Warning: Permanently added '[localhost]:64333' (ECDSA) to the list of known hosts.
2025/09/01 09:15:48 fuzzer started
2025/09/01 09:15:48 dialing manager at localhost:35473
syzkaller login: [ 51.233075] cgroup: Unknown subsys name 'net'
[ 51.328754] cgroup: Unknown subsys name 'cpuset'
[ 51.347805] cgroup: Unknown subsys name 'rlimit'
2025/09/01 09:15:59 syscalls: 2214
2025/09/01 09:15:59 code coverage: enabled
2025/09/01 09:15:59 comparison tracing: enabled
2025/09/01 09:15:59 extra coverage: enabled
2025/09/01 09:15:59 setuid sandbox: enabled
2025/09/01 09:15:59 namespace sandbox: enabled
2025/09/01 09:15:59 Android sandbox: enabled
2025/09/01 09:15:59 fault injection: enabled
2025/09/01 09:15:59 leak checking: enabled
2025/09/01 09:15:59 net packet injection: enabled
2025/09/01 09:15:59 net device setup: enabled
2025/09/01 09:15:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 09:15:59 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 09:15:59 USB emulation: enabled
2025/09/01 09:15:59 hci packet injection: enabled
2025/09/01 09:15:59 wifi device emulation: enabled
2025/09/01 09:15:59 802.15.4 emulation: enabled
2025/09/01 09:15:59 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 09:15:59 fetching corpus: 50, signal 27310/30567 (executing program)
2025/09/01 09:16:00 fetching corpus: 100, signal 38446/42875 (executing program)
2025/09/01 09:16:00 fetching corpus: 150, signal 47941/53366 (executing program)
2025/09/01 09:16:00 fetching corpus: 200, signal 52299/58753 (executing program)
2025/09/01 09:16:00 fetching corpus: 250, signal 58686/65954 (executing program)
2025/09/01 09:16:00 fetching corpus: 300, signal 63614/71585 (executing program)
2025/09/01 09:16:00 fetching corpus: 350, signal 67814/76505 (executing program)
2025/09/01 09:16:00 fetching corpus: 400, signal 69897/79414 (executing program)
2025/09/01 09:16:00 fetching corpus: 450, signal 73128/83271 (executing program)
2025/09/01 09:16:01 fetching corpus: 500, signal 75468/86232 (executing program)
2025/09/01 09:16:01 fetching corpus: 550, signal 79611/90707 (executing program)
2025/09/01 09:16:01 fetching corpus: 600, signal 85081/96107 (executing program)
2025/09/01 09:16:01 fetching corpus: 650, signal 87007/98488 (executing program)
2025/09/01 09:16:01 fetching corpus: 700, signal 88798/100702 (executing program)
2025/09/01 09:16:01 fetching corpus: 750, signal 90480/102857 (executing program)
2025/09/01 09:16:01 fetching corpus: 800, signal 92113/104887 (executing program)
2025/09/01 09:16:01 fetching corpus: 850, signal 93766/106874 (executing program)
2025/09/01 09:16:02 fetching corpus: 900, signal 95318/108798 (executing program)
2025/09/01 09:16:02 fetching corpus: 950, signal 97466/111042 (executing program)
2025/09/01 09:16:02 fetching corpus: 1000, signal 99023/112801 (executing program)
2025/09/01 09:16:02 fetching corpus: 1050, signal 101008/114825 (executing program)
2025/09/01 09:16:02 fetching corpus: 1100, signal 102233/116291 (executing program)
2025/09/01 09:16:02 fetching corpus: 1150, signal 103469/117733 (executing program)
2025/09/01 09:16:02 fetching corpus: 1200, signal 104791/119197 (executing program)
2025/09/01 09:16:02 fetching corpus: 1250, signal 105954/120523 (executing program)
2025/09/01 09:16:02 fetching corpus: 1300, signal 106754/121568 (executing program)
2025/09/01 09:16:02 fetching corpus: 1350, signal 108264/123078 (executing program)
2025/09/01 09:16:03 fetching corpus: 1400, signal 109436/124294 (executing program)
2025/09/01 09:16:03 fetching corpus: 1450, signal 110489/125434 (executing program)
2025/09/01 09:16:03 fetching corpus: 1500, signal 112951/127254 (executing program)
2025/09/01 09:16:03 fetching corpus: 1550, signal 114054/128354 (executing program)
2025/09/01 09:16:03 fetching corpus: 1600, signal 115758/129705 (executing program)
2025/09/01 09:16:03 fetching corpus: 1650, signal 116995/130805 (executing program)
2025/09/01 09:16:03 fetching corpus: 1700, signal 118097/131768 (executing program)
2025/09/01 09:16:03 fetching corpus: 1750, signal 119525/132897 (executing program)
2025/09/01 09:16:04 fetching corpus: 1800, signal 120343/133655 (executing program)
2025/09/01 09:16:04 fetching corpus: 1850, signal 121429/134624 (executing program)
2025/09/01 09:16:04 fetching corpus: 1900, signal 122835/135649 (executing program)
2025/09/01 09:16:04 fetching corpus: 1950, signal 123941/136489 (executing program)
2025/09/01 09:16:04 fetching corpus: 2000, signal 124841/137179 (executing program)
2025/09/01 09:16:04 fetching corpus: 2050, signal 125748/137868 (executing program)
2025/09/01 09:16:04 fetching corpus: 2100, signal 126499/138467 (executing program)
2025/09/01 09:16:04 fetching corpus: 2150, signal 127092/138977 (executing program)
2025/09/01 09:16:04 fetching corpus: 2200, signal 127971/139595 (executing program)
2025/09/01 09:16:04 fetching corpus: 2250, signal 129242/140325 (executing program)
2025/09/01 09:16:05 fetching corpus: 2300, signal 130099/140882 (executing program)
2025/09/01 09:16:05 fetching corpus: 2350, signal 131080/141425 (executing program)
2025/09/01 09:16:05 fetching corpus: 2400, signal 131807/141885 (executing program)
2025/09/01 09:16:05 fetching corpus: 2450, signal 132438/142282 (executing program)
2025/09/01 09:16:05 fetching corpus: 2500, signal 133221/142701 (executing program)
2025/09/01 09:16:05 fetching corpus: 2550, signal 134270/143208 (executing program)
2025/09/01 09:16:05 fetching corpus: 2600, signal 135404/143675 (executing program)
2025/09/01 09:16:05 fetching corpus: 2650, signal 136122/144109 (executing program)
2025/09/01 09:16:05 fetching corpus: 2700, signal 136913/144460 (executing program)
2025/09/01 09:16:06 fetching corpus: 2750, signal 137852/144798 (executing program)
2025/09/01 09:16:06 fetching corpus: 2800, signal 138646/145109 (executing program)
2025/09/01 09:16:06 fetching corpus: 2850, signal 139453/145390 (executing program)
2025/09/01 09:16:06 fetching corpus: 2900, signal 140402/145683 (executing program)
2025/09/01 09:16:06 fetching corpus: 2950, signal 140983/145893 (executing program)
2025/09/01 09:16:06 fetching corpus: 3000, signal 141691/146070 (executing program)
2025/09/01 09:16:06 fetching corpus: 3050, signal 142202/146245 (executing program)
