Warning: Permanently added '[localhost]:44452' (ECDSA) to the list of known hosts. 2025/08/29 09:44:02 fuzzer started 2025/08/29 09:44:02 dialing manager at localhost:43077 syzkaller login: [ 53.198844] cgroup: Unknown subsys name 'net' [ 53.406329] cgroup: Unknown subsys name 'cpuset' [ 53.415785] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:44:13 syscalls: 2214 2025/08/29 09:44:13 code coverage: enabled 2025/08/29 09:44:13 comparison tracing: enabled 2025/08/29 09:44:13 extra coverage: enabled 2025/08/29 09:44:13 setuid sandbox: enabled 2025/08/29 09:44:13 namespace sandbox: enabled 2025/08/29 09:44:13 Android sandbox: enabled 2025/08/29 09:44:13 fault injection: enabled 2025/08/29 09:44:13 leak checking: enabled 2025/08/29 09:44:13 net packet injection: enabled 2025/08/29 09:44:13 net device setup: enabled 2025/08/29 09:44:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:44:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:44:13 USB emulation: enabled 2025/08/29 09:44:13 hci packet injection: enabled 2025/08/29 09:44:13 wifi device emulation: enabled 2025/08/29 09:44:13 802.15.4 emulation: enabled 2025/08/29 09:44:13 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:44:13 fetching corpus: 49, signal 23085/26531 (executing program) 2025/08/29 09:44:13 fetching corpus: 99, signal 39030/43539 (executing program) 2025/08/29 09:44:14 fetching corpus: 149, signal 45524/51193 (executing program) 2025/08/29 09:44:14 fetching corpus: 199, signal 49963/56740 (executing program) 2025/08/29 09:44:14 fetching corpus: 249, signal 55431/63155 (executing program) 2025/08/29 09:44:14 fetching corpus: 299, signal 59747/68336 (executing program) 2025/08/29 09:44:14 fetching corpus: 349, signal 65952/75094 (executing program) 2025/08/29 09:44:14 fetching corpus: 399, signal 70443/80258 (executing program) 2025/08/29 09:44:14 fetching corpus: 449, signal 73040/83587 (executing program) 2025/08/29 09:44:14 fetching corpus: 499, signal 76072/87222 (executing program) 2025/08/29 09:44:14 fetching corpus: 549, signal 78132/89964 (executing program) 2025/08/29 09:44:14 fetching corpus: 599, signal 80793/93194 (executing program) 2025/08/29 09:44:15 fetching corpus: 649, signal 82772/95739 (executing program) 2025/08/29 09:44:15 fetching corpus: 699, signal 85749/99054 (executing program) 2025/08/29 09:44:15 fetching corpus: 749, signal 88533/102192 (executing program) 2025/08/29 09:44:15 fetching corpus: 799, signal 90039/104206 (executing program) 2025/08/29 09:44:15 fetching corpus: 849, signal 92586/107044 (executing program) 2025/08/29 09:44:15 fetching corpus: 899, signal 94898/109608 (executing program) 2025/08/29 09:44:15 fetching corpus: 949, signal 97385/112249 (executing program) 2025/08/29 09:44:15 fetching corpus: 999, signal 98632/113900 (executing program) 2025/08/29 09:44:15 fetching corpus: 1049, signal 101073/116449 (executing program) 2025/08/29 09:44:15 fetching corpus: 1099, signal 102578/118202 (executing program) 2025/08/29 09:44:16 fetching corpus: 1149, signal 104202/120063 (executing program) 2025/08/29 09:44:16 fetching corpus: 1199, signal 105761/121807 (executing program) 2025/08/29 09:44:16 fetching corpus: 1249, signal 106882/123185 (executing program) 2025/08/29 09:44:16 fetching corpus: 1299, signal 107770/124389 (executing program) 2025/08/29 09:44:16 fetching corpus: 1349, signal 109135/125874 (executing program) 2025/08/29 09:44:16 fetching corpus: 1399, signal 110063/127094 (executing program) 2025/08/29 09:44:16 fetching corpus: 1449, signal 110976/128254 (executing program) 2025/08/29 09:44:16 fetching corpus: 1499, signal 112366/129691 (executing program) 2025/08/29 09:44:16 fetching corpus: 1549, signal 113823/131100 (executing program) 2025/08/29 09:44:16 fetching corpus: 1599, signal 114927/132269 (executing program) 2025/08/29 09:44:17 fetching corpus: 1649, signal 115952/133394 (executing program) 2025/08/29 09:44:17 fetching corpus: 1699, signal 117274/134749 (executing program) 2025/08/29 09:44:17 fetching corpus: 1749, signal 118534/135960 (executing program) 2025/08/29 09:44:17 fetching corpus: 1799, signal 119597/137083 (executing program) 2025/08/29 09:44:17 fetching corpus: 1849, signal 120402/137973 (executing program) 2025/08/29 09:44:17 fetching corpus: 1899, signal 122055/139193 (executing program) 2025/08/29 09:44:17 