Warning: Permanently added '[localhost]:43552' (ECDSA) to the list of known hosts. 2025/09/01 10:19:59 fuzzer started 2025/09/01 10:19:59 dialing manager at localhost:35473 syzkaller login: [ 51.030929] cgroup: Unknown subsys name 'net' [ 51.100419] cgroup: Unknown subsys name 'cpuset' [ 51.112687] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:20:10 syscalls: 2214 2025/09/01 10:20:10 code coverage: enabled 2025/09/01 10:20:10 comparison tracing: enabled 2025/09/01 10:20:10 extra coverage: enabled 2025/09/01 10:20:10 setuid sandbox: enabled 2025/09/01 10:20:10 namespace sandbox: enabled 2025/09/01 10:20:10 Android sandbox: enabled 2025/09/01 10:20:10 fault injection: enabled 2025/09/01 10:20:10 leak checking: enabled 2025/09/01 10:20:10 net packet injection: enabled 2025/09/01 10:20:10 net device setup: enabled 2025/09/01 10:20:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:20:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:20:10 USB emulation: enabled 2025/09/01 10:20:10 hci packet injection: enabled 2025/09/01 10:20:10 wifi device emulation: enabled 2025/09/01 10:20:10 802.15.4 emulation: enabled 2025/09/01 10:20:10 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:20:11 fetching corpus: 49, signal 24340/27761 (executing program) 2025/09/01 10:20:11 fetching corpus: 99, signal 31065/35931 (executing program) 2025/09/01 10:20:11 fetching corpus: 149, signal 37739/43938 (executing program) 2025/09/01 10:20:11 fetching corpus: 199, signal 43424/50858 (executing program) 2025/09/01 10:20:11 fetching corpus: 249, signal 47620/56298 (executing program) 2025/09/01 10:20:11 fetching corpus: 299, signal 50996/60850 (executing program) 2025/09/01 10:20:11 fetching corpus: 349, signal 54285/65234 (executing program) 2025/09/01 10:20:11 fetching corpus: 399, signal 57271/69277 (executing program) 2025/09/01 10:20:11 fetching corpus: 449, signal 61030/73936 (executing program) 2025/09/01 10:20:11 fetching corpus: 499, signal 63534/77423 (executing program) 2025/09/01 10:20:11 fetching corpus: 549, signal 67266/81912 (executing program) 2025/09/01 10:20:11 fetching corpus: 599, signal 73333/88269 (executing program) 2025/09/01 10:20:12 fetching corpus: 649, signal 75959/91628 (executing program) 2025/09/01 10:20:12 fetching corpus: 699, signal 77941/94374 (executing program) 2025/09/01 10:20:12 fetching corpus: 749, signal 80123/97254 (executing program) 2025/09/01 10:20:12 fetching corpus: 799, signal 82477/100177 (executing program) 2025/09/01 10:20:12 fetching corpus: 849, signal 83890/102332 (executing program) 2025/09/01 10:20:12 fetching corpus: 899, signal 86007/105019 (executing program) 2025/09/01 10:20:12 fetching corpus: 949, signal 88364/107788 (executing program) 2025/09/01 10:20:12 fetching corpus: 999, signal 90479/110385 (executing program) 2025/09/01 10:20:12 fetching corpus: 1049, signal 91948/112466 (executing program) 2025/09/01 10:20:12 fetching corpus: 1099, signal 93324/114442 (executing program) 2025/09/01 10:20:13 fetching corpus: 1149, signal 94983/116608 (executing program) 2025/09/01 10:20:13 fetching corpus: 1199, signal 96717/118756 (executing program) 2025/09/01 10:20:13 fetching corpus: 1249, signal 98676/121021 (executing program) 2025/09/01 10:20:13 fetching corpus: 1299, signal 99904/122723 (executing program) 2025/09/01 10:20:13 fetching corpus: 1349, signal 101578/124643 (executing program) 2025/09/01 10:20:13 fetching corpus: 1399, signal 104145/127204 (executing program) 2025/09/01 10:20:13 fetching corpus: 1449, signal 105600/128982 (executing program) 2025/09/01 10:20:13 fetching corpus: 1499, signal 106715/130574 (executing program) 2025/09/01 10:20:13 fetching corpus: 1549, signal 107963/132126 (executing program) 2025/09/01 10:20:14 fetching corpus: 1599, signal 109378/133781 (executing program) 2025/09/01 10:20:14 fetching corpus: 1649, signal 111190/135655 (executing program) 2025/09/01 10:20:14 fetching corpus: 1699, signal 111853/136722 (executing program) 2025/09/01 10:20:14 fetching corpus: 1749, signal 112668/137909 (executing program) 2025/09/01 10:20:14 fetching corpus: 1799, signal 113554/139159 (executing program) 2025/09/01 10:20:14 fetching corpus: 1849, signal 114991/140679 (executing program) 2025/09/01 10:20:14 fetching corpus: 1899, signal 116162/142014 (executing program) 2025/09/01 10:20:14 fetching corpus: 1949, signal 117121/143216 (executing program) 2025/09/01 10:20:14 fetching corpus: 1999, signal 118538/144602 (executing program) 2025/09/01 10:20:14 fetching corpus: 2049, signal 120006/145978 (executing program) 2025/09/01 10:20:14 fetching corpus: 2099, signal 121083/147164 (executing program) 2025/09/01 10:20:15 fetching corpus: 2149, signal 121874/148128 (executing program) 2025/09/01 10:20:15 fetching corpus: 2199, signal 122261/148915 (executing program) 2025/09/01 10:20:15 fetching corpus: 2249, signal 122896/149804 (executing program) 2025/09/01 10:20:15 fetching corpus: 2299, signal 126226/151943 (executing program) 2025/09/01 10:20:15 fetching corpus: 2349, signal 128454/153475 (executing program) 2025/09/01 10:20:15 fetching corpus: 2399, signal 129786/154651 (executing program) 2025/09/01 10:20:15 fetching corpus: 2449, signal 130639/155518 (executing program) 2025/09/01 10:20:15 fetching corpus: 2499, signal 131244/156272 (executing program) 2025/09/01 10:20:15 fetching corpus: 2549, signal 132231/157155 (executing program) 2025/09/01 10:20:15 fetching corpus: 2599, signal 132977/157922 (executing program) 2025/09/01 10:20:16 fetching corpus: 2649, signal 133755/158656 (executing program) 2025/09/01 10:20:16 fetching corpus: 2699, signal 134377/159430 (executing program) 2025/09/01 10:20:16 fetching corpus: 2749, signal 135177/160147 (executing program) 2025/09/01 10:20:16 fetching