2025/09/01 09:16:06 fetching corpus: 3100, signal 142753/146403 (executing program)
2025/09/01 09:16:06 fetching corpus: 3150, signal 143340/146522 (executing program)
2025/09/01 09:16:07 fetching corpus: 3200, signal 144133/146635 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146681 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146729 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146760 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146800 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146843 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146879 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146918 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146933 (executing program)
2025/09/01 09:16:07 fetching corpus: 3205, signal 144199/146933 (executing program)
2025/09/01 09:16:09 starting 8 fuzzer processes
09:16:09 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"})
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0)
09:16:09 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x100)
09:16:09 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)
09:16:09 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:09 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="02", 0x1}], 0x1}}], 0x1, 0x1)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)="c1", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="da", 0x1}], 0x1}}], 0x1, 0x1)
09:16:09 executing program 3:
futex(&(0x7f0000000880)=0x2, 0xc, 0x1, 0x0, &(0x7f0000001b40), 0x2)
09:16:09 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000001980)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1e, 0x0, "52dea74fddd0a221d1d69c29217d9e8b04ba0441712b57a2521ea63acd8d49aa6183b6797f1d083476f54bc21a901f4aea60f385b2c32a9c48557719ef6485c837a72484f5880208170898d1e5313464"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4)
09:16:09 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
[ 71.437032] audit: type=1400 audit(1756718169.278:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 72.671179] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.675730] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.679457] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.685774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.690234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.743859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.746805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.748808] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 72.750905] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 72.752959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 72.759020] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 72.760833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 72.763112] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.764790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 72.766117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 72.767838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 72.780251] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 72.783370] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 72.787768] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 72.794031] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.796357] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 72.800880] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.808049] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 72.810711] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 72.813877] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 72.817861] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 72.819209] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 72.823786] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 72.829575] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 72.831206] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 72.833791] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 72.848027] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 72.849798] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 72.859768] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 72.861773] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 72.865791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 72.873784] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 72.876027] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 72.883783] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 72.888083] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 74.769296] Bluetooth: hci0: command tx timeout
[ 74.833824] Bluetooth: hci4: command tx timeout
[ 74.899642] Bluetooth: hci3: command tx timeout
[ 74.899743] Bluetooth: hci2: command tx timeout
[ 74.900168] Bluetooth: hci1: command tx timeout
[ 74.960839] Bluetooth: hci6: command tx timeout
[ 74.962087] Bluetooth: hci5: command tx timeout
[ 74.962636] Bluetooth: hci7: command tx timeout
[ 76.816666] Bluetooth: hci0: command tx timeout
[ 76.880674] Bluetooth: hci4: command tx timeout
[ 76.944623] Bluetooth: hci1: command tx timeout
[ 76.944874] Bluetooth: hci2: command tx timeout
[ 76.945027] Bluetooth: hci3: command tx timeout
[ 77.008560] Bluetooth: hci7: command tx timeout
[ 77.008703] Bluetooth: hci5: command tx timeout
[ 77.008961] Bluetooth: hci6: command tx timeout
[ 78.865638] Bluetooth: hci0: command tx timeout
[ 78.928559] Bluetooth: hci4: command tx timeout
[ 78.993381] Bluetooth: hci3: command tx timeout
[ 78.994044] Bluetooth: hci2: command tx timeout
[ 78.994423] Bluetooth: hci1: command tx timeout
[ 79.056593] Bluetooth: hci5: command tx timeout
[ 79.057044] Bluetooth: hci7: command tx timeout
[ 79.057414] Bluetooth: hci6: command tx timeout
[ 80.915602] Bluetooth: hci0: command tx timeout
[ 80.977573] Bluetooth: hci4: command tx timeout
[ 81.041668] Bluetooth: hci1: command tx timeout
[ 81.041695] Bluetooth: hci2: command tx timeout
[ 81.042067] Bluetooth: hci3: command tx timeout
[ 81.104583] Bluetooth: hci6: command tx timeout
[ 81.105626] Bluetooth: hci7: command tx timeout
[ 81.105645] Bluetooth: hci5: command tx timeout
