Warning: Permanently added '[localhost]:38657' (ECDSA) to the list of known hosts. 2025/09/01 09:08:23 fuzzer started 2025/09/01 09:08:23 dialing manager at localhost:35473 syzkaller login: [ 50.993379] cgroup: Unknown subsys name 'net' [ 51.051702] cgroup: Unknown subsys name 'cpuset' [ 51.065501] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:08:34 syscalls: 2214 2025/09/01 09:08:34 code coverage: enabled 2025/09/01 09:08:34 comparison tracing: enabled 2025/09/01 09:08:34 extra coverage: enabled 2025/09/01 09:08:34 setuid sandbox: enabled 2025/09/01 09:08:34 namespace sandbox: enabled 2025/09/01 09:08:34 Android sandbox: enabled 2025/09/01 09:08:34 fault injection: enabled 2025/09/01 09:08:34 leak checking: enabled 2025/09/01 09:08:34 net packet injection: enabled 2025/09/01 09:08:34 net device setup: enabled 2025/09/01 09:08:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:08:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:08:34 USB emulation: enabled 2025/09/01 09:08:34 hci packet injection: enabled 2025/09/01 09:08:34 wifi device emulation: enabled 2025/09/01 09:08:34 802.15.4 emulation: enabled 2025/09/01 09:08:34 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:08:34 fetching corpus: 49, signal 25440/28719 (executing program) 2025/09/01 09:08:34 fetching corpus: 99, signal 36497/40977 (executing program) 2025/09/01 09:08:34 fetching corpus: 149, signal 44512/50052 (executing program) 2025/09/01 09:08:34 fetching corpus: 199, signal 53970/60213 (executing program) 2025/09/01 09:08:35 fetching corpus: 249, signal 57859/65038 (executing program) 2025/09/01 09:08:35 fetching corpus: 299, signal 60689/68810 (executing program) 2025/09/01 09:08:35 fetching corpus: 349, signal 64186/73128 (executing program) 2025/09/01 09:08:35 fetching corpus: 399, signal 68448/77915 (executing program) 2025/09/01 09:08:35 fetching corpus: 449, signal 72305/82320 (executing program) 2025/09/01 09:08:35 fetching corpus: 499, signal 77096/87412 (executing program) 2025/09/01 09:08:35 fetching corpus: 549, signal 78809/89759 (executing program) 2025/09/01 09:08:35 fetching corpus: 599, signal 80760/92276 (executing program) 2025/09/01 09:08:35 fetching corpus: 649, signal 82501/94540 (executing program) 2025/09/01 09:08:36 fetching corpus: 699, signal 85418/97719 (executing program) 2025/09/01 09:08:36 fetching corpus: 749, signal 87358/100034 (executing program) 2025/09/01 09:08:36 fetching corpus: 799, signal 91171/103727 (executing program) 2025/09/01 09:08:36 fetching corpus: 849, signal 93239/106059 (executing program) 2025/09/01 09:08:36 fetching corpus: 899, signal 95065/108175 (executing program) 2025/09/01 09:08:36 fetching corpus: 949, signal 96981/110312 (executing program) 2025/09/01 09:08:36 fetching corpus: 999, signal 99165/112573 (executing program) 2025/09/01 09:08:36 fetching corpus: 1049, signal 100465/114023 (executing program) 2025/09/01 09:08:37 fetching corpus: 1099, signal 101881/115652 (executing program) 2025/09/01 09:08:37 fetching corpus: 1149, signal 104101/117772 (executing program) 2025/09/01 09:08:37 fetching corpus: 1199, signal 105719/119473 (executing program) 2025/09/01 09:08:37 fetching corpus: 1249, signal 107195/121003 (executing program) 2025/09/01 09:08:37 fetching corpus: 1299, signal 108403/122259 (executing program) 2025/09/01 09:08:37 fetching corpus: 1349, signal 109444/123438 (executing program) 2025/09/01 09:08:37 fetching corpus: 1399, signal 110402/124475 (executing program) 2025/09/01 09:08:37 fetching corpus: 1449, signal 112462/126123 (executing program) 2025/09/01 09:08:38 fetching corpus: 1499, signal 113766/127370 (executing program) 2025/09/01 09:08:38 fetching corpus: 1549, signal 114935/128450 (executing program) 2025/09/01 09:08:38 fetching corpus: 1599, signal 116083/129486 (executing program) 2025/09/01 09:08:38 fetching corpus: 1649, signal 117389/130539 (executing program) 2025/09/01 09:08:38 fetching corpus: 1699, signal 118400/131466 (executing program) 2025/09/01 09:08:38 fetching corpus: 1749, signal 119561/132379 (executing program) 2025/09/01 09:08:38 fetching corpus: 1799, signal 120314/133143 (executing program) 2025/09/01 09:08:38 fetching corpus: 1849, signal 121046/133858 (executing program) 2025/09/01 09:08:38 fetching corpus: 1899, signal 122247/134793 (executing program) 2025/09/01 09:08:39 fetching corpus: 1949, signal 123071/135482 (executing program) 2025/09/01 09:08:39 fetching corpus: 1999, signal 123625/136030 (executing program) 2025/09/01 09:08:39 fetching corpus: 2049, signal 124737/136800 (executing program) 2025/09/01 09:08:39 fetching corpus: 2099, signal 125686/137589 (executing program) 2025/09/01 09:08:39 fetching corpus: 2149, signal 126418/138131 (executing program) 2025/09/01 09:08:39 fetching corpus: 2199, signal 127232/138694 (executing program) 2025/09/01 09:08:39 fetching corpus: 2249, signal 128201/139262 (executing program) 2025/09/01 09:08:39 fetching corpus: 2299, signal 128858/139724 (executing program) 2025/09/01 09:08:39 fetching corpus: 2349, signal 129390/140100 (executing program) 2025/09/01 09:08:40 fetching corpus: 2399, signal 129871/140464 (executing program) 2025/09/01 09:08:40 fetching corpus: 2449, signal 130469/140851 (executing program) 2025/09/01 09:08:40 fetching corpus: 2499, signal 133022/141799 (executing program) 2025/09/01 09:08:40 fetching corpus: 2549, signal 133785/142208 (executing program) 2025/09/01 09:08:40 fetching corpus: 2599, signal 134656/142619 (executing program) 2025/09/01 09:08:40 fetching corpus: 2649, signal 135619/143025 (executing program) 2025/09/01 09:08:40 fetching corpus: 2699, signal 136062/143255 (executing program) 2025/09/01 09:08:40 fetching corpus: 2749, signal 136783/143535 (executing program) 2025/09/01 09:08:40 fetching corpus: 2799, signal 137625/143857 (executing program) 2025/09/01 09:08:41 fetching corpus: 2849, signal 138265/144129 (executing program) 2025/09/01 09:08:41 fetching corpus: 2899, signal 139553/144510 (executing program) 2025/09/01 09:08:41 fetching corpus: 2949, signal 141041/144827 (executing program) 2025/09/01 09:08:41 fetching corpus: 2999, signal 141606/144977 (executing program) 