Debian GNU/Linux 11 syzkaller ttyS0
Warning: Permanently added '[localhost]:11922' (ECDSA) to the list of known hosts.
2025/09/01 08:29:03 fuzzer started
2025/09/01 08:29:03 dialing manager at localhost:35473
syzkaller login: [ 44.688959] cgroup: Unknown subsys name 'net'
[ 44.751254] cgroup: Unknown subsys name 'cpuset'
[ 44.765702] cgroup: Unknown subsys name 'rlimit'
2025/09/01 08:29:13 syscalls: 2214
2025/09/01 08:29:13 code coverage: enabled
2025/09/01 08:29:13 comparison tracing: enabled
2025/09/01 08:29:13 extra coverage: enabled
2025/09/01 08:29:13 setuid sandbox: enabled
2025/09/01 08:29:13 namespace sandbox: enabled
2025/09/01 08:29:13 Android sandbox: enabled
2025/09/01 08:29:13 fault injection: enabled
2025/09/01 08:29:13 leak checking: enabled
2025/09/01 08:29:13 net packet injection: enabled
2025/09/01 08:29:13 net device setup: enabled
2025/09/01 08:29:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 08:29:13 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 08:29:13 USB emulation: enabled
2025/09/01 08:29:13 hci packet injection: enabled
2025/09/01 08:29:13 wifi device emulation: enabled
2025/09/01 08:29:13 802.15.4 emulation: enabled
2025/09/01 08:29:13 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 08:29:13 fetching corpus: 50, signal 27428/30441 (executing program)
2025/09/01 08:29:14 fetching corpus: 100, signal 39359/43214 (executing program)
2025/09/01 08:29:14 fetching corpus: 150, signal 52714/56854 (executing program)
2025/09/01 08:29:14 fetching corpus: 200, signal 58750/63293 (executing program)
2025/09/01 08:29:14 fetching corpus: 250, signal 62509/67602 (executing program)
2025/09/01 08:29:14 fetching corpus: 300, signal 68042/73247 (executing program)
2025/09/01 08:29:14 fetching corpus: 350, signal 70388/76006 (executing program)
2025/09/01 08:29:15 fetching corpus: 400, signal 73188/79095 (executing program)
2025/09/01 08:29:15 fetching corpus: 450, signal 76174/82168 (executing program)
2025/09/01 08:29:15 fetching corpus: 500, signal 79390/85358 (executing program)
2025/09/01 08:29:15 fetching corpus: 550, signal 81921/87888 (executing program)
2025/09/01 08:29:15 fetching corpus: 600, signal 85335/91030 (executing program)
2025/09/01 08:29:15 fetching corpus: 650, signal 88585/93901 (executing program)
2025/09/01 08:29:15 fetching corpus: 700, signal 90282/95516 (executing program)
2025/09/01 08:29:15 fetching corpus: 750, signal 92569/97476 (executing program)
2025/09/01 08:29:15 fetching corpus: 800, signal 94663/99268 (executing program)
2025/09/01 08:29:16 fetching corpus: 850, signal 96165/100547 (executing program)
2025/09/01 08:29:16 fetching corpus: 900, signal 97954/101973 (executing program)
2025/09/01 08:29:16 fetching corpus: 950, signal 99508/103144 (executing program)
2025/09/01 08:29:16 fetching corpus: 1000, signal 100841/104170 (executing program)
2025/09/01 08:29:16 fetching corpus: 1050, signal 102596/105353 (executing program)
2025/09/01 08:29:16 fetching corpus: 1100, signal 103944/106251 (executing program)
2025/09/01 08:29:16 fetching corpus: 1150, signal 106081/107644 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108346 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108381 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108423 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108475 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108527 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108561 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108599 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108657 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108711 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108753 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108796 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108850 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108897 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108940 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/108977 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109017 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109064 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109103 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109138 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109189 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109230 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109288 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109331 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109384 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109418 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109459 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109490 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109547 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109599 (executing program)
2025/09/01 08:29:16 fetching corpus: 1180, signal 107294/109644 (executing program)
2025/09/01 08:29:17 fetching corpus: 1180, signal 107294/109649 (executing program)
2025/09/01 08:29:17 fetching corpus: 1180, signal 107294/109649 (executing program)
2025/09/01 08:29:19 starting 8 fuzzer processes
08:29:19 executing program 0:
syz_emit_ethernet(0x7a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "459202", 0x44, 0x29, 0x0, @local, @private2}}}}, 0x0)
08:29:19 executing program 1:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:29:19 executing program 2:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:29:19 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0)
08:29:19 executing program 5:
r0 = socket$inet(0x2, 0xa, 0x0)
write$binfmt_misc(r0, 0x0, 0x0)