[ 108.685630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.686310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.872272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.873152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.048884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.049531] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.235663] audit: type=1400 audit(1756718207.076:8): avc: denied { open } for pid=3847 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 109.243093] audit: type=1400 audit(1756718207.076:9): avc: denied { kernel } for pid=3847 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 109.271957] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.273232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.322107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.322837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:16:47 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)
09:16:47 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)
[ 109.456490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.457125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:16:47 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)
[ 109.526030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.526666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.609413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.610224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:16:47 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000001980)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1e, 0x0, "52dea74fddd0a221d1d69c29217d9e8b04ba0441712b57a2521ea63acd8d49aa6183b6797f1d083476f54bc21a901f4aea60f385b2c32a9c48557719ef6485c837a72484f5880208170898d1e5313464"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4)
09:16:47 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
09:16:47 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
[ 109.730734] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.731353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.754611] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.755218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.801822] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.802454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.843794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.844407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.866879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.868050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.917876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.918489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.957716] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.958321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.019351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.020156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:16:48 executing program 3:
futex(&(0x7f0000000880)=0x2, 0xc, 0x1, 0x0, &(0x7f0000001b40), 0x2)
09:16:48 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
09:16:48 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x100)
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:48 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="02", 0x1}], 0x1}}], 0x1, 0x1)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)="c1", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="da", 0x1}], 0x1}}], 0x1, 0x1)
09:16:48 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000001980)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1e, 0x0, "52dea74fddd0a221d1d69c29217d9e8b04ba0441712b57a2521ea63acd8d49aa6183b6797f1d083476f54bc21a901f4aea60f385b2c32a9c48557719ef6485c837a72484f5880208170898d1e5313464"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4)
09:16:48 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
09:16:48 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"})
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0)
09:16:48 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000001980)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1e, 0x0, "52dea74fddd0a221d1d69c29217d9e8b04ba0441712b57a2521ea63acd8d49aa6183b6797f1d083476f54bc21a901f4aea60f385b2c32a9c48557719ef6485c837a72484f5880208170898d1e5313464"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4)
09:16:48 executing program 3:
futex(&(0x7f0000000880)=0x2, 0xc, 0x1, 0x0, &(0x7f0000001b40), 0x2)
09:16:48 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:48 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x100)
09:16:48 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="02", 0x1}], 0x1}}], 0x1, 0x1)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)="c1", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="da", 0x1}], 0x1}}], 0x1, 0x1)
09:16:48 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
09:16:48 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"})
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0)
09:16:48 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
09:16:48 executing program 3:
futex(&(0x7f0000000880)=0x2, 0xc, 0x1, 0x0, &(0x7f0000001b40), 0x2)
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:48 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
09:16:48 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x100)
[ 110.485712] kmemleak: Found object by alias at 0x607f1a63dbbc
[ 110.485735] CPU: 0 UID: 0 PID: 3937 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.485757] Tainted: [W]=WARN
[ 110.485761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.485768] Call Trace:
[ 110.485772]
[ 110.485777] dump_stack_lvl+0xca/0x120
[ 110.485803] __lookup_object+0x94/0xb0
[ 110.485820] delete_object_full+0x27/0x70
[ 110.485837] free_percpu+0x30/0x1160
[ 110.485854] ? arch_uprobe_clear_state+0x16/0x140
[ 110.485878] futex_hash_free+0x38/0xc0
[ 110.485892] mmput+0x2d3/0x390
[ 110.485911] do_exit+0x79d/0x2970
[ 110.485925] ? signal_wake_up_state+0x85/0x120
[ 110.485941] ? zap_other_threads+0x2b9/0x3a0
[ 110.485957] ? __pfx_do_exit+0x10/0x10
[ 110.485970] ? do_group_exit+0x1c3/0x2a0
[ 110.485983] ? lock_release+0xc8/0x290
[ 110.486000] do_group_exit+0xd3/0x2a0
[ 110.486015] __x64_sys_exit_group+0x3e/0x50
[ 110.486029] x64_sys_call+0x18c5/0x18d0
[ 110.486045] do_syscall_64+0xbf/0x360
[ 110.486058] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.486069] RIP: 0033:0x7fae49270b19
[ 110.486078] Code: Unable to access opcode bytes at 0x7fae49270aef.
