Warning: Permanently added '[localhost]:5473' (ECDSA) to the list of known hosts. 2025/09/01 08:09:02 fuzzer started 2025/09/01 08:09:02 dialing manager at localhost:35473 syzkaller login: [ 58.901502] cgroup: Unknown subsys name 'net' [ 58.974432] cgroup: Unknown subsys name 'cpuset' [ 58.999447] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:09:13 syscalls: 2214 2025/09/01 08:09:13 code coverage: enabled 2025/09/01 08:09:13 comparison tracing: enabled 2025/09/01 08:09:13 extra coverage: enabled 2025/09/01 08:09:13 setuid sandbox: enabled 2025/09/01 08:09:13 namespace sandbox: enabled 2025/09/01 08:09:13 Android sandbox: enabled 2025/09/01 08:09:13 fault injection: enabled 2025/09/01 08:09:13 leak checking: enabled 2025/09/01 08:09:13 net packet injection: enabled 2025/09/01 08:09:13 net device setup: enabled 2025/09/01 08:09:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:09:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:09:13 USB emulation: enabled 2025/09/01 08:09:13 hci packet injection: enabled 2025/09/01 08:09:13 wifi device emulation: enabled 2025/09/01 08:09:13 802.15.4 emulation: enabled 2025/09/01 08:09:13 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:09:14 fetching corpus: 50, signal 34061/35693 (executing program) 2025/09/01 08:09:14 fetching corpus: 100, signal 43609/45073 (executing program) 2025/09/01 08:09:14 fetching corpus: 150, signal 50585/51554 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56295 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56353 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56416 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56465 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56523 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56570 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56617 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56675 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56738 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56793 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56859 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56925 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/56992 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57036 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57088 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57158 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57207 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57260 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57314 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57375 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57424 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57463 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57523 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57579 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57613 (executing program) 2025/09/01 08:09:14 fetching corpus: 192, signal 56029/57613 (executing program) 2025/09/01 08:09:16 starting 8 fuzzer processes 08:09:16 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@rr={0x7, 0x1b, 0x17, [@multicast2, @broadcast, @rand_addr, @private, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0x30}, 0x0) 08:09:16 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 08:09:16 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) [ 71.984180] audit: type=1400 audit(1756714156.132:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:09:16 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b33, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0}) 08:09:16 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) 08:09:16 executing program 7: getpriority(0x0, 0x0) 08:09:16 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r0, &(0x7f0000000080)=""/4096, 0x1000) getdents(r0, 0x0, 0x0) 08:09:16 executing program 6: r0 = fork() tkill(r0, 0x32) [ 73.119639] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.122230] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.124015] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.125786] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.126887] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.128664] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.132492] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.135573] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.137396] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.141835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.172188] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.178170] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.179226] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.184949] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.188250] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.307957] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.315705] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.319883] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.331492] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.334817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.381976] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.385968] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.387537] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.391313] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.397334] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.412915] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.417948] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.422507] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.430321] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.434279] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.463605] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.472478] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.491569] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.510103] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.520163] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.533562] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.544991] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.547264] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.557649] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.568600] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.211868] Bluetooth: hci0: command tx timeout [ 75.211955] Bluetooth: hci1: command tx timeout [ 75.275109] Bluetooth: hci2: command tx timeout [ 75.403754] Bluetooth: hci3: command tx timeout [ 75.465873] Bluetooth: hci6: command tx timeout [ 75.467086] Bluetooth: hci4: command tx timeout [ 75.594305] Bluetooth: hci7: command tx timeout [ 75.722927] Bluetooth: hci5: command tx timeout [ 77.257834] Bluetooth: hci1: command tx timeout [ 77.258868] Bluetooth: hci0: command tx timeout [ 77.321760] Bluetooth: hci2: command tx timeout [ 77.450723] Bluetooth: hci3: command tx timeout [ 77.513881] Bluetooth: hci4: command tx timeout [ 77.514343] Bluetooth: hci6: command tx timeout [ 77.641824] Bluetooth: hci7: command tx timeout [ 77.770734] Bluetooth: hci5: command tx timeout [ 79.305950] Bluetooth: hci0: command tx timeout [ 79.306555] Bluetooth: hci1: command tx timeout [ 79.370817] Bluetooth: hci2: command tx timeout [ 79.498778] Bluetooth: hci3: command tx timeout [ 79.564363] Bluetooth: hci6: command tx timeout [ 79.564807] Bluetooth: hci4: command tx timeout [ 79.690769] Bluetooth: hci7: command tx timeout [ 79.818897] Bluetooth: hci5: command tx timeout [ 81.354944] Bluetooth: hci0: command tx timeout [ 81.355252] Bluetooth: hci1: command tx timeout [ 81.417864] Bluetooth: hci2: command tx timeout [ 81.546768] Bluetooth: hci3: command tx timeout [ 81.611761] Bluetooth: hci4: command tx timeout [ 81.612170] Bluetooth: hci6: command tx timeout [ 81.737834] Bluetooth: hci7: command tx timeout [ 81.865821] Bluetooth: hci5: command tx timeout [ 109.747400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.748121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.926879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.927497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.190436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.191067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:09:54 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) [ 110.424237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.425345] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:09:54 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) 08:09:54 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) [ 110.531744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.532305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:09:54 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) 08:09:54 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) 08:09:54 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 08:09:54 executing program 3: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) [ 110.852752] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.853884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:09:55 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) [ 110.984002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.985272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.049588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.050912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.113252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.114158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.194352] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.195129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.320835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.321440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.502366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.503249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.549029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.549662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.645578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.646370] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.679077] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.679828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.725855] audit: type=1400 audit(1756714195.872:8): avc: denied { open } for pid=3904 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.731190] audit: type=1400 audit(1756714195.873:9): avc: denied { kernel } for pid=3904 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.755063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.756576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:09:56 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 08:09:56 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 08:09:56 executing program 6: r0 = fork() tkill(r0, 0x32) 08:09:56 executing program 7: getpriority(0x0, 0x0) 08:09:56 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@rr={0x7, 0x1b, 0x17, [@multicast2, @broadcast, @rand_addr, @private, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0x30}, 0x0) 08:09:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b33, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0}) 08:09:56 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r0, &(0x7f0000000080)=""/4096, 0x1000) getdents(r0, 0x0, 0x0) 08:09:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) 08:09:56 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@rr={0x7, 0x1b, 0x17, [@multicast2, @broadcast, @rand_addr, @private, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0x30}, 0x0) 08:09:56 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 08:09:56 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@rr={0x7, 0x1b, 0x17, [@multicast2, @broadcast, @rand_addr, @private, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0x30}, 0x0) 08:09:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) 08:09:56 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r0, &(0x7f0000000080)=""/4096, 0x1000) getdents(r0, 0x0, 0x0) 08:09:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) 08:09:56 executing program 6: r0 = fork() tkill(r0, 0x32) 08:09:56 executing program 7: getpriority(0x0, 0x0) 08:09:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b33, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 112.249043] kmemleak: Found object by alias at 0x607f1a63ebbc [ 112.249064] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.249083] Tainted: [W]=WARN [ 112.249087] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.249095] Call Trace: [ 112.249099] [ 112.249104] dump_stack_lvl+0xca/0x120 [ 112.249135] __lookup_object+0x94/0xb0 [ 112.249153] delete_object_full+0x27/0x70 [ 112.249170] free_percpu+0x30/0x1160 [ 112.249188] ? arch_uprobe_clear_state+0x16/0x140 [ 112.249209] futex_hash_free+0x38/0xc0 [ 112.249224] mmput+0x2d3/0x390 [ 112.249243] do_exit+0x79d/0x2970 [ 112.249261] ? __pfx_do_exit+0x10/0x10 [ 112.249276] ? find_held_lock+0x2b/0x80 [ 112.249294] ? get_signal+0x835/0x2340 [ 112.249315] do_group_exit+0xd3/0x2a0 [ 112.249330] get_signal+0x2315/0x2340 [ 112.249348] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.249366] ? __pfx_get_signal+0x10/0x10 [ 112.249382] ? __schedule+0xe91/0x3590 [ 112.249404] arch_do_signal_or_restart+0x80/0x790 [ 112.249422] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 112.249439] ? __x64_sys_futex+0x1c9/0x4d0 [ 112.249452] ? __x64_sys_futex+0x1d2/0x4d0 [ 112.249468] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.249481] ? __sys_setsockopt+0x11f/0x1a0 [ 112.249504] exit_to_user_mode_loop+0x8b/0x110 [ 112.249518] do_syscall_64+0x2f7/0x360 [ 112.249531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.249544] RIP: 0033:0x7f3ee2248b19 [ 112.249553] Code: Unable to access opcode bytes at 0x7f3ee2248aef. [ 112.249558] RSP: 002b:00007f3edf7be218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.249570] RAX: 0000000000000001 RBX: 00007f3ee235bf68 RCX: 00007f3ee2248b19 [ 112.249578] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3ee235bf6c [ 112.249586] RBP: 00007f3ee235bf60 R08: 000000000000000e R09: 0000000000000000 [ 112.249593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ee235bf6c [ 112.249600] R13: 00007ffc555f7e7f R14: 00007f3edf7be300 R15: 0000000000022000 [ 112.249617] [ 112.249620] kmemleak: Object (percpu) 0x607f1a63ebb8 (size 8): [ 112.249627] kmemleak: comm "syz-executor.4", pid 3942, jiffies 4294779048 [ 112.249635] kmemleak: min_count = 1 [ 112.249639] kmemleak: count = 0 [ 112.249642] kmemleak: flags = 0x21 [ 112.249646] kmemleak: checksum = 0 [ 112.249650] kmemleak: backtrace: [ 112.249654] pcpu_alloc_noprof+0x87a/0x1170 [ 112.249669] perf_trace_event_init+0x366/0xa10 [ 112.249688] perf_trace_init+0x1a4/0x2f0 [ 112.249700] perf_tp_event_init+0xa6/0x120 [ 112.249717] perf_try_init_event+0x140/0x9f0 [ 112.249731] perf_event_alloc.part.0+0x118e/0x45f0 [ 112.249748] __do_sys_perf_event_open+0x719/0x2c20 [ 112.249762] do_syscall_64+0xbf/0x360 [ 112.249771] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:09:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) 08:09:56 executing program 7: getpriority(0x0, 0x0) 08:09:56 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r0, &(0x7f0000000080)=""/4096, 0x1000) getdents(r0, 0x0, 0x0) 08:09:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b33, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0}) 08:09:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) 08:09:56 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r0, &(0x7f0000000080)=""/4096, 0x1000) getdents(r0, 0x0, 0x0) 08:09:56 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 08:09:56 executing program 7: r0 = fork() tkill(r0, 0x32) 08:09:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000000c0)={0x0, "1863408d6d0c138430bfe8b3e907fe9cde92d65faf8569780991ea2e4b3de830a75474c9d653a97346e40910bc4bdc655801d1a293d0aff05f0d6fcfd5b1538cc858595f65a6ba58b7bee089049ad9a280c3a93e0d16366f8cab7ee8d06f3af76ff78724b9f1ca4738d19648c5fb3c25cc2f974824e757b34b18185f87ba0b73980ee77b3e9d1c66b28dc7f09f2a1bfda1980344ad6417798e2ad23bab41e1ec45228e13603a183cbd5abf1f4406408b4e93db5464b263726857b352e21eea8dab33dcfb933e55a445f2572a309545a435fcfe6e855d3dca537781902d56c3a13e5724cf305d4058a6ce7e33e7f5c0e8afacafe68379ca83f9473c4e25910e4f13da87446bc26ee2c16963e5e628ab493ddcc1c91bd6e867c667c084b33456bfb5305186b9ce5e46bb28ee5f198453f30443260a5e45b530865e946d9e54c0221c7a1fccea8bad1b9f5275c9dc198771a6698caa460cefde41c3746918de5fe944978a02632159ba708014633873356464f6c9c261500b7cd73398679b8a1943e576668a9a4980f16aa9740e9598be600a85a377a14c0540c7d7cca49b1aeadacdfd7029821a5d150c2aafd6a3f7ddae313f472409fda770f31a49f021cc3147cf6b64f6ead0f0ab44f36789530240f6966055880c9ca8a27cacb265aced55d8a831611d52656caa2fc26a2b0f325f9c37bf5251527077b01a63b8e4049ad1dc"}) 08:09:56 executing program 6: r0 = fork() tkill(r0, 0x32) 08:09:56 executing program 4: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) [ 112.493935] Oops: general protection fault, probably for non-canonical address 0xf6fffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 112.494856] KASAN: maybe wild-memory-access in range [0xb800000000000190-0xb800000000000197] [ 112.495523] CPU: 0 UID: 0 PID: 3963 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.498768] Tainted: [W]=WARN [ 112.500423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.501078] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.501465] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.502894] RSP: 0018:ffff88801b35f800 EFLAGS: 00010212 [ 112.503321] RAX: 1700000000000032 RBX: b7ffffffffffffa0 RCX: ffffc9000904d000 [ 112.503893] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: b800000000000190 [ 112.504458] RBP: ffff88801b35fa70 R08: ffff88806ce31340 R09: ffffe8ffffc16bb8 [ 112.505023] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.505585] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.506151] FS: 00007f1d243cb700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.506787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.507255] CR2: 0000001b2cb24000 CR3: 000000000d904000 CR4: 0000000000350ef0 [ 112.507825] Call Trace: [ 112.508036] [ 112.508227] ? perf_swevent_event+0x63/0x3f0 [ 112.508590] ? __pfx_perf_tp_event+0x10/0x10 [ 112.508953] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.509365] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.509764] ? perf_swevent_event+0x63/0x3f0 [ 112.510122] ? perf_tp_event+0x807/0xe70 [ 112.510455] ? __lock_acquire+0xc65/0x1b70 [ 112.510803] ? __pfx_perf_tp_event+0x10/0x10 [ 112.511164] ? lock_acquire+0x15e/0x2f0 [ 112.511485] ? find_held_lock+0x2b/0x80 [ 112.511823] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.512233] perf_trace_run_bpf_submit+0xef/0x180 [ 112.512626] perf_trace_lock+0x337/0x5d0 [ 112.512964] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.513341] ? lock_acquire+0x15e/0x2f0 [ 112.513664] ? futex_ref_get+0x48/0x300 [ 112.513986] ? futex_ref_get+0x114/0x300 [ 112.514314] ? futex_hash+0x15c/0x390 [ 112.514624] lock_release+0x1ab/0x290 [ 112.514931] ? futex_hash+0x15c/0x390 [ 112.515239] futex_ref_get+0x119/0x300 [ 112.515554] ? futex_hash+0x15c/0x390 [ 112.515867] futex_hash+0x70/0x390 [ 112.516160] futex_wake+0x143/0x540 [ 112.516458] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.516831] ? __pfx_futex_wake+0x10/0x10 [ 112.517167] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 112.517576] ? lock_release+0xc8/0x290 [ 112.517893] do_futex+0x26d/0x370 [ 112.518181] ? __pfx_do_futex+0x10/0x10 [ 112.518503] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.518926] ? find_held_lock+0x2b/0x80 [ 112.519254] __x64_sys_futex+0x1c9/0x4d0 [ 112.519583] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.519965] ? xfd_validate_state+0x55/0x180 [ 112.520333] do_syscall_64+0xbf/0x360 [ 