fetching corpus: 1949, signal 122806/139980 (executing program) 2025/08/29 09:44:17 fetching corpus: 1999, signal 123410/140699 (executing program) 2025/08/29 09:44:17 fetching corpus: 2049, signal 124611/141901 (executing program) 2025/08/29 09:44:17 fetching corpus: 2099, signal 125510/142715 (executing program) 2025/08/29 09:44:18 fetching corpus: 2149, signal 126208/143449 (executing program) 2025/08/29 09:44:18 fetching corpus: 2199, signal 126824/144105 (executing program) 2025/08/29 09:44:18 fetching corpus: 2249, signal 127677/144848 (executing program) 2025/08/29 09:44:18 fetching corpus: 2299, signal 128554/145609 (executing program) 2025/08/29 09:44:18 fetching corpus: 2349, signal 129489/146363 (executing program) 2025/08/29 09:44:18 fetching corpus: 2399, signal 130339/147022 (executing program) 2025/08/29 09:44:18 fetching corpus: 2449, signal 131221/147676 (executing program) 2025/08/29 09:44:18 fetching corpus: 2499, signal 131816/148316 (executing program) 2025/08/29 09:44:18 fetching corpus: 2549, signal 132679/148918 (executing program) 2025/08/29 09:44:18 fetching corpus: 2599, signal 133343/149449 (executing program) 2025/08/29 09:44:19 fetching corpus: 2649, signal 134003/150039 (executing program) 2025/08/29 09:44:19 fetching corpus: 2699, signal 134643/150518 (executing program) 2025/08/29 09:44:19 fetching corpus: 2749, signal 135671/151117 (executing program) 2025/08/29 09:44:19 fetching corpus: 2799, signal 136802/151752 (executing program) 2025/08/29 09:44:19 fetching corpus: 2849, signal 137258/152143 (executing program) 2025/08/29 09:44:19 fetching corpus: 2899, signal 138071/152603 (executing program) 2025/08/29 09:44:19 fetching corpus: 2949, signal 138683/153016 (executing program) 2025/08/29 09:44:19 fetching corpus: 2999, signal 139444/153454 (executing program) 2025/08/29 09:44:19 fetching corpus: 3049, signal 140077/153805 (executing program) 2025/08/29 09:44:19 fetching corpus: 3099, signal 140479/154106 (executing program) 2025/08/29 09:44:20 fetching corpus: 3149, signal 141034/154439 (executing program) 2025/08/29 09:44:20 fetching corpus: 3199, signal 141433/154748 (executing program) 2025/08/29 09:44:20 fetching corpus: 3249, signal 142201/155081 (executing program) 2025/08/29 09:44:20 fetching corpus: 3299, signal 142629/155313 (executing program) 2025/08/29 09:44:20 fetching corpus: 3349, signal 143283/155602 (executing program) 2025/08/29 09:44:20 fetching corpus: 3399, signal 144418/155871 (executing program) 2025/08/29 09:44:20 fetching corpus: 3449, signal 144920/156083 (executing program) 2025/08/29 09:44:20 fetching corpus: 3499, signal 145702/156314 (executing program) 2025/08/29 09:44:20 fetching corpus: 3549, signal 146562/156502 (executing program) 2025/08/29 09:44:20 fetching corpus: 3599, signal 147196/156699 (executing program) 2025/08/29 09:44:21 fetching corpus: 3649, signal 147537/156875 (executing program) 2025/08/29 09:44:21 fetching corpus: 3699, signal 147937/157037 (executing program) 2025/08/29 09:44:21 fetching corpus: 3749, signal 148469/157166 (executing program) 2025/08/29 09:44:21 fetching corpus: 3799, signal 149029/157174 (executing program) 2025/08/29 09:44:21 fetching corpus: 3849, signal 149480/157182 (executing program) 2025/08/29 09:44:21 fetching corpus: 3899, signal 150089/157201 (executing program) 2025/08/29 09:44:21 fetching corpus: 3949, signal 150689/157210 (executing program) 2025/08/29 09:44:21 fetching corpus: 3999, signal 151074/157216 (executing program) 2025/08/29 09:44:21 fetching corpus: 4049, signal 151529/157262 (executing program) 2025/08/29 09:44:22 fetching corpus: 4099, signal 152174/157335 (executing program) 2025/08/29 09:44:22 fetching corpus: 4149, signal 152781/157353 (executing program) 2025/08/29 09:44:22 fetching corpus: 4199, signal 153672/157390 (executing program) 2025/08/29 09:44:22 fetching corpus: 4249, signal 154375/157411 (executing program) 2025/08/29 09:44:22 fetching corpus: 4299, signal 155007/157416 (executing program) 2025/08/29 09:44:22 fetching corpus: 4337, signal 155209/157435 (executing program) 2025/08/29 09:44:22 fetching corpus: 4337, signal 155209/157435 (executing program) 2025/08/29 09:44:24 starting 8 fuzzer processes 09:44:24 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:44:24 executing program 