2025/09/01 09:08:41 fetching corpus: 3049, signal 142246/145171 (executing program) 2025/09/01 09:08:41 fetching corpus: 3099, signal 143107/145348 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145419 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145455 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145493 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145518 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145543 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145570 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145612 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145640 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145666 (executing program) 2025/09/01 09:08:41 fetching corpus: 3100, signal 143138/145666 (executing program) 2025/09/01 09:08:43 starting 8 fuzzer processes 09:08:43 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) move_mount(r0, 0x0, r1, 0x0, 0x66) 09:08:43 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) 09:08:43 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:08:43 executing program 3: mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000100)={0x10000b}, 0x20) [ 70.952265] audit: type=1400 audit(1756717723.824:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:08:43 executing program 2: syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) 09:08:43 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:08:43 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000006c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 09:08:43 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000bc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='perf_event'}, {@release_agent={'release_agent', 0x3d, './file0'}}]}) [ 72.074523] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.076747] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.078624] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.082253] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.084460] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.264971] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.275356] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.277581] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.282363] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.285480] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.287205] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.289156] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.293487] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.295269] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.297509] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.302651] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.306594] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.307885] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.310341] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.321490] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.345414] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.349097] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.354132] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.359530] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 72.364112] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.366024] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 72.371100] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.372798] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.374834] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.375977] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 72.378229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.391247] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.398550] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 72.399688] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.409772] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.441523] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 72.449498] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 72.455468] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 72.472096] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 72.484909] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 74.106622] Bluetooth: hci0: command tx timeout [ 74.362187] Bluetooth: hci1: command tx timeout [ 74.362305] Bluetooth: hci2: command tx timeout [ 74.426143] Bluetooth: hci4: command tx timeout [ 74.426736] Bluetooth: hci3: command tx timeout [ 74.490190] Bluetooth: hci5: command tx timeout [ 74.490673] Bluetooth: hci6: command tx timeout [ 74.555957] Bluetooth: hci7: command tx timeout [ 76.154096] Bluetooth: hci0: command tx timeout [ 76.410004] Bluetooth: hci1: command tx timeout [ 76.410057] Bluetooth: hci2: command tx timeout [ 76.474005] Bluetooth: hci4: command tx timeout [ 76.474152] Bluetooth: hci3: command tx timeout [ 76.538060] Bluetooth: hci6: command tx timeout [ 76.538080] Bluetooth: hci5: command tx timeout [ 76.601977] Bluetooth: hci7: command tx timeout [ 78.203143] Bluetooth: hci0: command tx timeout [ 78.458074] Bluetooth: hci2: command tx timeout [ 78.458128] Bluetooth: hci1: command tx timeout [ 78.524012] Bluetooth: hci4: command tx timeout [ 78.524028] Bluetooth: hci3: command tx timeout [ 78.586014] Bluetooth: hci6: command tx timeout [ 78.587014] Bluetooth: hci5: command tx timeout [ 78.650055] Bluetooth: hci7: command tx timeout [ 80.249978] Bluetooth: hci0: command tx timeout [ 80.505978] Bluetooth: hci2: command tx timeout [ 80.507043] Bluetooth: hci1: command tx timeout [ 80.570517] Bluetooth: hci3: command tx timeout [ 80.571710] Bluetooth: hci4: command tx timeout [ 80.634763] Bluetooth: hci5: command tx timeout [ 80.634794] Bluetooth: hci6: command tx timeout [ 80.698015] Bluetooth: hci7: command tx timeout [ 106.730296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.730939] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.901024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.901619] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.995376] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.996007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.030734] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.031542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.083815] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.084717] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.111709] cgroup: release_agent respecified [ 107.112634] cgroup: release_agent respecified 09:09:20 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000bc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='perf_event'}, {@release_agent={'release_agent', 0x3d, './file0'}}]}) [ 107.151525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.152146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.162729] cgroup: release_agent respecified 09:09:20 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000bc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='perf_event'}, {@release_agent={'release_agent', 0x3d, './file0'}}]}) [ 107.184636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.185221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.203637] cgroup: release_agent respecified [ 107.215434] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.216015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:09:20 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000bc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='perf_event'}, {@release_agent={'release_agent', 0x3d, './file0'}}]}) [ 107.251404] cgroup: release_agent respecified [ 107.292362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.293235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:09:20 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) [ 107.313671] audit: type=1400 audit(1756717760.184:8): avc: denied { open } for pid=3873 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 107.318965] audit: type=1400 audit(1756717760.184:9): avc: denied { kernel } for pid=3873 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 107.324570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.325183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.330074] audit: type=1400 audit(1756717760.191:10): avc: denied { write } for pid=3873 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:09:20 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) [ 107.414221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.414801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:09:20 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:20 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) 09:09:20 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) [ 107.493350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.493953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.527229] audit: type=1400 audit(1756717760.399:11): avc: denied { mounton } for pid=3888 comm="syz-executor.0" path="pipe:[4796]" dev="pipefs" ino=4796 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 [ 107.572937] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.573599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.600475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.601047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.609445] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.657217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.657796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.698712] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.699683] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:09:20 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) 09:09:20 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:20 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:09:20 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:09:20 executing program 3: mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000100)={0x10000b}, 0x20) 09:09:20 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) 09:09:20 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000006c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 09:09:20 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) move_mount(r0, 0x0, r1, 0x0, 0x66) 09:09:20 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) move_mount(r0, 0x0, r1, 0x0, 0x66) 09:09:20 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:09:20 executing program 3: mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000100)={0x10000b}, 0x20) 09:09:20 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:09:20 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000006c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 09:09:20 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) 09:09:20 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) move_mount(r0, 0x0, r1, 0x0, 0x66) 09:09:20 executing program 3: mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000100)={0x10000b}, 0x20) 09:09:20 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) 09:09:20 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:09:20 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) [ 108.093752] kmemleak: Found object by alias at 0x607f1a63dbfc [ 108.093774] CPU: 1 UID: 0 PID: 3929 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.093793] Tainted: [W]=WARN [ 108.093796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.093804] Call Trace: [ 108.093808] [ 108.093813] dump_stack_lvl+0xca/0x120 [ 108.093838] __lookup_object+0x94/0xb0 [ 108.093860] delete_object_full+0x27/0x70 [ 108.093876] free_percpu+0x30/0x1160 [ 108.093894] ? arch_uprobe_clear_state+0x16/0x140 [ 108.093915] futex_hash_free+0x38/0xc0 [ 108.093932] mmput+0x2d3/0x390 [ 108.093952] do_exit+0x79d/0x2970 [ 108.093966] ? signal_wake_up_state+0x85/0x120 [ 108.093982] ? zap_other_threads+0x2b9/0x3a0 [ 108.093998] ? __pfx_do_exit+0x10/0x10 [ 108.094011] ? do_group_exit+0x1c3/0x2a0 [ 108.094025] ? lock_release+0xc8/0x290 [ 108.094043] do_group_exit+0xd3/0x2a0 [ 108.094058] __x64_sys_exit_group+0x3e/0x50 [ 108.094073] x64_sys_call+0x18c5/0x18d0 [ 108.094089] do_syscall_64+0xbf/0x360 [ 108.094102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.094114] RIP: 0033:0x7fe469c1db19 [ 108.094123] Code: Unable to access opcode bytes at 0x7fe469c1daef. [ 108.094128] RSP: 002b:00007ffc25abdf88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 