corpus: 2799, signal 135839/160809 (executing program) 2025/09/01 10:20:16 fetching corpus: 2849, signal 136518/161484 (executing program) 2025/09/01 10:20:16 fetching corpus: 2899, signal 137208/162161 (executing program) 2025/09/01 10:20:16 fetching corpus: 2949, signal 138158/162881 (executing program) 2025/09/01 10:20:16 fetching corpus: 2999, signal 138818/163475 (executing program) 2025/09/01 10:20:16 fetching corpus: 3049, signal 139607/164117 (executing program) 2025/09/01 10:20:16 fetching corpus: 3099, signal 140260/164679 (executing program) 2025/09/01 10:20:17 fetching corpus: 3149, signal 140833/165225 (executing program) 2025/09/01 10:20:17 fetching corpus: 3199, signal 141349/165749 (executing program) 2025/09/01 10:20:17 fetching corpus: 3249, signal 141837/166223 (executing program) 2025/09/01 10:20:17 fetching corpus: 3299, signal 142360/166735 (executing program) 2025/09/01 10:20:17 fetching corpus: 3349, signal 143177/167272 (executing program) 2025/09/01 10:20:17 fetching corpus: 3399, signal 143608/167753 (executing program) 2025/09/01 10:20:17 fetching corpus: 3449, signal 144078/168194 (executing program) 2025/09/01 10:20:17 fetching corpus: 3499, signal 144704/168645 (executing program) 2025/09/01 10:20:17 fetching corpus: 3549, signal 145407/169084 (executing program) 2025/09/01 10:20:17 fetching corpus: 3599, signal 146215/169512 (executing program) 2025/09/01 10:20:18 fetching corpus: 3649, signal 146731/169910 (executing program) 2025/09/01 10:20:18 fetching corpus: 3699, signal 147342/170323 (executing program) 2025/09/01 10:20:18 fetching corpus: 3749, signal 147901/170668 (executing program) 2025/09/01 10:20:18 fetching corpus: 3799, signal 148371/171072 (executing program) 2025/09/01 10:20:18 fetching corpus: 3849, signal 148822/171432 (executing program) 2025/09/01 10:20:18 fetching corpus: 3899, signal 149317/171752 (executing program) 2025/09/01 10:20:18 fetching corpus: 3949, signal 149877/172058 (executing program) 2025/09/01 10:20:18 fetching corpus: 3999, signal 150370/172406 (executing program) 2025/09/01 10:20:18 fetching corpus: 4049, signal 151106/172705 (executing program) 2025/09/01 10:20:18 fetching corpus: 4099, signal 151631/173065 (executing program) 2025/09/01 10:20:18 fetching corpus: 4149, signal 152122/173347 (executing program) 2025/09/01 10:20:19 fetching corpus: 4199, signal 152625/173612 (executing program) 2025/09/01 10:20:19 fetching corpus: 4249, signal 153101/173731 (executing program) 2025/09/01 10:20:19 fetching corpus: 4299, signal 153533/173733 (executing program) 2025/09/01 10:20:19 fetching corpus: 4349, signal 154010/173760 (executing program) 2025/09/01 10:20:19 fetching corpus: 4399, signal 154466/173765 (executing program) 2025/09/01 10:20:19 fetching corpus: 4449, signal 154914/173855 (executing program) 2025/09/01 10:20:19 fetching corpus: 4499, signal 156677/173893 (executing program) 2025/09/01 10:20:19 fetching corpus: 4549, signal 157032/173907 (executing program) 2025/09/01 10:20:19 fetching corpus: 4599, signal 157511/173988 (executing program) 2025/09/01 10:20:20 fetching corpus: 4649, signal 157940/173997 (executing program) 2025/09/01 10:20:20 fetching corpus: 4699, signal 158477/173997 (executing program) 2025/09/01 10:20:20 fetching corpus: 4749, signal 158857/174006 (executing program) 2025/09/01 10:20:20 fetching corpus: 4799, signal 159353/174057 (executing program) 2025/09/01 10:20:20 fetching corpus: 4849, signal 159841/174066 (executing program) 2025/09/01 10:20:20 fetching corpus: 4899, signal 160303/174066 (executing program) 2025/09/01 10:20:20 fetching corpus: 4949, signal 160734/174078 (executing program) 2025/09/01 10:20:20 fetching corpus: 4999, signal 161163/174078 (executing program) 2025/09/01 10:20:20 fetching corpus: 5049, signal 161514/174118 (executing program) 2025/09/01 10:20:20 fetching corpus: 5099, signal 162035/174118 (executing program) 2025/09/01 10:20:21 fetching corpus: 5149, signal 162439/174119 (executing program) 2025/09/01 10:20:21 fetching corpus: 5199, signal 163149/174131 (executing program) 2025/09/01 10:20:21 fetching corpus: 5249, signal 163508/174134 (executing program) 2025/09/01 10:20:21 fetching corpus: 5299, signal 163806/174139 (executing program) 2025/09/01 10:20:21 fetching corpus: 5349, signal 164141/174140 (executing program) 2025/09/01 10:20:21 fetching corpus: 5399, signal 164443/174190 (executing program) 2025/09/01 10:20:21 fetching corpus: 5449, signal 164793/174203 (executing program) 2025/09/01 10:20:21 fetching corpus: 5499, signal 165576/174309 (executing program) 2025/09/01 10:20:21 fetching corpus: 5549, signal 166054/174313 (executing program) 2025/09/01 10:20:21 fetching corpus: 5599, signal 166447/174343 (executing program) 2025/09/01 10:20:22 fetching corpus: 5649, signal 167294/174354 (executing program) 2025/09/01 10:20:22 fetching corpus: 5699, signal 167729/174382 (executing program) 2025/09/01 10:20:22 fetching corpus: 5749, signal 168039/174386 (executing program) 2025/09/01 10:20:22 fetching corpus: 5799, signal 168356/174388 (executing program) 2025/09/01 10:20:22 fetching corpus: 5849, signal 168751/174413 (executing program) 2025/09/01 10:20:22 fetching corpus: 5899, signal 169007/174413 (executing program) 2025/09/01 10:20:22 fetching corpus: 5949, signal 169325/174414 (executing program) 2025/09/01 10:20:22 fetching corpus: 5999, signal 169726/174451 (executing program) 2025/09/01 10:20:22 fetching corpus: 6049, signal 170077/174453 (executing program) 2025/09/01 10:20:22 fetching corpus: 6099, signal 170421/174453 (executing program) 2025/09/01 10:20:22 fetching corpus: 6149, signal 170780/174473 (executing program) 2025/09/01 10:20:22 fetching corpus: 6199, signal 171308/174482 (executing program) 2025/09/01 10:20:22 