[ 110.486083] RSP: 002b:00007ffd0473d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 110.486095] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fae49270b19
[ 110.486103] RDX: 00007fae4922372b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 110.486110] RBP: 0000000000000000 R08: 0000001b2cd23d64 R09: 0000000000000000
[ 110.486117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 110.486123] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd0473d120
[ 110.486139]
[ 110.486142] kmemleak: Object (percpu) 0x607f1a63dbb8 (size 8):
[ 110.486149] kmemleak: comm "syz-executor.7", pid 3947, jiffies 4294777257
[ 110.486156] kmemleak: min_count = 1
[ 110.486160] kmemleak: count = 0
[ 110.486164] kmemleak: flags = 0x21
[ 110.486168] kmemleak: checksum = 0
[ 110.486171] kmemleak: backtrace:
[ 110.486175] pcpu_alloc_noprof+0x87a/0x1170
[ 110.486191] perf_trace_event_init+0x366/0xa10
[ 110.486205] perf_trace_init+0x1a4/0x2f0
[ 110.486217] perf_tp_event_init+0xa6/0x120
[ 110.486233] perf_try_init_event+0x140/0x9f0
[ 110.486247] perf_event_alloc.part.0+0x118e/0x45f0
[ 110.486263] __do_sys_perf_event_open+0x719/0x2c20
[ 110.486277] do_syscall_64+0xbf/0x360
[ 110.486286] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:16:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
09:16:48 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="02", 0x1}], 0x1}}], 0x1, 0x1)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)="c1", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="da", 0x1}], 0x1}}], 0x1, 0x1)
09:16:48 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"})
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0)
09:16:48 executing program 6:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
09:16:48 executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}}, 0x14)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, r2}, 0x14)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@loopback}}, {{@in=@dev}, 0x0, @in=@loopback}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
09:16:48 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:48 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000100)="c4952cdf69b108dff5ad46ca", 0xffbe)
recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/113, 0x71, 0x20, 0x0, 0x0)
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
[ 110.637896] kmemleak: Found object by alias at 0x607f1a63dbbc
[ 110.637917] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.637935] Tainted: [W]=WARN
[ 110.637939] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.637946] Call Trace:
[ 110.637950]
[ 110.637955] dump_stack_lvl+0xca/0x120
[ 110.637980] __lookup_object+0x94/0xb0
[ 110.637998] delete_object_full+0x27/0x70
[ 110.638015] free_percpu+0x30/0x1160
[ 110.638032] ? arch_uprobe_clear_state+0x16/0x140
[ 110.638052] futex_hash_free+0x38/0xc0
[ 110.638068] mmput+0x2d3/0x390
[ 110.638087] do_exit+0x79d/0x2970
[ 110.638101] ? signal_wake_up_state+0x85/0x120
[ 110.638118] ? zap_other_threads+0x2b9/0x3a0
[ 110.638134] ? __pfx_do_exit+0x10/0x10
[ 110.638147] ? do_group_exit+0x1c3/0x2a0
[ 110.638161] ? lock_release+0xc8/0x290
[ 110.638178] do_group_exit+0xd3/0x2a0
[ 110.638193] __x64_sys_exit_group+0x3e/0x50
[ 110.638207] x64_sys_call+0x18c5/0x18d0
[ 110.638223] do_syscall_64+0xbf/0x360
[ 110.638236] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.638247] RIP: 0033:0x7fae49270b19
[ 110.638256] Code: Unable to access opcode bytes at 0x7fae49270aef.
[ 110.638261] RSP: 002b:00007ffd0473d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 110.638273] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fae49270b19
[ 110.638281] RDX: 00007fae4922372b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 110.638288] RBP: 0000000000000000 R08: 0000001b2cd23de4 R09: 0000000000000000
[ 110.638295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 110.638302] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd0473d120
[ 110.638317]
[ 110.638321] kmemleak: Object (percpu) 0x607f1a63dbb8 (size 8):
[ 110.638328] kmemleak: comm "syz-executor.7", pid 3959, jiffies 4294777433
[ 110.638335] kmemleak: min_count = 1
[ 110.638339] kmemleak: count = 0
[ 110.638342] kmemleak: flags = 0x21
[ 110.638346] kmemleak: checksum = 0
[ 110.638350] kmemleak: backtrace:
[ 110.638353] pcpu_alloc_noprof+0x87a/0x1170
[ 110.638369] perf_trace_event_init+0x366/0xa10
[ 110.638383] perf_trace_init+0x1a4/0x2f0
[ 110.638395] perf_tp_event_init+0xa6/0x120
[ 110.638412] perf_try_init_event+0x140/0x9f0
[ 110.638425] perf_event_alloc.part.0+0x118e/0x45f0
[ 110.638447] __do_sys_perf_event_open+0x719/0x2c20
[ 110.638460] do_syscall_64+0xbf/0x360
[ 110.638469] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:16:48 executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}}, 0x14)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, r2}, 0x14)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@loopback}}, {{@in=@dev}, 0x0, @in=@loopback}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
09:16:48 executing program 6:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
09:16:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2400c0c0, &(0x7f00000001c0)={0x2, 0x0, @dev}, 0x10)
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
09:16:48 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