108.094140] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe469c1db19 [ 108.094147] RDX: 00007fe469bd072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 108.094155] RBP: 0000000000000000 R08: 0000001b2cf2001c R09: 0000000000000000 [ 108.094162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.094168] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc25abe070 [ 108.094184] [ 108.094188] kmemleak: Object (percpu) 0x607f1a63dbf8 (size 8): [ 108.094195] kmemleak: comm "syz-executor.5", pid 3942, jiffies 4294774976 [ 108.094202] kmemleak: min_count = 1 [ 108.094206] kmemleak: count = 0 [ 108.094209] kmemleak: flags = 0x21 [ 108.094214] kmemleak: checksum = 0 [ 108.094217] kmemleak: backtrace: [ 108.094221] pcpu_alloc_noprof+0x87a/0x1170 [ 108.094237] perf_trace_event_init+0x366/0xa10 [ 108.094251] perf_trace_init+0x1a4/0x2f0 [ 108.094263] perf_tp_event_init+0xa6/0x120 [ 108.094279] perf_try_init_event+0x140/0x9f0 [ 108.094294] perf_event_alloc.part.0+0x118e/0x45f0 [ 108.094311] __do_sys_perf_event_open+0x719/0x2c20 [ 108.094325] do_syscall_64+0xbf/0x360 [ 108.094334] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:09:21 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000006c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 09:09:21 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) 09:09:21 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:21 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) 09:09:21 executing program 2: request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, 0xfffffffffffffffd, 0x0) 09:09:21 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x7, 0x400c880) sendmmsg$inet6(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000740)={0xa, 0x4e24, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=[@hoplimit={{0x14, 0x29, 0x34, 0x7fff}}], 0x18}}], 0x2, 0x0) 09:09:21 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:21 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, "cc64134bec250a95"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 09:09:21 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x4b31, &(0x7f0000000280)) 09:09:21 executing program 2: request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, 0xfffffffffffffffd, 0x0) 09:09:21 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff}, 0x6) [ 108.288497] kmemleak: Found object by alias at 0x607f1a63dbfc [ 108.288515] CPU: 1 UID: 0 PID: 3947 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.288534] Tainted: [W]=WARN [ 108.288538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.288545] Call Trace: [ 108.288549] [ 108.288554] dump_stack_lvl+0xca/0x120 [ 108.288579] __lookup_object+0x94/0xb0 [ 108.288597] delete_object_full+0x27/0x70 [ 108.288613] free_percpu+0x30/0x1160 [ 108.288631] ? arch_uprobe_clear_state+0x16/0x140 [ 108.288652] futex_hash_free+0x38/0xc0 [ 108.288666] mmput+0x2d3/0x390 [ 108.288685] do_exit+0x79d/0x2970 [ 108.288700] ? signal_wake_up_state+0x85/0x120 [ 108.288716] ? zap_other_threads+0x2b9/0x3a0 [ 108.288732] ? __pfx_do_exit+0x10/0x10 [ 108.288758] ? do_group_exit+0x1c3/0x2a0 [ 108.288774] ? lock_release+0xc8/0x290 [ 108.288792] do_group_exit+0xd3/0x2a0 [ 108.288807] __x64_sys_exit_group+0x3e/0x50 [ 108.288821] x64_sys_call+0x18c5/0x18d0 [ 108.288837] do_syscall_64+0xbf/0x360 [ 108.288851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.288862] RIP: 0033:0x7fe469c1db19 [ 108.288871] Code: Unable to access opcode bytes at 0x7fe469c1daef. [ 108.288877] RSP: 002b:00007ffc25abdf88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 108.288888] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe469c1db19 [ 108.288896] RDX: 00007fe469bd072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 108.288903] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 108.288914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.288921] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffc25abe070 [ 108.288936] [ 108.288940] kmemleak: Object (percpu) 0x607f1a63dbf8 (size 8): [ 108.288947] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294775164 [ 108.288954] kmemleak: min_count = 1 [ 108.288958] kmemleak: count = 0 [ 108.288962] kmemleak: flags = 0x21 [ 108.288966] kmemleak: checksum = 0 [ 108.288970] kmemleak: backtrace: [ 108.288973] pcpu_alloc_noprof+0x87a/0x1170 [ 108.288989] perf_trace_event_init+0x366/0xa10 [ 108.289003] perf_trace_init+0x1a4/0x2f0 [ 108.289015] perf_tp_event_init+0xa6/0x120 [ 108.289032] perf_try_init_event+0x140/0x9f0 [ 108.289046] perf_event_alloc.part.0+0x118e/0x45f0 [ 108.289063] __do_sys_perf_event_open+0x719/0x2c20 [ 108.289077] do_syscall_64+0xbf/0x360 [ 108.289086] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:09:21 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:21 executing program 1: unshare(0x40000000) 09:09:21 executing program 7: munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x100010, r0, 0x8000000) 09:09:21 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:21 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, "cc64134bec250a95"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x4b31, &(0x7f0000000280)) 09:09:21 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) [ 108.454288] kmemleak: Found object by alias at 0x607f1a63dbfc [ 108.454310] CPU: 1 UID: 0 PID: 3975 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.454328] Tainted: [W]=WARN [ 108.454332] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.454340] Call Trace: [ 108.454344] [ 108.454349] dump_stack_lvl+0xca/0x120 [ 108.454373] __lookup_object+0x94/0xb0 [ 108.454390] delete_object_full+0x27/0x70 [ 108.454407] free_percpu+0x30/0x1160 [ 108.454424] ? arch_uprobe_clear_state+0x16/0x140 [ 108.454445] futex_hash_free+0x38/0xc0 [ 108.454459] mmput+0x2d3/0x390 [ 108.454479] do_exit+0x79d/0x2970 [ 108.454493] ? signal_wake_up_state+0x85/0x120 [ 108.454509] ? zap_other_threads+0x2b9/0x3a0 [ 108.454525] ? __pfx_do_exit+0x10/0x10 [ 108.454539] ? do_group_exit+0x1c3/0x2a0 [ 108.454553] ? lock_release+0xc8/0x290 [ 108.454570] do_group_exit+0xd3/0x2a0 [ 108.454586] __x64_sys_exit_group+0x3e/0x50 [ 108.454600] x64_sys_call+0x18c5/0x18d0 [ 108.454616] do_syscall_64+0xbf/0x360 [ 