak: count = 0 [ 127.086572] kmemleak: flags = 0x21 [ 127.086576] kmemleak: checksum = 0 [ 127.086580] kmemleak: backtrace: [ 127.086584] pcpu_alloc_noprof+0x87a/0x1170 [ 127.086598] mm_init+0x99b/0x1170 [ 127.086606] copy_process+0x3ab7/0x73c0 [ 127.086616] kernel_clone+0xea/0x7f0 [ 127.086626] __do_sys_clone+0xce/0x120 [ 127.086635] do_syscall_64+0xbf/0x360 [ 127.086644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.138594] kmemleak: Found object by alias at 0x607f1a639230 [ 127.138622] CPU: 0 UID: 0 PID: 3968 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.138654] Tainted: [W]=WARN [ 127.138661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.138673] Call Trace: [ 127.138679] [ 127.138688] dump_stack_lvl+0xca/0x120 [ 127.138726] __lookup_object+0x94/0xb0 [ 127.138754] delete_object_full+0x27/0x70 [ 127.138782] free_percpu+0x30/0x1160 [ 127.138811] ? arch_uprobe_clear_state+0x16/0x140 [ 127.138845] futex_hash_free+0x38/0xc0 [ 127.138870] mmput+0x2d3/0x390 [ 127.138903] do_exit+0x79d/0x2970 [ 127.138934] ? __pfx_do_exit+0x10/0x10 [ 127.138959] ? find_held_lock+0x2b/0x80 [ 127.138990] ? get_signal+0x835/0x2340 [ 127.139026] do_group_exit+0xd3/0x2a0 [ 127.139052] get_signal+0x2315/0x2340 [ 127.139093] ? __pfx_get_signal+0x10/0x10 [ 127.139130] ? do_futex+0x135/0x370 [ 127.139154] ? __pfx_do_futex+0x10/0x10 [ 127.139182] arch_do_signal_or_restart+0x80/0x790 [ 127.139212] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 127.139241] ? __x64_sys_futex+0x1c9/0x4d0 [ 127.139263] ? __x64_sys_futex+0x1d2/0x4d0 [ 127.139287] ? fput+0x6a/0x100 [ 127.139313] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.139338] ? __pfx___x64_sys_pread64+0x10/0x10 [ 127.139367] exit_to_user_mode_loop+0x8b/0x110 [ 127.139390] do_syscall_64+0x2f7/0x360 [ 127.139411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.139431] RIP: 0033:0x7f06bcfa9b19 [ 127.139447] Code: Unable to access opcode bytes at 0x7f06bcfa9aef. [ 127.139456] RSP: 002b:00007f06ba51f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca 11:20:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@rodir}]}) [ 127.139476] RAX: fffffffffffffe00 RBX: 00007f06bd0bcf68 RCX: 00007f06bcfa9b19 [ 127.139490] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f06bd0bcf68 [ 127.139502] RBP: 00007f06bd0bcf60 R08: 0000000000000000 R09: 0000000000000000 [ 127.139515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f06bd0bcf6c [ 127.139527] R13: 00007ffe6c57683f R14: 00007f06ba51f300 R15: 0000000000022000 [ 127.139556] [ 127.139562] kmemleak: Object (percpu) 0x607f1a639228 (size 16): [ 127.139575] kmemleak: comm "syz-executor.2", pid 286, jiffies 4294793792 [ 127.139587] kmemleak: min_count = 1 [ 127.139594] kmemleak: count = 0 [ 127.139600] kmemleak: flags = 0x21 [ 127.139607] kmemleak: checksum = 0 [ 127.139614] kmemleak: backtrace: [ 127.139619] pcpu_alloc_noprof+0x87a/0x1170 [ 127.139646] mm_init+0x99b/0x1170 [ 127.139661] copy_process+0x3ab7/0x73c0 [ 127.139679] kernel_clone+0xea/0x7f0 [ 127.139697] __do_sys_clone+0xce/0x120 [ 127.139715] do_syscall_64+0xbf/0x360 [ 127.139730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.160420] No source specified 11:20:51 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001580), 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, 0x0) 11:20:51 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000080)='m', 0x1}], 0x1}}], 0x3, 0x44894) sendmmsg$inet6(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)='\'', 0x1}], 0x1}}], 0x1, 0x1) 11:20:51 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x541b, 0x0) 11:20:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2800000064000102", @ANYRES64, @ANYRES64], 0x28}], 0x1}, 0x0) 11:20:51 executing program 5: mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff) 11:20:51 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r4}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', r4, 0x29, 0x1f, 0x1, 0x3, 0x30, @empty, @remote, 0x0, 0x700, 0x4, 0x5}}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/snmp\x00') recvmsg$unix(r5, &(0x7f00000008c0)={&(0x7f0000000280), 