fetching corpus: 6223, signal 171545/174483 (executing program) 2025/09/01 10:20:22 fetching corpus: 6223, signal 171545/174483 (executing program) 2025/09/01 10:20:25 starting 8 fuzzer processes 10:20:25 executing program 0: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x0, 0x0, @any, 0x2}}}, 0x14) 10:20:25 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr\x00') open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x0) 10:20:25 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:20:25 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:20:25 executing program 5: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 10:20:25 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0x7fff, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0) 10:20:25 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000640), 0x4) 10:20:25 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) [ 76.919553] audit: type=1400 audit(1756722025.354:7): avc: denied { execmem } for pid=274 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 78.189290] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.191875] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.193568] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.197407] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.200131] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.215989] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.218215] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.219882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.222187] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.225944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.230144] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.240485] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.242055] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.243387] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.245335] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.248613] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.250489] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.252331] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.254564] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.254712] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.256140] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.258457] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.262845] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.264003] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.264016] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.265029] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.269908] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.270132] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.273100] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.275954] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.277969] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.279331] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.281306] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.285720] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.291822] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.293703] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.298303] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.323030] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.323144] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.335048] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.285196] Bluetooth: hci0: command tx timeout [ 80.349043] Bluetooth: hci2: command tx timeout [ 80.349176] Bluetooth: hci3: command tx timeout [ 80.414682] Bluetooth: hci5: command tx timeout [ 80.415214] Bluetooth: hci4: command tx timeout [ 80.415720] Bluetooth: hci7: command tx timeout [ 80.416181] Bluetooth: hci6: command tx timeout [ 80.416662] Bluetooth: hci1: command tx timeout [ 82.333698] Bluetooth: hci0: command tx timeout [ 82.396940] Bluetooth: hci3: command tx timeout [ 82.398335] Bluetooth: hci2: command tx timeout [ 82.460695] Bluetooth: hci1: command tx timeout [ 82.461109] Bluetooth: hci6: command tx timeout [ 82.461465] Bluetooth: hci7: command tx timeout [ 82.461806] Bluetooth: hci4: command tx timeout [ 82.461871] Bluetooth: hci5: command tx timeout [ 84.380819] Bluetooth: hci0: command tx timeout [ 84.445717] Bluetooth: hci2: command tx timeout [ 84.446447] Bluetooth: hci3: command tx timeout [ 84.508753] Bluetooth: hci1: command tx timeout [ 84.509472] Bluetooth: hci7: command tx timeout [ 84.510371] Bluetooth: hci4: command tx timeout [ 84.510700] Bluetooth: hci6: command tx timeout [ 84.511331] Bluetooth: hci5: command tx timeout [ 86.428787] Bluetooth: hci0: command tx timeout [ 86.494803] Bluetooth: hci3: command tx timeout [ 86.495246] Bluetooth: hci2: command tx timeout [ 86.556852] Bluetooth: hci6: command tx timeout [ 86.557268] Bluetooth: hci4: command tx timeout [ 86.557970] Bluetooth: hci5: command tx timeout [ 86.558351] Bluetooth: hci7: command tx timeout [ 86.558770] Bluetooth: hci1: command tx timeout [ 117.173983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.174764] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.413160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.413864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.601684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.602317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.887048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.887688] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.080420] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 10:21:06 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0x7fff, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0) 10:21:06 