09:16:48 executing program 0:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}}, 0x14)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, r2}, 0x14)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@loopback}}, {{@in=@dev}, 0x0, @in=@loopback}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
09:16:48 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8}, 0x0)
09:16:48 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000100)="c4952cdf69b108dff5ad46ca", 0xffbe)
recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/113, 0x71, 0x20, 0x0, 0x0)
09:16:48 executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}}, 0x14)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, r2}, 0x14)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@loopback}}, {{@in=@dev}, 0x0, @in=@loopback}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
09:16:48 executing program 6:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
getsockname$inet(r0, 0x0, &(0x7f0000001100))
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
09:16:48 executing program 3:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000001b00))
[ 110.864064] kmemleak: Found object by alias at 0x607f1a63dbbc
[ 110.864084] CPU: 0 UID: 0 PID: 3980 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.864103] Tainted: [W]=WARN
[ 110.864106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.864114] Call Trace:
[ 110.864118]
[ 110.864123] dump_stack_lvl+0xca/0x120
[ 110.864148] __lookup_object+0x94/0xb0
[ 110.864166] delete_object_full+0x27/0x70
[ 110.864187] free_percpu+0x30/0x1160
[ 110.864204] ? arch_uprobe_clear_state+0x16/0x140
[ 110.864224] futex_hash_free+0x38/0xc0
[ 110.864239] mmput+0x2d3/0x390
[ 110.864258] do_exit+0x79d/0x2970
[ 110.864272] ? signal_wake_up_state+0x85/0x120
[ 110.864288] ? zap_other_threads+0x2b9/0x3a0
[ 110.864304] ? __pfx_do_exit+0x10/0x10
[ 110.864317] ? do_group_exit+0x1c3/0x2a0
[ 110.864331] ? lock_release+0xc8/0x290
[ 110.864348] do_group_exit+0xd3/0x2a0
[ 110.864363] __x64_sys_exit_group+0x3e/0x50
[ 110.864377] x64_sys_call+0x18c5/0x18d0
[ 110.864393] do_syscall_64+0xbf/0x360
[ 110.864406] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.864418] RIP: 0033:0x7fae49270b19
[ 110.864426] Code: Unable to access opcode bytes at 0x7fae49270aef.
[ 110.864431] RSP: 002b:00007ffd0473d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 110.864443] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fae49270b19
[ 110.864451] RDX: 00007fae4922372b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 110.864458] RBP: 0000000000000000 R08: 0000001b2cd239e4 R09: 0000000000000000
[ 110.864465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 110.864472] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd0473d120
[ 110.864487]
[ 110.864491] kmemleak: Object (percpu) 0x607f1a63dbb8 (size 8):
[ 110.864497] kmemleak: comm "syz-executor.1", pid 3988, jiffies 4294777639
[ 110.864504] kmemleak: min_count = 1
[ 110.864508] kmemleak: count = 0
[ 110.864512] kmemleak: flags = 0x21
[ 110.864516] kmemleak: checksum = 0
[ 110.864519] kmemleak: backtrace:
[ 110.864523] pcpu_alloc_noprof+0x87a/0x1170
[ 110.864539] perf_trace_event_init+0x366/0xa10
[ 110.864553] perf_trace_init+0x1a4/0x2f0
[ 110.864565] perf_tp_event_init+0xa6/0x120
[ 110.864582] perf_try_init_event+0x140/0x9f0
[ 110.864597] perf_event_alloc.part.0+0x118e/0x45f0
[ 110.864616] __do_sys_perf_event_open+0x719/0x2c20
[ 110.864631] do_syscall_64+0xbf/0x360
[ 110.864640] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:16:48 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
09:16:48 executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}}, 0x14)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, r2}, 0x14)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@loopback}}, {{@in=@dev}, 0x0, @in=@loopback}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
09:16:48 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000100)="c4952cdf69b108dff5ad46ca", 0xffbe)
recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/113, 0x71, 0x20, 0x0, 0x0)
09:16:48 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
09:16:48 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f0000000dc0), 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xf1562)
09:16:48 executing program 6:
r0 = memfd_create(&(0x7f0000000340)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{y\xe0t\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x6)
lseek(r0, 0x0, 0x2)
09:16:48 executing program 3:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000001b00))
09:16:48 executing program 0:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}}, 0x14)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast2}, r2}, 0x14)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@loopback}}, {{@in=@dev}, 0x0, @in=@loopback}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
[ 111.022772] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 111.023709] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 111.024387] CPU: 0 UID: 0 PID: 4006 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 111.025335] Tainted: [W]=WARN
[ 111.025821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 111.029649] RIP: 0010:perf_tp_event+0x175/0xe70