108.454629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.454641] RIP: 0033:0x7fe469c1db19 [ 108.454650] Code: Unable to access opcode bytes at 0x7fe469c1daef. [ 108.454655] RSP: 002b:00007ffc25abdf88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 108.454667] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe469c1db19 [ 108.454675] RDX: 00007fe469bd072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 108.454682] RBP: 0000000000000000 R08: 0000001b2cf23d30 R09: 0000000000000000 [ 108.454689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.454696] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc25abe070 [ 108.454711] [ 108.454715] kmemleak: Object (percpu) 0x607f1a63dbf8 (size 8): [ 108.454722] kmemleak: comm "syz-executor.1", pid 3973, jiffies 4294775295 [ 108.454729] kmemleak: min_count = 1 [ 108.454732] kmemleak: count = 0 [ 108.454736] kmemleak: flags = 0x21 [ 108.454740] kmemleak: checksum = 0 [ 108.454744] kmemleak: backtrace: [ 108.454747] pcpu_alloc_noprof+0x87a/0x1170 [ 108.454763] xfrm_state_init+0x1a5/0x640 [ 108.454774] xfrm_net_init+0x1a3/0xb20 [ 108.454786] ops_init+0x1e1/0x650 [ 108.454796] setup_net+0x10d/0x320 [ 108.454805] copy_net_ns+0x2e3/0x650 [ 108.454815] create_new_namespaces+0x3f6/0xab0 [ 108.454832] unshare_nsproxy_namespaces+0xc0/0x200 [ 108.454848] ksys_unshare+0x468/0xa10 [ 108.454860] __x64_sys_unshare+0x31/0x40 [ 108.454871] do_syscall_64+0xbf/0x360 [ 108.454881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.469608] kmemleak: Cannot insert 0x607f1a63dbfc into the object search tree (overlaps existing) [ 108.469625] CPU: 0 UID: 0 PID: 3973 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.469644] Tainted: [W]=WARN [ 108.469648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.469656] Call Trace: [ 108.469660] [ 108.469665] dump_stack_lvl+0xca/0x120 [ 108.469690] __link_object+0x190/0x210 [ 108.469710] __create_object+0x48/0x80 [ 108.469727] pcpu_alloc_noprof+0x87a/0x1170 [ 108.469753] alloc_netdev_mqs+0x131/0x1360 [ 108.469773] ? __pfx_ipip6_tunnel_setup+0x10/0x10 [ 108.469797] sit_init_net+0x19e/0x630 [ 108.469809] ? __pfx_sit_init_net+0x10/0x10 [ 108.469821] ops_init+0x1e1/0x650 [ 108.469835] setup_net+0x10d/0x320 [ 108.469845] ? lockdep_init_map_type+0x4b/0x240 [ 108.469861] ? __pfx_setup_net+0x10/0x10 [ 108.469874] ? debug_mutex_init+0x37/0x70 [ 108.469895] copy_net_ns+0x2e3/0x650 [ 108.469914] create_new_namespaces+0x3f6/0xab0 [ 108.469938] unshare_nsproxy_namespaces+0xc0/0x200 [ 108.469959] ksys_unshare+0x468/0xa10 [ 108.469974] ? __pfx_ksys_unshare+0x10/0x10 [ 108.469986] ? lock_release+0xc8/0x290 [ 108.470006] __x64_sys_unshare+0x31/0x40 [ 108.470019] do_syscall_64+0xbf/0x360 [ 108.470033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.470046] RIP: 0033:0x7f0f6f956b19 [ 108.470055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.470067] RSP: 002b:00007f0f6cecc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 108.470079] RAX: ffffffffffffffda RBX: 00007f0f6fa69f60 RCX: 00007f0f6f956b19 [ 108.470087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 108.470095] RBP: 00007f0f6f9b0f6d R08: 0000000000000000 R09: 0000000000000000 [ 108.470102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.470109] R13: 00007fffe5ab031f R14: 00007f0f6cecc300 R15: 0000000000022000 [ 108.470126] [ 108.470737] kmemleak: Kernel memory leak detector disabled [ 108.470742] kmemleak: Object (percpu) 0x607f1a63dbf8 (size 8): [ 108.470749] kmemleak: comm "syz-executor.1", pid 3973, jiffies 4294775295 [ 108.470756] kmemleak: min_count = 1 [ 108.470761] kmemleak: count = 0 [ 108.470764] kmemleak: flags = 0x21 [ 108.470768] kmemleak: checksum = 0 [ 108.470772] kmemleak: backtrace: [ 108.470776] pcpu_alloc_noprof+0x87a/0x1170 [ 108.470792] xfrm_state_init+0x1a5/0x640 [ 108.470804] xfrm_net_init+0x1a3/0xb20 [ 108.470817] ops_init+0x1e1/0x650 [ 108.470826] setup_net+0x10d/0x320 [ 108.470835] copy_net_ns+0x2e3/0x650 [ 108.470845] create_new_namespaces+0x3f6/0xab0 [ 108.470861] unshare_nsproxy_namespaces+0xc0/0x200 [ 108.470877] ksys_unshare+0x468/0xa10 [ 108.470889] __x64_sys_unshare+0x31/0x40 [ 108.470901] do_syscall_64+0xbf/0x360 [ 108.470910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.543324] kmemleak: Found object by alias at 0x607f1a63dbfc [ 108.543347] CPU: 1 UID: 0 PID: 65 Comm: kworker/u8:1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.543366] Tainted: [W]=WARN [ 108.543370] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.543378] Workqueue: netns cleanup_net [ 108.543398] Call Trace: [ 108.543402] [ 108.543407] dump_stack_lvl+0xca/0x120 [ 108.543429] __lookup_object+0x94/0xb0 [ 108.543448] delete_object_full+0x27/0x70 [ 108.543465] free_percpu+0x30/0x1160 [ 108.543484] ? xdp_rxq_info_unreg_mem_model+0x78/0x90 [ 108.543506] free_netdev+0x498/0x960 [ 108.543526] netdev_run_todo+0xab0/0xf80 [ 108.543547] ? __pfx_netdev_run_todo+0x10/0x10 [ 108.543569] ? sit_exit_rtnl_net+0x3b4/0x460 [ 108.543582] ? __pfx_nexthop_net_exit_rtnl+0x10/0x10 [ 108.543605] ops_undo_list+0x8e1/0xa50 [ 108.543627] ? __pfx_ops_undo_list+0x10/0x10 [ 108.543646] ? lock_release+0xc8/0x290 [ 108.543660] ? idr_destroy+0x62/0x2c0 [ 108.543679] cleanup_net+0x38d/0x770 [ 108.543690] ? lock_acquire+0x15e/0x2f0 [ 108.543704] ? __pfx_cleanup_net+0x10/0x10 [ 108.543716] ? lock_release+0xc8/0x290 [ 108.543733] process_one_work+0x8e1/0x19c0 [ 108.543755] ? __pfx_process_one_work+0x10/0x10 [ 108.543769] ? move_linked_works+0x172/0x270 [ 108.543790] ? assign_work+0x196/0x240 [ 108.543806] worker_thread+0x67e/0xe90 [ 108.543821] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 108.543839] ? __pfx_worker_thread+0x10/0x10 [ 108.543854] kthread+0x3c8/0x740 [ 108.543868] ? __pfx_kthread+0x10/0x10 [ 108.543880] ? ret_from_fork+0x23/0x430 [ 108.543899] ? lock_release+0xc8/0x290 [ 108.543918] ? __pfx_kthread+0x10/0x10 [ 108.543932] ret_from_fork+0x34b/0x430 [ 108.543949] ? __pfx_kthread+0x10/0x10 [ 108.543962] ret_from_fork_asm+0x1a/0x30 [ 108.543986] [ 108.543990] kmemleak: Object (percpu) 0x607f1a63dbf8 (size 8): [ 108.543997] kmemleak: comm "syz-executor.1", pid 3973, jiffies 4294775295 [ 108.544005] kmemleak: min_count = 1 [ 108.544009] kmemleak: count = 0 [ 108.544012] kmemleak: flags = 0x21 [ 108.544016] kmemleak: checksum = 0 [ 108.544020] kmemleak: backtrace: [ 108.544023] pcpu_alloc_noprof+0x87a/0x1170 [ 108.544039] xfrm_state_init+0x1a5/0x640 [ 108.544050] xfrm_net_init+0x1a3/0xb20 [ 108.544062] ops_init+0x1e1/0x650 [ 108.544071] setup_net+0x10d/0x320 [ 108.544079] copy_net_ns+0x2e3/0x650 [ 108.544089] create_new_namespaces+0x3f6/0xab0 [ 108.544106] unshare_nsproxy_namespaces+0xc0/0x200 [ 108.544123] ksys_unshare+0x468/0xa10 [ 108.544136] __x64_sys_unshare+0x31/0x40 [ 108.544147] do_syscall_64+0xbf/0x360 [ 108.544157] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 7: munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x100010, r0, 0x8000000) 09:09:21 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, "cc64134bec250a95"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 09:09:21 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x4b31, &(0x7f0000000280)) 09:09:21 executing program 1: unshare(0x40000000) 09:09:21 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) r3 = dup2(r2, r1) sendmsg$AUDIT_USER(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) 09:09:21 executing program 2: request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, 0xfffffffffffffffd, 0x0) 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, "cc64134bec250a95"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 09:09:21 executing program 2: request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, 0xfffffffffffffffd, 0x0) 09:09:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x4b31, &(0x7f0000000280)) 09:09:21 executing program 7: munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x100010, r0, 0x8000000) 09:09:21 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 7: munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x100010, r0, 0x8000000) 09:09:21 executing program 1: unshare(0x40000000) 09:09:21 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)) 09:09:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0), 0x4) 09:09:21 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0), 0x4) 09:09:21 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 1: unshare(0x40000000) 09:09:21 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x0, 0x9}) 09:09:21 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0), 0x4) 09:09:21 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)) 09:09:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:21 executing program 5: io_uring_setup(0x1087, &(0x7f0000000500)) 09:09:21 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0), 0x4) 09:09:22 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:22 executing program 5: fsmount(0xffffffffffffffff, 0x0, 0x0) ioctl$BLKROSET(0xffffffffffffffff, 0x125d, 0x0) clock_gettime(0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f0000000580)={0xdf}) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, 0x0) syz_mount_image$msdos(&(0x7f0000000640), &(0x7f0000000680)='./file2\x00', 0x0, 0x2, &(0x7f0000000780)=[{&(0x7f00000006c0)='o', 0x1}, {&(0x7f0000000740)="4aae4f72e5b4f5", 0x7}], 0x1208021, &(0x7f00000007c0)={[{@dots}, {@fat=@dmask}], [{@uid_gt}, {@obj_type={'obj_type', 0x3d, '#^[\x00'}}]}) syz_open_dev$loop(0x0, 0x0, 0x402000) 09:09:22 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000400)='./file0\x00', 0x0) 09:09:22 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)) 09:09:22 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, 0x0) 09:09:22 executing program 2: r0 = gettid() rt_sigqueueinfo(r0, 0x17, &(0x7f0000000100)={0x0, 0x0, 0x1}) 09:09:22 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f00000010c0)=ANY=[@ANYBLOB="043106ffe0ffffffff"], 0x9) r0 = fork() waitid(0x1, r0, &(0x7f0000000040), 0x3, &(0x7f0000000cc0)) 09:09:22 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 2: r0 = gettid() rt_sigqueueinfo(r0, 0x17, &(0x7f0000000100)={0x0, 0x0, 0x1}) 09:09:22 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000400)='./file0\x00', 0x0) 09:09:22 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 5: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) bind(r0, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x2}, 0x80) 09:09:22 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)) 09:09:22 executing program 2: r0 = gettid() rt_sigqueueinfo(r0, 0x17, &(0x7f0000000100)={0x0, 0x0, 0x1}) 09:09:22 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1000000002000000f9"], 0x121d40) 09:09:22 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 2: r0 = gettid() rt_sigqueueinfo(r0, 0x17, &(0x7f0000000100)={0x0, 0x0, 0x1}) 09:09:22 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000400)='./file0\x00', 0x0) 09:09:22 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 5: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) bind(r0, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x2}, 0x80) 09:09:22 executing program 5: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) bind(r0, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x2}, 0x80) 09:09:22 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x4f) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001cc0)=""/124, 0x7c}], 0x1, &(0x7f0000001d80)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x40000000) clone3(&(0x7f00000023c0)={0x201000, &(0x7f00000020c0), &(0x7f0000002100), &(0x7f0000002140), {0x3f}, &(0x7f0000002180)=""/252, 0xfc, &(0x7f0000002280)=""/209, 0x0}, 0x58) 09:09:22 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_sco(r2, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) bind$bt_sco(r1, &(0x7f0000001380), 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r3, 0xf505, 0x0) r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x100800) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f00000000c0)={'veth1\x00', 0xbe}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) r6 = dup2(r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x13, 0x0, &(0x7f0000000080)) shutdown(r5, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) 09:09:22 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000400)='./file0\x00', 0x0) 09:09:22 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) 