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0x7fff, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0) [ 118.351932] audit: type=1400 audit(1756722066.783:8): avc: denied { open } for pid=3762 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.368939] audit: type=1400 audit(1756722066.783:9): avc: denied { kernel } for pid=3762 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:21:06 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 10:21:07 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0x7fff, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="aa981e579c4ac4e41f77ca19b61530", 0xf}, {&(0x7f00000010c0)="75def3b7062d929cf44e13bd5ebe8f310043b499bce72459c729e092323040b08a16697230a0152caf54f15090f4b46f5adabdce802fd1b1d9da752af1370c3684b61ff0f053d37fc0ab71efd413e3236815eb5ca8f43f7bb6061356e8955f6227dc65d71b24126235a7e792d24839550e7eaf755332fd39c35a29ccc941d26b32e133a5685312bd96bd6589cbe1715066d1e022526b833509a6bdb11527d97608e92f4f9ca87f56a0289ead3198dc58cd9b9434b14be764932bb9f426c3fd91d238b2f5bdf8c8abbfef326c57e5ea8b793d12bdd6fc4307a61cbcbf056dc4490b6ee5eec544da9d481a58b8a51b74d6bc85844581e4c4a6635ba756f5121363210b303f4f095af78d693a90f6ca7c878ca7018a72eb7bf08e68285a9f606a3b700ec9e5f759499997532e8eb61793ae7f4e6b48d0afb572d0e64c043b1a65c5200b820fb2f79e2d271d4cd124552ac3c4a638e50e5e989bb163525e4df83c20486cc09a2440f999166d07a3f6bf449e63d51b26045743f481e455c734840a87d76d79b17e5b1bfffd494d89a175013005c88541d452cd9e330af908738d16fe26812d9a0368b39cef72c80593e431f1188f7e57d0eabc2e7272191253bcf968cee443e0157b162cdd72550361984d268eb06f1daa328223d7ae6fc3fdc7905b48a8bd5ee0f3a1ba7d0b8489dda17a05693fb3aef6d592447595aea01be7155acc5f0fe88492499ba9761f10fae2f0535ef81c1a99123db6be20de981319cda3f63ef34df6aa73f45cdb6117854bb49e6291b766bd49352b4b707d2f4d4e61646450ce840ed3efd9dd156b9414e5b3831cbc5546f4d26f6947de327ddb745da0a1b85d3e12a0fb8deac520b01ddc2a3d63fd057d814899c0c2f60039d33670cfb4cc474cc61a83f3497335e5bce8f36462943bf9e04f0cf4d972743ec0adac86e624b97595a8d28d4aa4f9cd1c57b17f1312ddd58e42e469a303c9b09af34658ce7d67997be34cf1d65904eb5b8d1207e77d59971212b4da87063f1e4433047f08c155d870bcef18e03d373aa56e18f72d28cb0fc96329ab613abd99b0b71883ee988e5057752c336c1343e039f740e2f66193c1346cf6dcc6626b46d4f874c28c10edd91261befda6f18d367dfea447e009fcc94a39b11a11189b67844994bf0c487f7cab98e67e45a428224bc1241eeae8955069d37a5234846c60a62748d58f4cfba5504fc9fcd3816e294858fcea48a343d02a8e9189f61320c01187189b4b2ce3fdd7cae23014f185b65067e5f01e201517fb7b8d54d99677700021ad1370e5a4eef17f7d341126449994eb71712c1e0ac7d42e4384f09c0346c65877faebd4ac011587dcfbd6aaa6bf70df91a92deaa46cf0bfd7ced62b2138706515e975602ed8f32d11b224d490e094466309478e032a2b3d5a2222d946abc8bc6c3e785ac2cf787d00181e293f507ee2a931126cef5f3a13a49ea58626969d32600ec63a42a93c4a99d34f1c66cdde211f0273fc2e970b948496ab16b58afd0e59edf09d68ddbdecf42e2695a27909ff4efdfec0f776523edc5c14f444430a601cf17dfad01ae2b26e23c954956743977ba7cdac6794b88d06881cb11a824316fbf3293cf1397a9e83ed65582aa50cc5267b2c0393a0460df52ea09121d205b2cb4a41eda524ebeb556a69442a8c55b3a5cacfc62b99c060e9c41244a4200df28c13298a5d1d68cfbb2e49114d2023f196daf8f1522d4aae489ff2d6e47af6e1ae467674366b8674b221410b10dd2164ca777eb05a0f270022eb259813518e40cc4a2e010398d2fdcba4c71ca762027a3b7f51562f51125de6a31be8dada44c53b77ae7a066b4287057af7a9728224af3a488b20d254bbf12520da8e3baa00e2a027c4c9d49e53fbad65d3e3515af815058716bbad3140e6975569e32f533021823d968d114eec7e71496f57d47d3b4b42125311bb0586d98f3586359a6a5fb75a07b8ba8579f6768bac7aa9", 0x58a}], 0x2}}], 0x1, 0x0) 10:21:07 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 10:21:07 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 10:21:07 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 10:21:07 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) [ 119.665666] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.666291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.754282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.755692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.794118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.795226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.872467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.873104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.964063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.964713] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.977425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.978038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.040384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.041028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.124310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.124961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.205206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.205853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.288490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.290428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.386946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.387566] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.422627] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.423229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:21:10 executing program 0: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x0, 0x0, @any, 0x2}}}, 0x14) 10:21:10 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:21:10 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000640), 0x4) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 10:21:10 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) 10:21:10 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr\x00') open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x0) 10:21:10 executing program 5: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 10:21:10 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000640), 