[ 111.030038] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 111.031470] RSP: 0018:ffff888044cf7800 EFLAGS: 00010212
[ 111.031891] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002242000
[ 111.032459] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 111.033030] RBP: ffff888044cf7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16620
[ 111.033591] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 111.034151] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 111.034714] FS: 00007fb39f774700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 111.035356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.035817] CR2: 00007fc8f03bc5e8 CR3: 000000000e3cd000 CR4: 0000000000350ef0
[ 111.036379] Call Trace:
[ 111.036589]
[ 111.036772] ? kernel_text_address+0x5b/0xc0
[ 111.037137] ? __pfx_perf_tp_event+0x10/0x10
[ 111.037504] ? perf_trace_lock+0xb5/0x5d0
[ 111.037837] ? __mutex_add_waiter+0x202/0x220
[ 111.038201] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.038572] ? lock_acquire+0x15e/0x2f0
[ 111.038906] ? __is_insn_slot_addr+0x2e/0x290
[ 111.039274] ? find_held_lock+0x2b/0x80
[ 111.039602] ? __is_insn_slot_addr+0x136/0x290
[ 111.039974] ? lock_release+0xc8/0x290
[ 111.040292] ? __is_insn_slot_addr+0x140/0x290
[ 111.040669] ? perf_trace_run_bpf_submit+0xef/0x180
[ 111.041075] perf_trace_run_bpf_submit+0xef/0x180
[ 111.041470] perf_trace_lock+0x337/0x5d0
[ 111.041804] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.042175] ? lock_acquire+0x15e/0x2f0
[ 111.042497] ? futex_ref_get+0x48/0x300
[ 111.042823] ? futex_ref_get+0x114/0x300
[ 111.043147] ? futex_hash+0x15c/0x390
[ 111.043459] lock_release+0x1ab/0x290
[ 111.043773] ? futex_hash+0x15c/0x390
[ 111.044078] futex_ref_get+0x119/0x300
[ 111.044395] ? futex_hash+0x15c/0x390
[ 111.044702] futex_hash+0x70/0x390
[ 111.044996] futex_wake+0x143/0x540
[ 111.045294] ? trace_kmem_cache_alloc+0x1f/0xb0
[ 111.045675] ? kmem_cache_alloc_noprof+0x264/0x690
[ 111.046065] ? __pfx_futex_wake+0x10/0x10
[ 111.046405] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.046774] do_futex+0x26d/0x370
[ 111.047066] ? __pfx_do_futex+0x10/0x10
[ 111.047389] ? lock_release+0xc8/0x290
[ 111.047705] __x64_sys_futex+0x1c9/0x4d0
[ 111.048040] ? __sys_socket+0x9f/0x260
[ 111.048360] ? __pfx___x64_sys_futex+0x10/0x10
[ 111.048730] ? xfd_validate_state+0x55/0x180
[ 111.049100] do_syscall_64+0xbf/0x360
[ 111.049408] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.049823] RIP: 0033:0x7fb3a21feb19
[ 111.050119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 111.051559] RSP: 002b:00007fb39f774218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 111.052158] RAX: ffffffffffffffda RBX: 00007fb3a2311f68 RCX: 00007fb3a21feb19
[ 111.052720] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb3a2311f6c
[ 111.053283] RBP: 00007fb3a2311f60 R08: 000000000000000e R09: 0000000000000000
[ 111.053847] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fb3a2311f6c
[ 111.054405] R13: 00007ffe7a46cddf R14: 00007fb39f774300 R15: 0000000000022000
[ 111.054985]
[ 111.055175] Modules linked in:
[ 111.055438] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 111.056357] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 111.056960] CPU: 1 UID: 0 PID: 4010 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 111.057904] Tainted: [D]=DIE, [W]=WARN
[ 111.058207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 111.058864] RIP: 0010:perf_tp_event+0x175/0xe70
[ 111.059256] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 111.060676] RSP: 0018:ffff888044e4f800 EFLAGS: 00010212
[ 111.061099] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002443000
[ 111.061660] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 111.062222] RBP: ffff888044e4fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16620
[ 111.062781] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 111.063349] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 111.063926] FS: 00007f2c2debe700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 111.064595] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.065095] CR2: 00007ffb2a34101c CR3: 0000000042db7000 CR4: 0000000000350ef0
[ 111.065693] Call Trace:
[ 111.065909]
[ 111.066106] ? __pfx_perf_tp_event+0x10/0x10
[ 111.066477] ? kvm_sched_clock_read+0x16/0x30
[ 111.066876] ? local_clock_noinstr+0xf/0xc0
[ 111.067239] ? perf_trace_lock+0xb5/0x5d0
[ 111.067579] ? perf_trace_lock+0xb5/0x5d0
[ 111.067914] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.068287] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.068657] ? perf_ctx_unlock+0x73/0x160
[ 111.068993] ? __perf_install_in_context+0x503/0xb90
[ 111.069402] ? lock_release+0x1c7/0x290
[ 111.069734] ? do_raw_spin_unlock+0x53/0x220
[ 111.070098] ? perf_trace_run_bpf_submit+0xef/0x180
[ 111.070501] perf_trace_run_bpf_submit+0xef/0x180
[ 111.070900] perf_trace_lock+0x337/0x5d0
[ 111.071233] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.071602] ? perf_trace_lock+0xb5/0x5d0
[ 111.071939] ? __pfx_smp_call_function_single+0x10/0x10
[ 111.072372] ? get_futex_key+0x592/0x14a0
[ 111.072711] ? futex_ref_get+0x114/0x300
[ 111.073037] ? futex_hash+0x15c/0x390
[ 111.073347] lock_release+0x1ab/0x290
[ 111.073658] ? futex_hash+0x15c/0x390
[ 111.073964] futex_ref_get+0x119/0x300
[ 111.074283] ? futex_hash+0x15c/0x390