08:29:19 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x38, 0x0, 0x0)
[ 59.989990] audit: type=1400 audit(1756715359.350:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:29:19 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
08:29:19 executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x48}}, 0x0)
[ 61.199397] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 61.203354] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 61.205752] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 61.207991] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 61.209595] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 61.210185] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 61.214724] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 61.218341] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 61.220825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 61.226467] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 61.263307] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 61.264639] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 61.271453] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 61.272564] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 61.278634] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 61.280749] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 61.282828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 61.284945] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 61.286635] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 61.290085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 61.292513] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 61.292687] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 61.294643] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 61.313433] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 61.326334] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 61.331979] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 61.333570] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 61.355947] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 61.355959] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 61.357276] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 61.368397] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 61.371106] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 61.375911] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 61.380981] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 61.383301] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 61.384661] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 61.403334] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 61.407446] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 61.412998] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 61.435333] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 63.293466] Bluetooth: hci1: command tx timeout
[ 63.293480] Bluetooth: hci0: command tx timeout
[ 63.357273] Bluetooth: hci3: command tx timeout
[ 63.421206] Bluetooth: hci4: command tx timeout
[ 63.421733] Bluetooth: hci2: command tx timeout
[ 63.484138] Bluetooth: hci5: command tx timeout
[ 63.484381] Bluetooth: hci7: command tx timeout
[ 63.548933] Bluetooth: hci6: command tx timeout
[ 65.340225] Bluetooth: hci1: command tx timeout
[ 65.340247] Bluetooth: hci0: command tx timeout
[ 65.404107] Bluetooth: hci3: command tx timeout
[ 65.468182] Bluetooth: hci4: command tx timeout
[ 65.468237] Bluetooth: hci2: command tx timeout
[ 65.533885] Bluetooth: hci7: command tx timeout
[ 65.533974] Bluetooth: hci5: command tx timeout
[ 65.598063] Bluetooth: hci6: command tx timeout
[ 67.388167] Bluetooth: hci1: command tx timeout
[ 67.389170] Bluetooth: hci0: command tx timeout
[ 67.452115] Bluetooth: hci3: command tx timeout
[ 67.516158] Bluetooth: hci2: command tx timeout
[ 67.517204] Bluetooth: hci4: command tx timeout
[ 67.580166] Bluetooth: hci7: command tx timeout
[ 67.582142] Bluetooth: hci5: command tx timeout
[ 67.644063] Bluetooth: hci6: command tx timeout
[ 69.436214] Bluetooth: hci0: command tx timeout
[ 69.436684] Bluetooth: hci1: command tx timeout
[ 69.501056] Bluetooth: hci3: command tx timeout
[ 69.564128] Bluetooth: hci4: command tx timeout
[ 69.564157] Bluetooth: hci2: command tx timeout
[ 69.628149] Bluetooth: hci5: command tx timeout
[ 69.628220] Bluetooth: hci7: command tx timeout
[ 69.694990] Bluetooth: hci6: command tx timeout
[ 98.167232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.167913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.344276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.344925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.715655] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.716323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.850537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.851210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.353588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.354412] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.439581] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.440212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.576454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.577167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.658294] syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET)