0x4) 10:21:10 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) 10:21:10 executing program 5: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 10:21:10 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) [ 121.788235] kmemleak: Found object by alias at 0x607f1a63e1fc [ 121.788257] CPU: 0 UID: 60929 PID: 3940 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.788279] Tainted: [W]=WARN [ 121.788283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.788292] Call Trace: [ 121.788297] [ 121.788302] dump_stack_lvl+0xca/0x120 [ 121.788341] __lookup_object+0x94/0xb0 [ 121.788362] delete_object_full+0x27/0x70 [ 121.788382] free_percpu+0x30/0x1160 [ 121.788403] ? arch_uprobe_clear_state+0x16/0x140 [ 121.788427] futex_hash_free+0x38/0xc0 [ 121.788445] mmput+0x2d3/0x390 [ 121.788467] do_exit+0x79d/0x2970 [ 121.788484] ? lock_release+0xc8/0x290 [ 121.788504] ? __pfx_do_exit+0x10/0x10 [ 121.788521] ? find_held_lock+0x2b/0x80 [ 121.788542] ? get_signal+0x835/0x2340 [ 121.788566] do_group_exit+0xd3/0x2a0 [ 121.788584] get_signal+0x2315/0x2340 [ 121.788607] ? ksys_shmctl.constprop.0+0x1b1/0x390 [ 121.788629] ? __pfx_get_signal+0x10/0x10 [ 121.788649] ? do_futex+0x135/0x370 [ 121.788665] ? __pfx_do_futex+0x10/0x10 [ 121.788683] arch_do_signal_or_restart+0x80/0x790 [ 121.788705] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 121.788724] ? __x64_sys_futex+0x1c9/0x4d0 [ 121.788739] ? __x64_sys_futex+0x1d2/0x4d0 [ 121.788758] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.788773] ? set_cred_ucounts+0x110/0x210 [ 121.788790] ? xfd_validate_state+0x55/0x180 [ 121.788816] exit_to_user_mode_loop+0x8b/0x110 [ 121.788831] do_syscall_64+0x2f7/0x360 [ 121.788846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.788861] RIP: 0033:0x7f2586413b19 [ 121.788872] Code: Unable to access opcode bytes at 0x7f2586413aef. [ 121.788878] RSP: 002b:00007f2583989218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.788892] RAX: fffffffffffffe00 RBX: 00007f2586526f68 RCX: 00007f2586413b19 [ 121.788901] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2586526f68 [ 121.788910] RBP: 00007f2586526f60 R08: 0000000000000000 R09: 0000000000000000 [ 121.788918] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2586526f6c [ 121.788927] R13: 00007ffc7e7cacef R14: 00007f2583989300 R15: 0000000000022000 [ 121.788946] [ 121.788951] kmemleak: Object (percpu) 0x607f1a63e1f8 (size 8): [ 121.788959] kmemleak: comm "syz-executor.2", pid 3943, jiffies 4294788684 [ 121.788967] kmemleak: min_count = 1 [ 121.788972] kmemleak: count = 0 [ 121.788976] kmemleak: flags = 0x21 [ 121.788981] kmemleak: checksum = 0 [ 121.788985] kmemleak: backtrace: [ 121.788990] pcpu_alloc_noprof+0x87a/0x1170 [ 121.789008] perf_trace_event_init+0x366/0xa10 [ 121.789025] perf_trace_init+0x1a4/0x2f0 [ 121.789040] perf_tp_event_init+0xa6/0x120 [ 121.789059] perf_try_init_event+0x140/0x9f0 [ 121.789076] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.789096] __do_sys_perf_event_open+0x719/0x2c20 [ 121.789112] do_syscall_64+0xbf/0x360 [ 121.789123] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:21:10 executing program 0: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x0, 0x0, @any, 0x2}}}, 0x14) 10:21:10 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000640), 0x4) 10:21:10 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr\x00') open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x0) 10:21:10 executing program 5: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 10:21:10 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) 10:21:10 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:21:10 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 0: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x0, 0x0, @any, 0x2}}}, 0x14) 10:21:10 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr\x00') open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x0) 10:21:10 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) 10:21:10 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 10:21:10 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 4: openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) pipe(&(0x7f00000001c0)) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x8e}, &(0x7f0000000940), 0x0) 10:21:10 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:21:10 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) 10:21:10 executing program 1: syz_mount_image$nfs(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="01"]) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) [ 122.250020] kmemleak: Found object by alias at 0x607f1a63e1fc [ 122.250048] CPU: 0 UID: 0 PID: 3985 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.250082] Tainted: [W]=WARN [ 122.250089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.250101] Call Trace: [ 122.250108] [ 122.250116] dump_stack_lvl+0xca/0x120 [ 122.250159] __lookup_object+0x94/0xb0 [ 122.250189] delete_object_full+0x27/0x70 [ 122.250220] free_percpu+0x30/0x1160 [ 122.250250] ? arch_uprobe_clear_state+0x16/0x140 [ 122.250288] futex_hash_free+0x38/0xc0 [ 122.250313] mmput+0x2d3/0x390 [ 122.250348] do_exit+0x79d/0x2970 [ 122.250373] ? signal_wake_up_state+0x85/0x120 [ 122.250402] ? zap_other_threads+0x2b9/0x3a0 [ 122.250432] ? __pfx_do_exit+0x10/0x10 [ 122.250456] ? do_group_exit+0x1c3/0x2a0 [ 122.250482] ? lock_release+0xc8/0x290 [ 122.250520] do_group_exit+0xd3/0x2a0 [ 122.250548] __x64_sys_exit_group+0x3e/0x50 [ 122.250575] x64_sys_call+0x18c5/0x18d0 [ 122.250604] do_syscall_64+0xbf/0x360 [ 122.250627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.250649] RIP: 0033:0x7f2586413b19 [ 122.250665] Code: Unable to access opcode bytes at 0x7f2586413aef. [ 122.250674] RSP: 