[ 111.074591] futex_hash+0x70/0x390
[ 111.074889] futex_wake+0x143/0x540
[ 111.075186] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.075550] ? __pfx___mutex_lock+0x10/0x10
[ 111.075900] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 111.076328] ? __pfx_futex_wake+0x10/0x10
[ 111.076666] ? lock_release+0x1c7/0x290
[ 111.076987] ? fd_install+0x1f0/0x660
[ 111.077299] do_futex+0x26d/0x370
[ 111.077586] ? __pfx_do_futex+0x10/0x10
[ 111.077906] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 111.078328] ? find_held_lock+0x2b/0x80
[ 111.078656] __x64_sys_futex+0x1c9/0x4d0
[ 111.078992] ? __pfx___x64_sys_futex+0x10/0x10
[ 111.079364] ? xfd_validate_state+0x55/0x180
[ 111.079731] do_syscall_64+0xbf/0x360
[ 111.080043] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.080458] RIP: 0033:0x7f2c30948b19
[ 111.080758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 111.082189] RSP: 002b:00007f2c2debe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 111.082788] RAX: ffffffffffffffda RBX: 00007f2c30a5bf68 RCX: 00007f2c30948b19
[ 111.083356] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2c30a5bf6c
[ 111.083917] RBP: 00007f2c30a5bf60 R08: 000000000000000e R09: 0000000000000000
[ 111.084474] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f2c30a5bf6c
[ 111.085037] R13: 00007ffe64bd501f R14: 00007f2c2debe300 R15: 0000000000022000
[ 111.085603]
[ 111.085791] Modules linked in:
[ 111.086051] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 111.086925] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 111.087603] CPU: 0 UID: 0 PID: 4006 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 111.088531] Tainted: [D]=DIE, [W]=WARN
[ 111.088832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 111.089473] RIP: 0010:perf_tp_event+0x175/0xe70
[ 111.089846] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 111.091270] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 111.091686] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 111.092242] RDX: ffff888015abb700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 111.092797] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16620
[ 111.093350] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 111.093905] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[ 111.094461] FS: 00007fb39f774700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 111.095093] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.095552] CR2: 00007fc8f03bc5e8 CR3: 000000000e3cd000 CR4: 0000000000350ef0
[ 111.096109] Call Trace:
[ 111.096316]
[ 111.096496] ? __pfx_perf_tp_event+0x10/0x10
[ 111.096851] ? perf_trace_lock+0xb5/0x5d0
[ 111.097183] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.097550] ? trace_softirq_raise+0xbe/0x100
[ 111.097916] ? lock_acquire+0x15e/0x2f0
[ 111.098238] ? select_task_rq_fair+0x2b6/0x38b0
[ 111.098608] ? find_held_lock+0x2b/0x80
[ 111.098933] ? select_task_rq_fair+0x48c/0x38b0
[ 111.099303] ? perf_trace_lock+0xb5/0x5d0
[ 111.099634] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.099994] ? __smp_call_single_queue+0x15b/0x2f0
[ 111.100390] ? __pfx___smp_call_single_queue+0x10/0x10
[ 111.100813] ? perf_trace_run_bpf_submit+0xef/0x180
[ 111.101211] perf_trace_run_bpf_submit+0xef/0x180
[ 111.101603] perf_trace_lock+0x337/0x5d0
[ 111.101930] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.102300] ? mark_held_locks+0x49/0x80
[ 111.102626] ? hrtimer_interrupt+0x114/0x830
[ 111.102985] lock_release+0x1ab/0x290
[ 111.103292] ktime_get_update_offsets_now+0xab/0x3c0
[ 111.103697] ? hrtimer_interrupt+0x114/0x830
[ 111.104047] ? __pfx_rcu_core+0x10/0x10
[ 111.104372] hrtimer_interrupt+0x114/0x830
[ 111.104708] ? __local_bh_enable+0x7b/0x90
[ 111.105051] ? handle_softirqs+0x50c/0x770
[ 111.105396] __sysvec_apic_timer_interrupt+0xbb/0x330
[ 111.105805] sysvec_apic_timer_interrupt+0x6b/0x80
[ 111.106202]
[ 111.106384]
[ 111.106567] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 111.106984] RIP: 0010:oops_exit+0x0/0x50
[ 111.107314] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57
[ 111.108735] RSP: 0018:ffff888044cf7690 EFLAGS: 00000202
[ 111.109163] RAX: 000000000002a6a3 RBX: 0000000000000212 RCX: ffffc90002242000
[ 111.109714] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 111.110273] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690
[ 111.110832] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888044cf7758
[ 111.111389] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 111.111946] ? oops_end+0x4a/0xe0
[ 111.112231] oops_end+0x65/0xe0
[ 111.112504] exc_general_protection+0x1a2/0x330
[ 111.112880] asm_exc_general_protection+0x26/0x30
[ 111.113259] RIP: 0010:perf_tp_event+0x175/0xe70
[ 111.113628] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 111.115047] RSP: 0018:ffff888044cf7800 EFLAGS: 00010212
[ 111.115469] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002242000
[ 111.116020] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 111.116578] RBP: ffff888044cf7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16620
[ 111.117135] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 111.117697] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 111.118260] ? perf_tp_event+0x167/0xe70
[ 111.118589] ? kernel_text_address+0x5b/0xc0