[ 99.690438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.691014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.761165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.761767] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.810682] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.811298] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.942936] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.943619] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.991568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.992370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.031888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.032564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.047614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.048616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.233568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.234261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.288368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.289007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.395857] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
08:29:59 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x38, 0x0, 0x0)
08:29:59 executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x48}}, 0x0)
08:29:59 executing program 5:
r0 = socket$inet(0x2, 0xa, 0x0)
write$binfmt_misc(r0, 0x0, 0x0)
08:29:59 executing program 1:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:29:59 executing program 0:
syz_emit_ethernet(0x7a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "459202", 0x44, 0x29, 0x0, @local, @private2}}}}, 0x0)
08:29:59 executing program 2:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:29:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0)
08:29:59 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
[ 100.444908] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
08:29:59 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x38, 0x0, 0x0)
08:29:59 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
08:29:59 executing program 5:
r0 = socket$inet(0x2, 0xa, 0x0)
write$binfmt_misc(r0, 0x0, 0x0)
08:29:59 executing program 1:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:29:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0)
08:29:59 executing program 2:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:29:59 executing program 0:
syz_emit_ethernet(0x7a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "459202", 0x44, 0x29, 0x0, @local, @private2}}}}, 0x0)
[ 100.552671] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
08:29:59 executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x48}}, 0x0)
08:30:00 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x38, 0x0, 0x0)
08:30:00 executing program 5:
r0 = socket$inet(0x2, 0xa, 0x0)
write$binfmt_misc(r0, 0x0, 0x0)
08:30:00 executing program 1:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:30:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x28, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x28}], 0x1}, 0x0)
08:30:00 executing program 2:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:30:00 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
08:30:00 executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x48}}, 0x0)
08:30:00 executing program 0:
syz_emit_ethernet(0x7a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "459202", 0x44, 0x29, 0x0, @local, @private2}}}}, 0x0)
[ 100.686746] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
08:30:00 executing program 3:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:30:00 executing program 5:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:30:00 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
08:30:00 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4)
08:30:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc04c5349, &(0x7f0000000240)={0x0, 0x0, 'client1\x00', 0x0, "66581913a7de0f67", "157b839b11997dee4a2d9b6c07d4e427e21cc06c0c3a857bb43358987cfa98a7"})
08:30:00 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
sendmsg$SMC_PNETID_FLUSH(r0, 0x0, 0x0)
08:30:00 executing program 5:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:30:00 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4)
08:30:00 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = gettid()
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
08:30:00 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
08:30:00 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000100)="5ac0e046b318", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1)
[ 100.854813] audit: type=1400 audit(1756715400.215:8): avc: denied { open } for pid=3951 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 100.861756] audit: type=1400 audit(1756715400.215:9): avc: denied { kernel } for pid=3951 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 100.951589] kmemleak: Found object by alias at 0x607f1a63e13c
[ 100.951614] CPU: 0 UID: 0 PID: 3951 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 100.951633] Tainted: [W]=WARN
[ 100.951637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 100.951645] Call Trace:
[ 100.951649]
[ 100.951654] dump_stack_lvl+0xca/0x120
[ 100.951690] __lookup_object+0x94/0xb0
[ 100.951709] delete_object_full+0x27/0x70
[ 100.951726] free_percpu+0x30/0x1160
[ 100.951744] ? arch_uprobe_clear_state+0x16/0x140
[ 100.951765] futex_hash_free+0x38/0xc0
[ 100.951781] mmput+0x2d3/0x390
[ 100.951801] do_exit+0x79d/0x2970
[ 100.951815] ? signal_wake_up_state+0x85/0x120
[ 100.951831] ? zap_other_threads+0x2b9/0x3a0
[ 100.951848] ? __pfx_do_exit+0x10/0x10
[ 100.951861] ? do_group_exit+0x1c3/0x2a0
[ 100.951875] ? lock_release+0xc8/0x290
[ 100.951893] do_group_exit+0xd3/0x2a0
[ 100.951908] __x64_sys_exit_group+0x3e/0x50
[ 100.951923] x64_sys_call+0x18c5/0x18d0
[ 100.951939] do_syscall_64+0xbf/0x360
[ 100.951953] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.951965] RIP: 0033:0x7f7dfe75db19
[ 100.951975] Code: Unable to access opcode bytes at 0x7f7dfe75daef.