002b:00007ffc7e7caf18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.250696] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f2586413b19 [ 122.250710] RDX: 00007f25863c672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.250724] RBP: 0000000000000000 R08: 0000001b2d1261bc R09: 0000000000000000 [ 122.250737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.250749] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc7e7cb000 [ 122.250777] [ 122.250785] kmemleak: Object (percpu) 0x607f1a63e1f8 (size 8): [ 122.250797] kmemleak: comm "syz-executor.2", pid 3997, jiffies 4294789142 [ 122.250810] kmemleak: min_count = 1 [ 122.250817] kmemleak: count = 0 [ 122.250824] kmemleak: flags = 0x21 [ 122.250831] kmemleak: checksum = 0 [ 122.250838] kmemleak: backtrace: [ 122.250844] pcpu_alloc_noprof+0x87a/0x1170 [ 122.250873] perf_trace_event_init+0x366/0xa10 [ 122.250898] perf_trace_init+0x1a4/0x2f0 [ 122.250921] perf_tp_event_init+0xa6/0x120 [ 122.250951] perf_try_init_event+0x140/0x9f0 [ 122.250976] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.251008] __do_sys_perf_event_open+0x719/0x2c20 [ 122.251032] do_syscall_64+0xbf/0x360 [ 122.251049] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:21:10 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x4000010, r0, 0x12e36000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(r1, 0xee01, 0x0) shmctl$IPC_RMID(0x0, 0x0) 10:21:10 executing program 0: r0 = socket$inet(0x2, 0x3, 0x26) setsockopt$inet_buf(r0, 0x0, 0x2d, &(0x7f0000000140)="13848859e81579878aa355d834d4734207c9a2064aaac5ce9905f5712b4943937ea1a7fc8d2ef15691d7bed47cc3a4a8dee4bb473362ea832dc7bfccc08de557f483a8726bf6c0535990f99ca65a9041a5da99d0eb8af7625475b75df482633a72b44e982af332402ce8e6749c43c03a5bef3d50a451bee3db57e088deb0233d6f3ab164119c1e64", 0x88) 10:21:10 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 10:21:10 executing program 1: syz_mount_image$nfs(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="01"]) 10:21:10 executing program 4: openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) pipe(&(0x7f00000001c0)) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x8e}, &(0x7f0000000940), 0x0) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 10:21:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') pread64(r0, &(0x7f0000000140)=""/4096, 0x1000, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FICLONE(r0, 0x40049409, r1) getuid() msgrcv(0x0, &(0x7f0000000140)={0x0, ""/4096}, 0x1008, 0xd978de0b8e930975, 0x0) 10:21:10 executing program 2: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) fstat(r0, &(0x7f0000000340)) 10:21:10 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x24, r1, 0xb341daa0822653b3, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xf0}]}]}]}, 0x24}}, 0x0) 10:21:10 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 10:21:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 10:21:10 executing program 0: r0 = socket$inet(0x2, 0x3, 0x26) setsockopt$inet_buf(r0, 0x0, 0x2d, &(0x7f0000000140)="13848859e81579878aa355d834d4734207c9a2064aaac5ce9905f5712b4943937ea1a7fc8d2ef15691d7bed47cc3a4a8dee4bb473362ea832dc7bfccc08de557f483a8726bf6c0535990f99ca65a9041a5da99d0eb8af7625475b75df482633a72b44e982af332402ce8e6749c43c03a5bef3d50a451bee3db57e088deb0233d6f3ab164119c1e64", 0x88) [ 122.556111] kmemleak: Found object by alias at 0x607f1a63e1fc [ 122.556132] CPU: 1 UID: 0 PID: 4017 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.556150] Tainted: [W]=WARN [ 122.556154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.556161] Call Trace: [ 122.556165] [ 122.556170] dump_stack_lvl+0xca/0x120 [ 122.556197] __lookup_object+0x94/0xb0 [ 122.556214] delete_object_full+0x27/0x70 [ 122.556231] free_percpu+0x30/0x1160 [ 122.556248] ? arch_uprobe_clear_state+0x16/0x140 [ 122.556269] futex_hash_free+0x38/0xc0 [ 122.556283] mmput+0x2d3/0x390 [ 122.556303] do_exit+0x79d/0x2970 [ 122.556317] ? signal_wake_up_state+0x85/0x120 [ 122.556338] ? zap_other_threads+0x2b9/0x3a0 [ 122.556354] ? __pfx_do_exit+0x10/0x10 [ 122.556367] ? do_group_exit+0x1c3/0x2a0 [ 122.556381] ? lock_release+0xc8/0x290 [ 122.556399] do_group_exit+0xd3/0x2a0 [ 122.556414] __x64_sys_exit_group+0x3e/0x50 [ 122.556428] x64_sys_call+0x18c5/0x18d0 [ 122.556444] do_syscall_64+0xbf/0x360 [ 122.556457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.556469] RIP: 0033:0x7f2586413b19 [ 122.556478] Code: Unable to access opcode bytes at 0x7f2586413aef. [ 122.556483] RSP: 002b:00007ffc7e7caf18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.556495] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f2586413b19 [ 122.556503] RDX: 00007f25863c672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.556510] RBP: 0000000000000000 R08: 0000001b2d1261f4 R09: 0000000000000000 [ 122.556517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.556524] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc7e7cb000 [ 122.556539] [ 122.556543] kmemleak: Object (percpu) 0x607f1a63e1f8 (size 8): [ 122.556550] kmemleak: comm "syz-executor.3", pid 4022, jiffies 4294789459 [ 122.556557] kmemleak: min_count = 1 [ 122.556561] kmemleak: count = 0 [ 122.556565] kmemleak: flags = 0x21 [ 122.556569] kmemleak: checksum = 0 [ 122.556572] kmemleak: backtrace: [ 122.556576] pcpu_alloc_noprof+0x87a/0x1170 [ 122.556592] perf_trace_event_init+0x366/0xa10 [ 122.556607] perf_trace_init+0x1a4/0x2f0 [ 122.556619] perf_tp_event_init+0xa6/0x120 [ 122.556635] perf_try_init_event+0x140/0x9f0 [ 122.556649] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.556666] __do_sys_perf_event_open+0x719/0x2c20 [ 122.556679] do_syscall_64+0xbf/0x360 [ 122.556689] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:21:10 executing program 2: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) fstat(r0, &(0x7f0000000340)) 10:21:10 executing