[ 111.118953] ? __pfx_perf_tp_event+0x10/0x10
[ 111.119309] ? perf_trace_lock+0xb5/0x5d0
[ 111.119637] ? __mutex_add_waiter+0x202/0x220
[ 111.119995] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.120359] ? lock_acquire+0x15e/0x2f0
[ 111.120676] ? __is_insn_slot_addr+0x2e/0x290
[ 111.121039] ? find_held_lock+0x2b/0x80
[ 111.121357] ? __is_insn_slot_addr+0x136/0x290
[ 111.121724] ? lock_release+0xc8/0x290
[ 111.122037] ? __is_insn_slot_addr+0x140/0x290
[ 111.122412] ? perf_trace_run_bpf_submit+0xef/0x180
[ 111.122816] perf_trace_run_bpf_submit+0xef/0x180
[ 111.123205] perf_trace_lock+0x337/0x5d0
[ 111.123532] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.123900] ? lock_acquire+0x15e/0x2f0
[ 111.124213] ? futex_ref_get+0x48/0x300
[ 111.124530] ? futex_ref_get+0x114/0x300
[ 111.124848] ? futex_hash+0x15c/0x390
[ 111.125152] lock_release+0x1ab/0x290
[ 111.125456] ? futex_hash+0x15c/0x390
[ 111.125758] futex_ref_get+0x119/0x300
[ 111.126071] ? futex_hash+0x15c/0x390
[ 111.126373] futex_hash+0x70/0x390
[ 111.126661] futex_wake+0x143/0x540
[ 111.126964] ? trace_kmem_cache_alloc+0x1f/0xb0
[ 111.127338] ? kmem_cache_alloc_noprof+0x264/0x690
[ 111.127732] ? __pfx_futex_wake+0x10/0x10
[ 111.128069] ? __pfx_perf_trace_lock+0x10/0x10
[ 111.128449] do_futex+0x26d/0x370
[ 111.128730] ? __pfx_do_futex+0x10/0x10
[ 111.129047] ? lock_release+0xc8/0x290
[ 111.129359] __x64_sys_futex+0x1c9/0x4d0
[ 111.129686] ? __sys_socket+0x9f/0x260
[ 111.129999] ? __pfx___x64_sys_futex+0x10/0x10
[ 111.130361] ? xfd_validate_state+0x55/0x180
[ 111.130724] do_syscall_64+0xbf/0x360
[ 111.131036] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.131450] RIP: 0033:0x7fb3a21feb19
[ 111.131744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 111.133154] RSP: 002b:00007fb39f774218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 111.133746] RAX: ffffffffffffffda RBX: 00007fb3a2311f68 RCX: 00007fb3a21feb19
[ 111.134299] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb3a2311f6c
[ 111.134856] RBP: 00007fb3a2311f60 R08: 000000000000000e R09: 0000000000000000
[ 111.135411] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fb3a2311f6c
[ 111.135966] R13: 00007ffe7a46cddf R14: 00007fb39f774300 R15: 0000000000022000
[ 111.136534]
[ 111.136724] Modules linked in:
[ 111.136986] ---[ end trace 0000000000000000 ]---
[ 111.136987] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[ 111.137365] RIP: 0010:perf_tp_event+0x175/0xe70
[ 111.138234] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 111.138593] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 111.139187] CPU: 1 UID: 0 PID: 4010 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 111.140610] RSP: 0018:ffff888044cf7800 EFLAGS: 00010212
[ 111.141536] Tainted: [D]=DIE, [W]=WARN
[ 111.141949] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002242000
[ 111.142253] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 111.142814] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 111.143460] RIP: 0010:perf_tp_event+0x175/0xe70
[ 111.144012] RBP: ffff888044cf7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16620
[ 111.144375] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 111.144926] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 111.146343] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[ 111.146904] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 111.146915] FS: 00007fb39f774700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 111.147328] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 111.147886] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.148513] RDX: ffff888044e21b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 111.149076] CR2: 00007fc8f03bc5e8 CR3: 000000000e3cd000 CR4: 0000000000350ef0
[ 111.149528] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16620
[ 111.150087] Kernel panic - not syncing: Fatal exception in interrupt
[ 112.193984] Shutting down cpus with NMI
[ 112.195587] Kernel Offset: disabled
[ 112.195881] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:16:49 Registers:
info registers vcpu 0
RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888044cf7198
R8 =0000000000000000 R9 =ffffed10016ce046 R10=0000000000000061 R11=6572617764726148
R12=0000000000000061 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fb39f774700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe4900000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc8f03bc5e8 CR3=000000000e3cd000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fb3a22e57c000007fb3a22e57c8
XMM02=00007fb3a22e57e000007fb3a22e57c0 XMM03=00007fb3a22e57c800007fb3a22e57c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609
RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff888044e4f5b0
R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620
R12=1ffff110089c9eb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff888044e4f5e8
RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f2c2debe700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe0100000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffb2a34101c CR3=0000000042db7000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f2c30a2f7c000007f2c30a2f7c8
XMM02=00007f2c30a2f7e000007f2c30a2f7c0 XMM03=00007f2c30a2f7c800007f2c30a2f7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000