0x6e, &(0x7f0000000740)=[{&(0x7f0000000400)=""/99, 0x63}, {&(0x7f0000000480)=""/140, 0x8c}, {&(0x7f0000000540)=""/67, 0x43}, {&(0x7f00000005c0)=""/33, 0x21}, {&(0x7f0000000600)=""/14, 0xe}, {&(0x7f0000000640)=""/54, 0x36}, {&(0x7f0000000680)=""/160, 0xa0}], 0x7, &(0x7f00000007c0)=[@cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc8}, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) [ 127.244536] kmemleak: Found object by alias at 0x607f1a639234 [ 127.244556] CPU: 1 UID: 0 PID: 3973 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.244574] Tainted: [W]=WARN [ 127.244578] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.244586] Call Trace: [ 127.244590] [ 127.244595] dump_stack_lvl+0xca/0x120 [ 127.244622] __lookup_object+0x94/0xb0 [ 127.244640] delete_object_full+0x27/0x70 [ 127.244656] free_percpu+0x30/0x1160 [ 127.244673] ? arch_uprobe_clear_state+0x16/0x140 [ 127.244693] futex_hash_free+0x38/0xc0 [ 127.244709] mmput+0x2d3/0x390 [ 127.244728] do_exit+0x79d/0x2970 [ 127.244742] ? lock_release+0xc8/0x290 [ 127.244759] ? __pfx_do_exit+0x10/0x10 [ 127.244773] ? find_held_lock+0x2b/0x80 [ 127.244790] ? get_signal+0x835/0x2340 [ 127.244811] do_group_exit+0xd3/0x2a0 [ 127.244825] get_signal+0x2315/0x2340 [ 127.244844] ? __pfx___do_sys_clone3+0x10/0x10 [ 127.244859] ? __pfx_get_signal+0x10/0x10 [ 127.244874] ? do_futex+0x135/0x370 [ 127.244888] ? __pfx_do_futex+0x10/0x10 [ 127.244911] arch_do_signal_or_restart+0x80/0x790 [ 127.244930] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 127.244946] ? __x64_sys_futex+0x1c9/0x4d0 [ 127.244958] ? __x64_sys_futex+0x1d2/0x4d0 [ 127.244972] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.244986] ? xfd_validate_state+0x55/0x180 [ 127.245007] exit_to_user_mode_loop+0x8b/0x110 [ 127.245021] do_syscall_64+0x2f7/0x360 [ 127.245033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.245045] RIP: 0033:0x7f5f2e2f0b19 [ 127.245055] Code: Unable to access opcode bytes at 0x7f5f2e2f0aef. [ 127.245060] RSP: 002b:00007f5f2b866218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.245071] RAX: fffffffffffffe00 RBX: 00007f5f2e403f68 RCX: 00007f5f2e2f0b19 [ 127.245079] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5f2e403f68 [ 127.245086] RBP: 00007f5f2e403f60 R08: 0000000000000000 R09: 0000000000000000 [ 127.245097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f2e403f6c [ 127.245104] R13: 00007ffd51c0e97f R14: 00007f5f2b866300 R15: 0000000000022000 [ 127.245120] [ 127.245123] kmemleak: Object (percpu) 0x607f1a639228 (size 16): [ 127.245130] kmemleak: comm "syz-executor.4", pid 280, jiffies 4294794032 [ 127.245137] kmemleak: min_count = 1 [ 127.245141] kmemleak: count = 0 [ 127.245145] kmemleak: flags = 0x21 [ 127.245149] kmemleak: checksum = 0 [ 127.245153] kmemleak: backtrace: [ 127.245157] pcpu_alloc_noprof+0x87a/0x1170 [ 127.245171] mm_init+0x99b/0x1170 [ 127.245179] copy_process+0x3ab7/0x73c0 [ 127.245189] kernel_clone+0xea/0x7f0 [ 127.245198] __do_sys_clone+0xce/0x120 [ 127.245208] do_syscall_64+0xbf/0x360 [ 127.245217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.321188] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 127.335037] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 11:20:52 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x9, 0x0) 11:20:52 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) 11:20:52 executing program 5: mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff) 11:20:52 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$search(0x12, 0x0, 0x0, 0x0, 0x0) [ 127.429690] Oops: general protection fault, probably for non-canonical address 0xdffffc03b55df218: 0000 [#1] SMP KASAN NOPTI [ 127.431405] KASAN: probably user-memory-access in range [0x0000001daaef90c0-0x0000001daaef90c7] [ 127.432696] CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.440259] Tainted: [W]=WARN [ 127.440748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.442006] RIP: 0010:dst_dev_put+0x21/0x250 [ 