program 1: syz_mount_image$nfs(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="01"]) 10:21:11 executing program 4: openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) pipe(&(0x7f00000001c0)) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x8e}, &(0x7f0000000940), 0x0) 10:21:11 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 10:21:11 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/timers\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:21:11 executing program 2: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) fstat(r0, &(0x7f0000000340)) [ 122.723039] BUG: unable to handle page fault for address: ffffed10212c9746 [ 122.724125] #PF: supervisor read access in kernel mode [ 122.724869] #PF: error_code(0x0000) - not-present page [ 122.725613] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 122.730251] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 122.730957] CPU: 0 UID: 0 PID: 4039 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.732666] Tainted: [W]=WARN [ 122.733120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.734290] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.735001] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.737563] RSP: 0018:ffff888017cef800 EFLAGS: 00010212 [ 122.738333] RAX: 1ffff110212c9746 RBX: ffff88810964b840 RCX: ffffc90001bf5000 [ 122.739356] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964ba30 [ 122.740382] RBP: ffff888017cefa70 R08: ffff88806ce31340 R09: ffffe8ffffc161f8 [ 122.741405] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.742426] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.743442] FS: 00007f2583989700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.744594] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.745435] CR2: ffffed10212c9746 CR3: 000000000d622000 CR4: 0000000000350ef0 [ 122.746451] Call Trace: [ 122.746831] [ 122.747163] ? perf_swevent_event+0x63/0x3f0 [ 122.747828] ? __pfx_perf_tp_event+0x10/0x10 [ 122.748478] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.749198] ? perf_swevent_event+0x63/0x3f0 [ 122.749843] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.750563] ? perf_swevent_event+0x63/0x3f0 [ 122.751214] ? perf_tp_event+0x807/0xe70 [ 122.751828] ? __pfx_perf_tp_event+0x10/0x10 [ 122.752478] ? __perf_install_in_context+0x503/0xb90 [ 122.753210] ? do_raw_spin_unlock+0x53/0x220 [ 122.753875] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.754601] perf_trace_run_bpf_submit+0xef/0x180 [ 122.755310] perf_trace_lock+0x337/0x5d0 [ 122.755917] ? __pfx_perf_trace_lock+0x10/0x10 [ 122.756583] ? lock_acquire+0x15e/0x2f0 [ 122.757168] ? futex_ref_get+0x48/0x300 [ 122.757742] ? futex_ref_get+0x114/0x300 [ 122.758326] ? futex_hash+0x15c/0x390 [ 122.758880] lock_release+0x1ab/0x290 [ 122.759440] ? futex_hash+0x15c/0x390 [ 122.760006] futex_ref_get+0x119/0x300 [ 122.760572] ? futex_hash+0x15c/0x390 [ 122.761125] futex_hash+0x70/0x390 [ 122.761651] futex_wake+0x143/0x540 [ 122.762190] ? __pfx_perf_trace_lock+0x10/0x10 [ 122.762872] ? __pfx_futex_wake+0x10/0x10 [ 122.763489] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 122.764231] ? lock_release+0xc8/0x290 [ 122.764803] do_futex+0x26d/0x370 [ 122.765318] ? __pfx_do_futex+0x10/0x10 [ 122.765902] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.766668] ? find_held_lock+0x2b/0x80 [ 122.767260] __x64_sys_futex+0x1c9/0x4d0 [ 122.767861] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.768536] ? xfd_validate_state+0x55/0x180 [ 122.769199] do_syscall_64+0xbf/0x360 [ 122.769758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.770495] RIP: 0033:0x7f2586413b19 [ 122.771033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.773596] RSP: 002b:00007f2583989218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.774678] RAX: ffffffffffffffda RBX: 00007f2586526f68 RCX: 00007f2586413b19 [ 122.775699] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2586526f6c [ 122.776711] RBP: 00007f2586526f60 R08: 000000000000000e R09: 0000000000000000 [ 122.777716] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f2586526f6c [ 122.778722] R13: 00007ffc7e7cacef R14: 00007f2583989300 R15: 0000000000022000 [ 122.779769] [ 122.780113] Modules linked in: [ 122.780580] CR2: ffffed10212c9746 [ 122.781081] ---[ end trace 0000000000000000 ]--- [ 122.781751] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.782431] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.785004] RSP: 0018:ffff888017cef800 EFLAGS: 00010212 [ 122.785770] RAX: 1ffff110212c9746 RBX: ffff88810964b840 RCX: ffffc90001bf5000 [ 122.786790] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964ba30 [ 122.787807] RBP: ffff888017cefa70 R08: ffff88806ce31340 R09: ffffe8ffffc161f8 [ 122.788826] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.789844] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.790868] FS: 00007f2583989700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.792010] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.792835] CR2: ffffed10212c9746 CR3: 000000000d622000 CR4: 0000000000350ef0 [ 122.793851] note: syz-executor.6[4039] exited with irqs disabled [ 122.794747] BUG: unable to handle page fault for address: ffffed10212c9746 [ 122.795736] #PF: supervisor read access in kernel mode [ 122.796480] #PF: error_code(0x0000) - not-present page [ 122.797224] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 122.798039] Oops: Oops: 0000 [#2] SMP KASAN NOPTI [ 122.798737] CPU: 0 UID: 0 PID: 4039 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.800431] Tainted: [D]=DIE, [W]=WARN [ 122.800984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.802166] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.802856] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.805428] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 