[ 100.951981] RSP: 002b:00007fffa0eb2ff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 100.951993] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f7dfe75db19
[ 100.952001] RDX: 00007f7dfe71072b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 100.952009] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 100.952016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 100.952028] R13: 0000000000000001 R14: 0000000000000001 R15: 00007fffa0eb30e0
[ 100.952044]
[ 100.952048] kmemleak: Object (percpu) 0x607f1a63e138 (size 8):
[ 100.952055] kmemleak: comm "syz-executor.1", pid 3964, jiffies 4294767834
[ 100.952062] kmemleak: min_count = 1
[ 100.952066] kmemleak: count = 0
[ 100.952070] kmemleak: flags = 0x21
[ 100.952074] kmemleak: checksum = 0
[ 100.952078] kmemleak: backtrace:
[ 100.952082] pcpu_alloc_noprof+0x87a/0x1170
[ 100.952099] perf_trace_event_init+0x366/0xa10
[ 100.952113] perf_trace_init+0x1a4/0x2f0
[ 100.952126] perf_tp_event_init+0xa6/0x120
[ 100.952143] perf_try_init_event+0x140/0x9f0
[ 100.952157] perf_event_alloc.part.0+0x118e/0x45f0
[ 100.952175] __do_sys_perf_event_open+0x719/0x2c20
[ 100.952188] do_syscall_64+0xbf/0x360
[ 100.952198] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:30:00 executing program 3:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:30:00 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
sendmsg$SMC_PNETID_FLUSH(r0, 0x0, 0x0)
08:30:00 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = gettid()
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
08:30:00 executing program 5:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='x', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, 0xffffffffffffffff, 0x0)
08:30:00 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4)
08:30:00 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2)
08:30:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc04c5349, &(0x7f0000000240)={0x0, 0x0, 'client1\x00', 0x0, "66581913a7de0f67", "157b839b11997dee4a2d9b6c07d4e427e21cc06c0c3a857bb43358987cfa98a7"})
08:30:00 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000100)="5ac0e046b318", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1)
08:30:00 executing program 3:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6800)
preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a)
08:30:00 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4)
08:30:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc04c5349, &(0x7f0000000240)={0x0, 0x0, 'client1\x00', 0x0, "66581913a7de0f67", "157b839b11997dee4a2d9b6c07d4e427e21cc06c0c3a857bb43358987cfa98a7"})
08:30:00 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
sendmsg$SMC_PNETID_FLUSH(r0, 0x0, 0x0)
08:30:00 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = gettid()
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
08:30:00 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000100)="5ac0e046b318", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1)
08:30:00 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = gettid()
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
08:30:00 executing program 7:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1ff, 0x30d100)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ppoll(&(0x7f0000001ac0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
08:30:00 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/partitions\x00', 0x0, 0x0)
r1 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