127.442698] Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb e8 40 c6 a8 fd 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 01 00 00 48 8d 7b 3a 48 8b 2b 48 b8 00 00 00 [ 127.445438] RSP: 0018:ffff888009617bf0 EFLAGS: 00010217 [ 127.446252] RAX: dffffc0000000000 RBX: 0000001daaef90c7 RCX: ffffffff84103977 [ 127.447389] RDX: 00000003b55df218 RSI: ffffffff83cb2140 RDI: 0000001daaef90c7 [ 127.448464] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000001 [ 127.449551] R10: 0000000000000000 R11: 0000000000000001 R12: fffffbfff0b0a4ac [ 127.450613] R13: 0000607f1a639228 R14: 0000607f1a639228 R15: 0000000000000000 [ 127.451681] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 127.452875] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.453765] CR2: 0000565230b41080 CR3: 000000001dced000 CR4: 0000000000350ef0 [ 127.454820] Call Trace: [ 127.455221] [ 127.455576] rt_fibinfo_free_cpus.part.0+0xdb/0x1a0 [ 127.456367] ? rcu_core+0x7c3/0x1800 [ 127.456983] fib_nh_common_release+0xa8/0x2c0 [ 127.457683] ? rcu_core+0x7c3/0x1800 [ 127.458279] ? rcu_core+0x7c3/0x1800 [ 127.458865] fib6_info_destroy_rcu+0x18b/0x1f0 [ 127.459582] ? rcu_core+0x7c3/0x1800 [ 127.460168] rcu_core+0x7c8/0x1800 [ 127.460737] ? __pfx_rcu_core+0x10/0x10 [ 127.461353] ? __pfx___schedule+0x10/0x10 [ 127.462007] handle_softirqs+0x1b1/0x770 [ 127.462656] ? __pfx_run_ksoftirqd+0x10/0x10 [ 127.463340] ? smpboot_thread_fn+0x371/0x9d0 [ 127.464026] run_ksoftirqd+0x2e/0x60 [ 127.464619] smpboot_thread_fn+0x41d/0x9d0 [ 127.465280] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 127.466002] kthread+0x3c8/0x740 [ 127.466539] ? __pfx_kthread+0x10/0x10 [ 127.467151] ? ret_from_fork+0x23/0x430 [ 127.467780] ? lock_release+0xc8/0x290 [ 127.468377] ? __pfx_kthread+0x10/0x10 [ 127.468994] ret_from_fork+0x34b/0x430 [ 127.469612] ? __pfx_kthread+0x10/0x10 [ 127.470225] ret_from_fork_asm+0x1a/0x30 [ 127.470868] [ 127.471232] Modules linked in: [ 127.471844] ---[ end trace 0000000000000000 ]--- [ 127.472583] RIP: 0010:dst_dev_put+0x21/0x250 [ 127.473361] Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb e8 40 c6 a8 fd 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 01 00 00 48 8d 7b 3a 48 8b 2b 48 b8 00 00 00 [ 127.475945] RSP: 0018:ffff888009617bf0 EFLAGS: 00010217 [ 127.476748] RAX: dffffc0000000000 RBX: 0000001daaef90c7 RCX: ffffffff84103977 [ 127.477811] RDX: 00000003b55df218 RSI: ffffffff83cb2140 RDI: 0000001daaef90c7 [ 127.478841] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000001 [ 127.479882] R10: 0000000000000000 R11: 0000000000000001 R12: fffffbfff0b0a4ac [ 127.480924] R13: 0000607f1a639228 R14: 0000607f1a639228 R15: 0000000000000000 [ 127.481968] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 127.483144] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.483981] CR2: 0000565230b41080 CR3: 000000001dced000 CR4: 0000000000350ef0 11:20:52 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$search(0x12, 0x0, 0x0, 0x0, 0x0) 11:20:52 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x9, 0x0) [ 127.485172] Kernel panic - not syncing: Fatal exception in interrupt [ 127.486296] Kernel Offset: disabled [ 127.486810] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:20:52 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888009617550 R8 =0000000000000000 R9 =ffffed10015fb046 R10=0000000000000020 R11=552030203a555043 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000565230b41080 CR3=000000001dced000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000080010101 RBX=0000000000000000 RCX=ffffffff8165a8c2 RDX=0000000000000000 RSI=0000001da4dd0600 RDI=ffff88806cf238c0 RBP=0000001da4dd0600 RSP=ffff88806cf08f08 R8 =0000000000000000 R9 =ffffed100d9e5010 R10=0000000000000000 R11=ffff88801c66a098 R12=ffff88806cf238c0 R13=0000000000000003 R14=0000000000000000 R15=ffff88806cf28080 RIP=ffffffff81654504 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5f2e370541 CR3=000000000f8fe000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11 XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000