122.806185] RAX: 1ffff110212c9746 RBX: ffff88810964b840 RCX: 0000000000000002 [ 122.807199] RDX: ffff888046a6d280 RSI: ffffffff8189a4e7 RDI: ffff88810964ba30 [ 122.808217] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc161f8 [ 122.809225] R10: 0000000000000000 R11: ffff8880160ee498 R12: dffffc0000000000 [ 122.810234] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 122.811245] FS: 00007f2583989700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.812397] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.813235] CR2: ffffed10212c9746 CR3: 000000000d622000 CR4: 0000000000350ef0 [ 122.814259] Call Trace: [ 122.814638] [ 122.814971] ? __pfx_perf_tp_event+0x10/0x10 [ 122.815636] ? perf_trace_lock+0xb5/0x5d0 [ 122.816245] ? __pfx_perf_trace_lock+0x10/0x10 [ 122.816920] ? lock_acquire+0x15e/0x2f0 [ 122.817505] ? select_task_rq_fair+0x2b6/0x38b0 [ 122.818192] ? find_held_lock+0x2b/0x80 [ 122.818787] ? select_task_rq_fair+0x48c/0x38b0 [ 122.819481] ? perf_trace_lock+0xb5/0x5d0 [ 122.820104] ? kvm_sched_clock_read+0x16/0x30 [ 122.820771] ? sched_clock+0x37/0x60 [ 122.821337] ? sched_clock_cpu+0x6c/0x4e0 [ 122.821956] ? __pfx___smp_call_single_queue+0x10/0x10 [ 122.822733] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.823489] perf_trace_run_bpf_submit+0xef/0x180 [ 122.824223] perf_trace_lock+0x337/0x5d0 [ 122.824834] ? __pfx_perf_trace_lock+0x10/0x10 [ 122.825503] ? check_preempt_wakeup_fair+0x6e/0x950 [ 122.826242] ? sched_ttwu_pending+0x2e0/0x4a0 [ 122.826912] lock_release+0x1ab/0x290 [ 122.827481] ? ttwu_do_activate+0x1a4/0x8a0 [ 122.828125] _raw_spin_unlock+0x16/0x40 [ 122.828712] sched_ttwu_pending+0x2e0/0x4a0 [ 122.829357] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 122.830080] ? flush_tlb_func+0x24d/0x560 [ 122.830686] __flush_smp_call_function_queue+0x434/0x740 [ 122.831489] __sysvec_call_function_single+0x6d/0x370 [ 122.832266] sysvec_call_function_single+0xa1/0xc0 [ 122.832998] [ 122.833331] [ 122.833664] asm_sysvec_call_function_single+0x1a/0x20 [ 122.834419] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 122.835103] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 122.837666] RSP: 0018:ffff888017ceff28 EFLAGS: 00000246 [ 122.838422] RAX: 0000000000000001 RBX: ffff888046a6d280 RCX: ffffffff817c3ab6 [ 122.839428] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 122.840446] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 122.841455] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888046a6d280 [ 122.842469] R13: 0000000000000009 R14: ffff888017cef7e0 R15: 0000000000000000 [ 122.843505] ? trace_irq_enable.constprop.0+0x26/0x100 [ 122.844269] ? make_task_dead+0x214/0x3b0 [ 122.844874] ? make_task_dead+0x214/0x3b0 [ 122.845484] ? do_syscall_64+0xbf/0x360 [ 122.846072] rewind_stack_and_make_dead+0x16/0x20 [ 122.846779] RIP: 0033:0x7f2586413b19 [ 122.847319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.849906] RSP: 002b:00007f2583989218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.850988] RAX: ffffffffffffffda RBX: 00007f2586526f68 RCX: 00007f2586413b19 [ 122.852012] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2586526f6c [ 122.853014] RBP: 00007f2586526f60 R08: 000000000000000e R09: 0000000000000000 [ 122.854027] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f2586526f6c [ 122.855042] R13: 00007ffc7e7cacef R14: 00007f2583989300 R15: 0000000000022000 [ 122.856071] [ 122.856418] Modules linked in: [ 122.856887] CR2: ffffed10212c9746 [ 122.857383] ---[ end trace 0000000000000000 ]--- [ 122.858054] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.858738] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.861300] RSP: 0018:ffff888017cef800 EFLAGS: 00010212 [ 122.862058] RAX: 1ffff110212c9746 RBX: ffff88810964b840 RCX: ffffc90001bf5000 [ 122.863086] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964ba30 [ 122.864100] RBP: ffff888017cefa70 R08: ffff88806ce31340 R09: ffffe8ffffc161f8 [ 122.865118] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.866129] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.867143] FS: 00007f2583989700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.868293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.869127] CR2: ffffed10212c9746 CR3: 000000000d622000 CR4: 0000000000350ef0 [ 122.870148] Kernel panic - not syncing: Fatal exception in interrupt [ 123.976412] Shutting down cpus with NMI [ 123.977251] Kernel Offset: disabled [ 123.977747] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:21:11 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888017cef018 R8 =0000000000000000 R9 =ffffed100172a046 R10=0000000000000020 R11=6466663720444750 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2583989700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed10212c9746 CR3=000000000d622000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f25864fa7c000007f25864fa7c8 XMM02=00007f25864fa7e000007f25864fa7c0 XMM03=00007f25864fa7c800007f25864fa7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=00007efd197f6870 RBX=00007efd197f5248 RCX=ffffffff81c9f975 RDX=ffffffff8225dec0 RSI=00007efd197f5250 RDI=ffffffff822765cb RBP=00007efd197f5200 RSP=00007ffe0c957de0 R8 =00007efd197f6938 R9 =0000001b2d42001c R10=000000000000088c R11=000000008bcc8890 R12=00007efd197f51f8 R13=00007efd197f5248 R14=00007efd197f51f0 R15=0000000000000012 RIP=00007efd19a289bc RFL=00000293 [--S-A-C] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558519b400 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d421000 CR3=000000000e544000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007efd19b617c000007efd19b617c8 XMM02=00007efd19b617e000007efd19b617c0 XMM03=00007efd19b617c800007efd19b617c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000