r2 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_SET_TIME(r2, 0x80247009, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x800000})
ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0x25, 0x8, 0x1, 0x1f, 0x4, 0x1, 0x3, 0xe, 0x1})
ioctl$RTC_SET_TIME(r1, 0x80247009, &(0x7f0000000040))
pread64(r0, &(0x7f0000000200)=""/175, 0xaf, 0x4)
08:30:00 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000100)="5ac0e046b318", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1)
08:30:00 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/anycast6\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(r0, 0x3ff, 0x0)
08:30:00 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = gettid()
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
08:30:00 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
sendmsg$SMC_PNETID_FLUSH(r0, 0x0, 0x0)
08:30:00 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = gettid()
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
08:30:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc04c5349, &(0x7f0000000240)={0x0, 0x0, 'client1\x00', 0x0, "66581913a7de0f67", "157b839b11997dee4a2d9b6c07d4e427e21cc06c0c3a857bb43358987cfa98a7"})
08:30:00 executing program 7:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1ff, 0x30d100)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ppoll(&(0x7f0000001ac0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
[ 101.313159] BUG: unable to handle page fault for address: ffffffff00000190
[ 101.313747] #PF: supervisor read access in kernel mode
[ 101.314140] #PF: error_code(0x0000) - not-present page
[ 101.314525] PGD 5a8b067 P4D 5a8b067 PUD 0
[ 101.314852] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[ 101.315221] CPU: 0 UID: 0 PID: 4007 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 101.319671] Tainted: [W]=WARN
[ 101.319920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 101.320570] RIP: 0010:perf_tp_event+0x186/0xe70
[ 101.320957] Code: 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 <44> 8b ab f0 01 00 00 31 ff 41 83 e5 01 44 89 ee e8 c5 4c ea ff 45
[ 101.322383] RSP: 0018:ffff88806ce08940 EFLAGS: 00010046
[ 101.322804] RAX: 0000000000000000 RBX: fffffffeffffffa0 RCX: 0000000000000002
[ 101.323367] RDX: ffff8880454b9b80 RSI: ffffffff8189a4e7 RDI: ffffffff00000190
[ 101.323924] RBP: ffff88806ce08bb0 R08: ffff88806ce313e8 R09: ffffe8ffffc16138
[ 101.324488] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 101.325044] R13: 000000000000002c R14: ffff88806ce313e8 R15: dffffc0000000000
[ 101.325602] FS: 000055558c9dd400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 101.326233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 101.326687] CR2: ffffffff00000190 CR3: 000000004521e000 CR4: 0000000000350ef0
[ 101.327241] Call Trace:
[ 101.327448]
[ 101.327623] ? __is_insn_slot_addr+0x136/0x290
[ 101.328001] ? __pfx_perf_tp_event+0x10/0x10
[ 101.328354] ? __kernel_text_address+0xd/0x40
[ 101.328716] ? unwind_get_return_address+0x59/0xa0
[ 101.329116] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 101.329546] ? arch_stack_walk+0x9c/0xf0
[ 101.329885] ? stack_trace_save+0x8e/0xc0
[ 101.330217] ? stack_depot_save_flags+0x2c/0xa20
[ 101.330597] ? kasan_save_stack+0x34/0x50
[ 101.330929] ? kasan_save_stack+0x24/0x50
[ 101.331258] ? kasan_save_track+0x14/0x30
[ 101.331587] ? __kasan_save_free_info+0x3a/0x60
[ 101.331956] ? __kasan_slab_free+0x3f/0x50
[ 101.332294] ? kfree+0x281/0x550
[ 101.332575] ? perf_trace_run_bpf_submit+0xef/0x180
[ 101.332972] ? unwind_next_frame+0xcd/0x2540
[ 101.333327] ? arch_stack_walk+0x86/0xf0