112.520645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.521057] RIP: 0033:0x7f1d26e55b19 [ 112.521355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.522788] RSP: 002b:00007f1d243cb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.523387] RAX: ffffffffffffffda RBX: 00007f1d26f68f68 RCX: 00007f1d26e55b19 [ 112.523957] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1d26f68f6c [ 112.524520] RBP: 00007f1d26f68f60 R08: 000000000000000e R09: 0000000000000000 [ 112.525083] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1d26f68f6c [ 112.525648] R13: 00007ffdb0fd573f R14: 00007f1d243cb300 R15: 0000000000022000 [ 112.526226] [ 112.526417] Modules linked in: [ 112.526704] Oops: general protection fault, probably for non-canonical address 0xf6fffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 112.527583] KASAN: maybe wild-memory-access in range [0xb800000000000190-0xb800000000000197] [ 112.528254] CPU: 0 UID: 0 PID: 3963 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.529200] Tainted: [D]=DIE, [W]=WARN [ 112.529507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.530149] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.530527] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.531959] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 112.532377] RAX: 1700000000000032 RBX: b7ffffffffffffa0 RCX: ffffffff818998a3 [ 112.532947] RDX: ffff888015678000 RSI: ffffffff8189a4e7 RDI: b800000000000190 [ 112.533504] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16bb8 [ 112.534061] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 112.534621] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 112.535186] FS: 00007f1d243cb700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.535825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.536291] CR2: 0000001b2cb24000 CR3: 000000000d904000 CR4: 0000000000350ef0 [ 112.536856] Call Trace: [ 112.537063] [ 112.537240] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 112.537673] ? arch_stack_walk+0x9c/0xf0 [ 112.538002] ? __pfx_perf_tp_event+0x10/0x10 [ 112.538365] ? stack_trace_save+0x8e/0xc0 [ 112.538702] ? stack_depot_save_flags+0x2c/0xa20 [ 112.539081] ? __kasan_slab_free+0x3f/0x50 [ 112.539420] ? kfree+0x281/0x550 [ 112.539700] ? slab_free_after_rcu_debug+0x6f/0x290 [ 112.540107] ? rcu_core+0x7c8/0x1800 [ 112.540412] ? kasan_save_stack+0x34/0x50 [ 112.540745] ? kasan_save_stack+0x24/0x50 [ 112.541083] ? kasan_save_track+0x14/0x30 [ 112.541412] ? __kasan_save_free_info+0x3a/0x60 [ 112.541789] ? __kasan_slab_free+0x3f/0x50 [ 112.542130] ? slab_free_after_rcu_debug+0xd6/0x290 [ 112.542531] ? rcu_core+0x7c8/0x1800 [ 112.542831] ? handle_softirqs+0x1b1/0x770 [ 112.543179] ? __irq_exit_rcu+0xc4/0x100 [ 112.543507] ? irq_exit_rcu+0x9/0x20 [ 112.543813] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 112.544223] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 112.544652] ? __sanitizer_cov_trace_pc+0x8/0x80 [ 112.545031] ? unmap_page_range+0x82c/0x36d0 [ 112.545390] ? unmap_single_vma.constprop.0+0x153/0x230 [ 112.545817] ? unmap_vmas+0x1d6/0x430 [ 112.546124] ? exit_mmap+0x181/0xaa0 [ 112.546427] ? mmput+0xd5/0x390 [ 112.546700] ? do_exit+0x79d/0x2970 [ 112.546993] ? do_group_exit+0xd3/0x2a0 [ 112.547313] ? get_signal+0x2315/0x2340 [ 112.547633] ? arch_do_signal_or_restart+0x80/0x790 [ 112.548041] ? exit_to_user_mode_loop+0x8b/0x110 [ 112.548419] ? do_syscall_64+0x2f7/0x360 [ 112.548747] ? lock_is_held_type+0x9e/0x120 [ 112.549096] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.549497] perf_trace_run_bpf_submit+0xef/0x180 [ 112.549886] perf_trace_lock+0x337/0x5d0 [ 112.550214] ? kvm_sched_clock_read+0x16/0x30 [ 112.550578] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.550947] ? check_preempt_wakeup_fair+0x6e/0x950 [ 112.551350] ? sched_ttwu_pending+0x2e0/0x4a0 [ 112.551720] lock_release+0x1ab/0x290 [ 112.552032] ? ttwu_do_activate+0x1a4/0x8a0 [ 112.552382] _raw_spin_unlock+0x16/0x40 [ 112.552704] sched_ttwu_pending+0x2e0/0x4a0 [ 112.553053] ? __pfx_try_to_wake_up+0x10/0x10 [ 112.553416] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 112.553805] ? flush_tlb_func+0x24d/0x560 [ 112.554137] __flush_smp_call_function_queue+0x434/0x740 [ 112.554570] __sysvec_call_function_single+0x6d/0x370 [ 112.554983] sysvec_call_function_single+0xa1/0xc0 [ 112.555381] [ 112.555567] [ 112.555751] asm_sysvec_call_function_single+0x1a/0x20 [ 112.556180] RIP: 0010:oops_exit+0x0/0x50 [ 112.556508] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 112.557940] RSP: 0018:ffff88801b35f690 EFLAGS: 00000202 [ 112.558362] RAX: 000000000002c984 RBX: 0000000000000206 RCX: ffffc9000904d000 [ 112.558922] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 112.559487] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 112.560054] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801b35f758 [ 112.560613] R13: 0000000000000000 R14: f6fffc0000000032 R15: 0000000000000000 [ 112.561177] ? oops_end+0x4a/0xe0 [ 112.561468] oops_end+0x65/0xe0 [ 112.561742] exc_general_protection+0x1a2/0x330 [ 112.562123] asm_exc_general_protection+0x26/0x30 [ 112.562506] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.562881] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.564309] RSP: 0018:ffff88801b35f800 EFLAGS: 00010212 [ 112.564730] RAX: 1700000000000032 RBX: b7ffffffffffffa0 RCX: ffffc9000904d000 [ 112.565291] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: b800000000000190 [ 112.565853] RBP: ffff88801b35fa70 R08: ffff88806ce31340 R09: ffffe8ffffc16bb8 [ 112.566420] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.566984] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.567553] ? perf_tp_event+0x167/0xe70 [ 112.567889] ? perf_swevent_event+0x63/0x3f0 [ 112.568248] ? __pfx_perf_tp_event+0x10/0x10 [ 112.568607] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.569013] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.569412] ? perf_swevent_event+0x63/0x3f0 [ 112.569768] ? perf_tp_event+0x807/0xe70 [ 112.570096] ? __lock_acquire+0xc65/0x1b70 [ 112.570439] ? __pfx_perf_tp_event+0x10/0x10 [ 112.570801] ? lock_acquire+0x15e/0x2f0 [ 112.571124] ? find_held_lock+0x2b/0x80 [ 112.571453] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.571861] perf_trace_run_bpf_submit+0xef/0x180 [ 112.572254] perf_trace_lock+0x337/0x5d0 [ 112.572583] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.572953] ? lock_acquire+0x15e/0x2f0 [ 112.573274] ? futex_ref_get+0x48/0x300 [ 112.573592] ? futex_ref_get+0x114/0x300 [ 112.573924] ? futex_hash+0x15c/0x390 [ 112.574231] lock_release+0x1ab/0x290 [ 112.574541] ? futex_hash+0x15c/0x390 [ 112.574850] futex_ref_get+0x119/0x300 [ 112.575165] ? futex_hash+0x15c/0x390 [ 112.575469] futex_hash+0x70/0x390 [ 112.575757] futex_wake+0x143/0x540 [ 112.576060] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.576432] ? __pfx_futex_wake+0x10/0x10 [ 112.576765] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 112.577170] ? lock_release+0xc8/0x290 [ 112.577487] do_futex+0x26d/0x370 [ 112.577772] ? __pfx_do_futex+0x10/0x10 [ 112.578092] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.578517] ? find_held_lock+0x2b/0x80 [ 112.578843] __x64_sys_futex+0x1c9/0x4d0 [ 112.579173] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.579546] ? xfd_validate_state+0x55/0x180 [ 112.579917] do_syscall_64+0xbf/0x360 [ 112.580225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.580632] RIP: 0033:0x7f1d26e55b19 [ 112.580927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.582353] RSP: 002b:00007f1d243cb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.582951] RAX: ffffffffffffffda RBX: 00007f1d26f68f68 RCX: 00007f1d26e55b19 [ 112.583514] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1d26f68f6c [ 112.584084] RBP: 00007f1d26f68f60 R08: 000000000000000e R09: 0000000000000000 [ 112.584650] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1d26f68f6c [ 112.585213] R13: 00007ffdb0fd573f R14: 00007f1d243cb300 R15: 0000000000022000 [ 112.585784] [ 112.585973] Modules linked in: [ 112.586238] ---[ end trace 0000000000000000 ]--- [ 112.586610] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.586983] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.588421] RSP: 0018:ffff88801b35f800 EFLAGS: 00010212 [ 112.588847] RAX: 1700000000000032 RBX: b7ffffffffffffa0 RCX: ffffc9000904d000 [ 112.589408] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: b800000000000190 [ 112.589967] RBP: ffff88801b35fa70 R08: ffff88806ce31340 R09: ffffe8ffffc16bb8 [ 112.590534] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.591095] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.591658] FS: 00007f1d243cb700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.592311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.592780] CR2: 0000001b2cb24000 CR3: 000000000d904000 CR4: 0000000000350ef0 [ 112.593358] Kernel panic - not syncing: Fatal exception in interrupt [ 112.594001] Kernel Offset: disabled [ 112.594304] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:09:56 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88801b35f108 R8 =0000000000000000 R9 =ffffed10016d2046 R10=00000000000fe503 R11=552030203a555043 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1d243cb700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cb24000 CR3=000000000d904000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f1d26f3c7c000007f1d26f3c7c8 XMM02=00007f1d26f3c7e000007f1d26f3c7c0 XMM03=00007f1d26f3c7c800007f1d26f3c7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff88806ce3de20 RCX=ffffffff816880fc RDX=0000000000000001 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880415e76f0 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8173f010 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555580b79400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cc20000 CR3=00000000410e9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000