09:09:22 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1000000002000000f9"], 0x121d40) 09:09:22 executing program 7: eventfd2(0x0, 0x0) 09:09:22 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) io_submit(r0, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) [ 109.520618] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 109.521523] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 109.522111] CPU: 0 UID: 0 PID: 4128 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.523037] Tainted: [W]=WARN [ 109.523284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.527346] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.527729] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.529124] RSP: 0018:ffff8880454ef800 EFLAGS: 00010212 [ 109.529535] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 109.530085] RDX: ffff88801ba48000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 109.530639] RBP: ffff8880454efa70 R08: ffff88806ce31340 R09: ffffe8ffffc15bf8 [ 109.531185] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.531732] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.532282] FS: 000055559252c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.532908] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.533356] CR2: 000055559252dc18 CR3: 0000000043fe2000 CR4: 0000000000350ef0 [ 109.533903] Call Trace: [ 109.534112] [ 109.534296] ? arch_scale_cpu_capacity+0x17/0xa0 [ 109.534679] ? __pfx_perf_tp_event+0x10/0x10 [ 109.535031] ? __asan_memset+0x24/0x50 [ 109.535355] ? perf_trace_lock+0xb5/0x5d0 [ 109.535684] ? kvm_sched_clock_read+0x16/0x30 [ 109.536041] ? sched_clock+0x37/0x60 [ 109.536343] ? sched_clock_cpu+0x6c/0x4e0 [ 109.536678] ? lock_is_held_type+0x9e/0x120 [ 109.537033] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.537428] perf_trace_run_bpf_submit+0xef/0x180 [ 109.537811] perf_trace_lock+0x337/0x5d0 [ 109.538136] ? __pfx_perf_trace_lock+0x10/0x10 09:09:22 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1000000002000000f9"], 0x121d40) [ 109.538500] ? lock_acquire+0x15e/0x2f0 [ 109.538909] ? futex_ref_get+0x48/0x300 [ 109.539236] ? futex_ref_get+0x114/0x300 [ 109.539553] ? futex_hash+0x15c/0x390 [ 109.539853] lock_release+0x1ab/0x290 [ 109.540155] ? futex_hash+0x15c/0x390 [ 109.540461] futex_ref_get+0x119/0x300 [ 109.540774] ? futex_hash+0x15c/0x390 [ 109.541079] futex_hash+0x70/0x390 [ 109.541362] futex_wake+0x143/0x540 [ 109.541656] ? put_pid+0x1f/0x30 [ 109.541928] ? kernel_clone+0x204/0x7f0 [ 109.542242] ? __pfx_futex_wake+0x10/0x10 [ 109.542570] ? __pfx_kernel_clone+0x10/0x10 [ 109.542907] ? perf_trace_lock+0xb5/0x5d0 [ 109.543237] do_futex+0x26d/0x370 [ 109.543514] ? __pfx_do_futex+0x10/0x10 [ 109.543827] ? __pfx___do_sys_clone+0x10/0x10 [ 109.544181] ? find_held_lock+0x2b/0x80 [ 109.544502] __x64_sys_futex+0x1c9/0x4d0 [ 109.544832] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.545191] ? xfd_validate_state+0x55/0x180 [ 109.545551] do_syscall_64+0xbf/0x360 [ 109.545853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.546254] RIP: 0033:0x7f0f6f956b19 [ 109.546545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.547930] RSP: 002b:00007fffe5ab0398 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.548513] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f6f956b19 [ 109.549066] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0f6fa69f68 [ 109.549616] RBP: 00007f0f6fa69f60 R08: 00007f0f6cecc700 R09: 0000000000000000 [ 109.550166] R10: 00007f0f6cecc700 R11: 0000000000000246 R12: 00007f0f6fa6e060 [ 109.550717] R13: 00007fffe5ab04a0 R14: 00007f0f6fa69f60 R15: 000000000001ab6a [ 109.551274] [ 109.551459] Modules linked in: [ 109.551733] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 109.552591] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 109.553184] CPU: 0 UID: 0 PID: 4128 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.554100] Tainted: [D]=DIE, [W]=WARN [ 109.554400] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.555031] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.555405] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.556800] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 109.557212] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 109.557762] RDX: ffff88801ba48000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 109.558314] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15bf8 [ 109.558863] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 109.559417] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 109.559968] FS: 000055559252c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.560585] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.561042] CR2: 000055559252dc18 CR3: 0000000043fe2000 CR4: 0000000000350ef0 [ 109.561595] Call Trace: [ 109.561800] [ 109.561975] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 109.562404] ? arch_stack_walk+0x9c/0xf0 [ 109.562727] ? __pfx_perf_tp_event+0x10/0x10 [ 109.563079] ? perf_trace_lock+0xb5/0x5d0 [ 109.563409] ? __lock_acquire+0xc65/0x1b70 [ 109.563742] ? perf_trace_lock+0xb5/0x5d0 [ 109.564066] ? perf_trace_lock+0xb5/0x5d0 [ 109.564392] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.564751] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.565126] ? update_curr+0x1b9/0x500 [ 109.565443] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.565835] perf_trace_run_bpf_submit+0xef/0x180 [ 109.566221] perf_trace_lock+0x337/0x5d0 [ 109.566542] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.566904] ? find_held_lock+0x2b/0x80 [ 109.567221] ? hrtimer_interrupt+0x114/0x830 [ 109.567568] lock_release+0x1ab/0x290 [ 109.567870] ktime_get_update_offsets_now+0xab/0x3c0 [ 109.568271] ? hrtimer_interrupt+0x114/0x830 09:09:22 executing program 2: ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x4f) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001cc0)=""/124, 0x7c}], 0x1, &(0x7f0000001d80)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x40000000) clone3(&(0x7f00000023c0)={0x201000, &(0x7f00000020c0), &(0x7f0000002100), &(0x7f0000002140), {0x3f}, &(0x7f0000002180)=""/252, 0xfc, &(0x7f0000002280)=""/209, 0x0}, 0x58) [ 109.568615] ? __pfx_lapic_next_deadline+0x10/0x10 [ 109.569072] hrtimer_interrupt+0x114/0x830 [ 109.569410] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 109.569813] sysvec_apic_timer_interrupt+0x6b/0x80 [ 109.570198] [ 109.570379] [ 109.570562] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 109.570972] RIP: 0010:oops_exit+0x0/0x50 [ 109.571293] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 109.572685] RSP: 0018:ffff8880454ef690 EFLAGS: 00000202 [ 109.573107] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 109.573654] RDX: ffff88801ba48000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 109.574203] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 109.574751] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880454ef758 [ 109.575302] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 109.575855] ? add_taint+0x5f/0xd0 [ 109.576141] ? oops_end+0x4a/0xe0 [ 109.576428] oops_end+0x65/0xe0 [ 109.576698] exc_general_protection+0x1a2/0x330 [ 109.577077] asm_exc_general_protection+0x26/0x30 [ 109.577459] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.577824] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.579221] RSP: 0018:ffff8880454ef800 EFLAGS: 00010212 [ 109.579630] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 109.580177] RDX: ffff88801ba48000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 109.580722] RBP: ffff8880454efa70 R08: ffff88806ce31340 R09: ffffe8ffffc15bf8 [ 109.581280] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.581825] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.582379] ? perf_tp_event+0x167/0xe70 [ 109.582706] ? arch_scale_cpu_capacity+0x17/0xa0 [ 109.583085] ? __pfx_perf_tp_event+0x10/0x10 [ 109.583437] ? __asan_memset+0x24/0x50 [ 109.583760] ? perf_trace_lock+0xb5/0x5d0 [ 109.584089] ? kvm_sched_clock_read+0x16/0x30 [ 109.584445] ? sched_clock+0x37/0x60 [ 109.584741] ? sched_clock_cpu+0x6c/0x4e0 [ 109.585075] ? lock_is_held_type+0x9e/0x120 [ 109.585417] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.585811] perf_trace_run_bpf_submit+0xef/0x180 [ 109.586194] perf_trace_lock+0x337/0x5d0 [ 109.586515] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.586877] ? lock_acquire+0x15e/0x2f0 [ 109.587188] ? futex_ref_get+0x48/0x300 [ 109.587499] ? futex_ref_get+0x114/0x300 [ 109.587813] ? futex_hash+0x15c/0x390 [ 109.588114] lock_release+0x1ab/0x290 [ 109.588415] ? futex_hash+0x15c/0x390 [ 109.588714] futex_ref_get+0x119/0x300 [ 109.589027] ? futex_hash+0x15c/0x390 [ 109.589327] futex_hash+0x70/0x390 [ 109.589609] futex_wake+0x143/0x540 [ 109.589901] ? put_pid+0x1f/0x30 [ 109.590168] ? kernel_clone+0x204/0x7f0 [ 109.590485] ? __pfx_futex_wake+0x10/0x10 [ 109.590811] ? __pfx_kernel_clone+0x10/0x10 [ 109.591150] ? perf_trace_lock+0xb5/0x5d0 [ 109.591479] do_futex+0x26d/0x370 [ 109.591756] ? __pfx_do_futex+0x10/0x10 [ 109.592068] ? __pfx___do_sys_clone+0x10/0x10 [ 109.592419] ? find_held_lock+0x2b/0x80 [ 109.592736] __x64_sys_futex+0x1c9/0x4d0 [ 109.593068] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.593431] ? xfd_validate_state+0x55/0x180 [ 109.593786] do_syscall_64+0xbf/0x360 [ 109.594086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.594486] RIP: 0033:0x7f0f6f956b19 [ 109.594778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.596169] RSP: 002b:00007fffe5ab0398 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.596760] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f6f956b19 [ 109.597313] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0f6fa69f68 [ 109.597859] RBP: 00007f0f6fa69f60 R08: 00007f0f6cecc700 R09: 0000000000000000 [ 109.598407] R10: 00007f0f6cecc700 R11: 0000000000000246 R12: 00007f0f6fa6e060 [ 109.598957] R13: 00007fffe5ab04a0 R14: 00007f0f6fa69f60 R15: 000000000001ab6a [ 109.599515] [ 109.599704] Modules linked in: [ 109.599961] ---[ end trace 0000000000000000 ]--- [ 109.600323] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.600693] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.602097] RSP: 0018:ffff8880454ef800 EFLAGS: 00010212 [ 109.602509] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 109.603056] RDX: ffff88801ba48000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 109.603611] RBP: ffff8880454efa70 R08: ffff88806ce31340 R09: ffffe8ffffc15bf8 [ 109.604160] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.604710] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.605265] FS: 000055559252c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.605885] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.606340] CR2: 000055559252dc18 CR3: 0000000043fe2000 CR4: 0000000000350ef0 [ 109.606895] Kernel panic - not syncing: Fatal exception in interrupt [ 110.651105] Shutting down cpus with NMI [ 110.651620] Kernel Offset: disabled [ 110.651905] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:09:22 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880454ef140 R8 =0000000000000000 R9 =ffffed10016cd046 R10=00000000000fe503 R11=6572617764726148 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055559252c400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055559252dc18 CR3=0000000043fe2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f0f6fa3d7c000007f0f6fa3d7c8 XMM02=00007f0f6fa3d7e000007f0f6fa3d7c0 XMM03=00007f0f6fa3d7c800007f0f6fa3d7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff8880e56d8000 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88806cf31850 RBP=ffff8880138ab4b8 RSP=ffff888009dd7da8 R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff8643b457 R11=1ffff1100d9e6f7b R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=000000000000001f RIP=ffffffff815af2d4 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe0b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000200023c0 CR3=000000004225f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000012dfab9f52aa5b5ba1b91301 XMM01=0000000068066f8b16cfa0bfa05fc640 XMM02=0000000000000300ffffffff84df71c0 XMM03=ffffffffffffffff0f0e0d0c0b0a0908 XMM04=0000000000000300ffffffffca47825b XMM05=ffffffffca47825bb1f12d7261a325d0 XMM06=00000000000000000000000000000000 XMM07=00000001db710640b4e5b025f7011641 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000