[ 101.333647] ? stack_trace_save+0x8e/0xc0
[ 101.333986] ? kasan_save_stack+0x24/0x50
[ 101.334313] ? kasan_record_aux_stack+0x89/0xa0
[ 101.334684] ? __call_rcu_common.constprop.0+0x70/0x960
[ 101.335105] ? kfree+0x31a/0x550
[ 101.335380] perf_trace_run_bpf_submit+0xef/0x180
[ 101.335766] perf_trace_lock+0x337/0x5d0
[ 101.336096] ? __pfx_perf_trace_lock+0x10/0x10
[ 101.336463] ? do_raw_spin_lock+0x1dc/0x260
[ 101.336810] ? delete_object_full+0x46/0x70
[ 101.337158] lock_release+0x1ab/0x290
[ 101.337467] _raw_spin_unlock_irqrestore+0x1a/0x50
[ 101.337875] delete_object_full+0x46/0x70
[ 101.338207] kmem_cache_free+0x33a/0x540
[ 101.338528] ? dst_destroy+0x23c/0x340
[ 101.338846] ? rcu_core+0x7c3/0x1800
[ 101.339149] dst_destroy+0x23c/0x340
[ 101.339449] rcu_core+0x7c8/0x1800
[ 101.339742] ? __pfx_rcu_core+0x10/0x10
[ 101.340057] ? clockevents_program_event+0x135/0x360
[ 101.340462] ? tick_program_event+0xac/0x140
[ 101.340819] ? hrtimer_interrupt+0x652/0x830
[ 101.341173] handle_softirqs+0x1b1/0x770
[ 101.341507] __irq_exit_rcu+0xc4/0x100
[ 101.341829] irq_exit_rcu+0x9/0x20
[ 101.342115] sysvec_apic_timer_interrupt+0x70/0x80
[ 101.342509]
[ 101.342693]
[ 101.342876] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 101.343298] RIP: 0010:lock_acquire+0x47/0x2f0
[ 101.343653] Code: 48 83 ec 38 4c 89 0c 24 65 48 8b 05 cb a3 32 06 48 89 44 24 30 31 c0 66 90 65 8b 05 e7 a3 32 06 89 c0 48 0f a3 05 f9 d7 f1 04 <0f> 82 3a 01 00 00 8b 35 d1 e3 f1 04 85 f6 0f 85 84 00 00 00 48 8b
[ 101.345066] RSP: 0018:ffff88800e47f778 EFLAGS: 00000247
[ 101.345483] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002
[ 101.346048] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff85c1c760
[ 101.346603] RBP: ffffffff85c1c760 R08: 0000000000000000 R09: 0000000000000000
[ 101.347162] R10: 000000000003bea3 R11: 000000000001193c R12: 0000000000000002
[ 101.347718] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800e47f860
[ 101.348280] ? find_held_lock+0x2b/0x80
[ 101.348601] ? unwind_next_frame+0x3b2/0x2540
[ 101.348969] ? lock_release+0xc8/0x290
[ 101.349280] unwind_next_frame+0xcd/0x2540
[ 101.349622] ? unwind_next_frame+0xb9/0x2540
[ 101.349985] ? kfree+0x31a/0x550
[ 101.350261] ? kfree+0x31a/0x550
[ 101.350539] ? kernel_text_address+0x11/0xc0
[ 101.350889] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 101.351320] arch_stack_walk+0x86/0xf0
[ 101.351635] ? kfree+0x31a/0x550
[ 101.351913] stack_trace_save+0x8e/0xc0
[ 101.352232] ? __pfx_stack_trace_save+0x10/0x10
[ 101.352602] ? stack_depot_save_flags+0x2c/0xa20
[ 101.352982] kasan_save_stack+0x24/0x50
[ 101.353299] ? kasan_save_stack+0x24/0x50
[ 101.353630] ? kasan_record_aux_stack+0x89/0xa0
[ 101.354006] ? __call_rcu_common.constprop.0+0x70/0x960
[ 101.354425] ? kfree+0x31a/0x550
[ 101.354703] ? perf_trace_lock+0xb5/0x5d0
[ 101.355040] ? perf_trace_lock+0xb5/0x5d0
[ 101.355370] ? __pfx_perf_trace_lock+0x10/0x10
[ 101.355737] ? lock_acquire+0x15e/0x2f0
[ 101.356055] ? __virt_addr_valid+0x1c6/0x5d0
[ 101.356413] ? find_held_lock+0x2b/0x80
[ 101.356741] ? __virt_addr_valid+0x2e8/0x5d0
[ 101.357096] ? lock_release+0xc8/0x290
[ 101.357413] ? __virt_addr_valid+0x100/0x5d0
[ 101.357778] kasan_record_aux_stack+0x89/0xa0
[ 101.358139] __call_rcu_common.constprop.0+0x70/0x960
[ 101.358551] kfree+0x31a/0x550
[ 101.358815] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 101.359221] ? seq_release_private+0xc4/0x120
[ 101.359591] seq_release_private+0xc4/0x120
[ 101.359940] seq_release_net+0xd8/0x130
[ 101.360264] ? __pfx_seq_release_net+0x10/0x10
[ 101.360633] close_pdeo.part.0+0xd9/0x260
[ 101.360971] proc_reg_release+0x2f1/0x360
[ 101.361307] ? __pfx_proc_reg_release+0x10/0x10
[ 101.361681] ? locks_remove_posix+0x258/0x410
[ 101.362067] ? __pfx_locks_remove_posix+0x10/0x10
[ 101.362448] ? locks_remove_file+0x2ef/0x5a0
[ 101.362804] ? __pfx_locks_remove_file+0x10/0x10
[ 101.363192] ? __pfx_proc_reg_release+0x10/0x10
[ 101.363563] __fput+0x401/0xb50
[ 101.363848] fput_close_sync+0x10f/0x240
[ 101.364178] ? __pfx_fput_close_sync+0x10/0x10
[ 101.364549] ? dnotify_flush+0x79/0x4c0
[ 101.364874] __x64_sys_close+0x8f/0x120
[ 101.365199] do_syscall_64+0xbf/0x360
[ 101.365505] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.365921] RIP: 0033:0x7f12c4c2372b
[ 101.366220] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
[ 101.367629] RSP: 002b:00007ffc2db991d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 101.368227] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f12c4c2372b
[ 101.368782] RDX: 00007f12c4d88b58 RSI: 0000000000000080 RDI: 0000000000000003
[ 101.369338] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f12c4d88ae8
[ 101.369901] R10: 00007ffc2db992c0 R11: 0000000000000293 R12: 0000000000018b5a
[ 101.370458] R13: 00000000000003e8 R14: 00007f12c4d83f60 R15: 0000000000018b40
[ 101.371021]
[ 101.371208] Modules linked in:
[ 101.371470] CR2: ffffffff00000190
[ 101.371747] ---[ end trace 0000000000000000 ]---
[ 101.372124] RIP: 0010:perf_tp_event+0x186/0xe70
[ 101.372501] Code: 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 <44> 8b ab f0 01 00 00 31 ff 41 83 e5 01 44 89 ee e8 c5 4c ea ff 45
[ 101.373929] RSP: 0018:ffff88806ce08940 EFLAGS: 00010046
[ 101.374346] RAX: 0000000000000000 RBX: fffffffeffffffa0 RCX: 0000000000000002
[ 101.374901] RDX: ffff8880454b9b80 RSI: ffffffff8189a4e7 RDI: ffffffff00000190
[ 101.375458] RBP: ffff88806ce08bb0 R08: ffff88806ce313e8 R09: ffffe8ffffc16138
[ 101.376019] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 101.376573] R13: 000000000000002c R14: ffff88806ce313e8 R15: dffffc0000000000
[ 101.377135] FS: 000055558c9dd400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 101.377774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 101.378231] CR2: ffffffff00000190 CR3: 000000004521e000 CR4: 0000000000350ef0
[ 101.378792] Kernel panic - not syncing: Fatal exception in interrupt
[ 102.426815] Shutting down cpus with NMI
[ 102.427400] Kernel Offset: disabled
[ 102.427675] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:30:00 Registers:
info registers vcpu 0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88806ce08150
R8 =0000000000000000 R9 =ffffed100172f046 R10=0000000000000020 R11=552030203a555043
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558c9dd400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=ffffffff00000190 CR3=000000004521e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f12c4d577c000007f12c4d577c8
XMM02=00007f12c4d577e000007f12c4d577c0 XMM03=00007f12c4d577c800007f12c4d577c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0ba12ad
RSI=0000000000000004 RDI=ffffffff85d09560 RBP=ffffffff85d09560 RSP=ffff88806cf08c68
R8 =0000000000000000 R9 =fffffbfff0ba12ac R10=ffffffff85d09563 R11=0000000000000000
R12=1ffff1100d9e118e R13=0000000000000003 R14=fffffbfff0ba12ac R15=ffff88806cf08ca0
RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555565b41400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe2300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d120000 CR3=000000004505f000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000