4: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:44:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r3 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, r2) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r3) 09:44:24 executing program 7: syz_emit_ethernet(0x7a, &(0x7f0000001880)={@local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "01a69d", 0x44, 0x11, 0x0, @private2, @empty}}}}, 0x0) 09:44:24 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x28}}, 0x0) 09:44:24 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 09:44:24 executing program 6: syz_emit_ethernet(0xbe, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x88, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x10, 0x7, 0x8, 0x0, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev, @loopback, @mcast1, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, @local]}]}}}}}, 0x0) 09:44:24 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000000)=0xd) [ 73.592046] audit: type=1400 audit(1756460664.452:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 74.760403] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.764998] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.768612] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.774471] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.780165] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.825090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.828250] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.840580] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.843507] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.851386] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.853347] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.854732] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.856367] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.858936] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.862042] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.864562] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.867069] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.876848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.878268] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.879590] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.884788] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.886694] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.888153] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.897004] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.909492] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.910145] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.912406] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.913418] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.919439] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.920911] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.924462] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.927947] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.929075] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.943655] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.945041] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.959719] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.963555] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.964643] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.976909] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.979992] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.849791] Bluetooth: hci0: command tx timeout [ 76.913305] Bluetooth: hci1: command tx timeout [ 76.914078] Bluetooth: hci2: command tx timeout [ 76.977233] Bluetooth: hci5: command tx timeout [ 76.978003] Bluetooth: hci3: command tx timeout [ 76.978659] Bluetooth: hci4: command tx timeout [ 77.041459] Bluetooth: hci6: command tx timeout [ 77.042730] Bluetooth: hci7: command tx timeout [ 78.897378] Bluetooth: hci0: command tx timeout [ 78.961487] Bluetooth: hci2: command tx timeout [ 78.961957] Bluetooth: hci1: command tx timeout [ 79.025302] Bluetooth: hci5: command tx timeout [ 79.025787] Bluetooth: hci3: command tx timeout [ 79.026598] Bluetooth: hci4: command tx timeout [ 79.091169] Bluetooth: hci7: command tx timeout [ 79.091626] Bluetooth: hci6: command tx timeout [ 80.945187] Bluetooth: hci0: command tx timeout [ 81.009202] Bluetooth: hci1: command tx timeout [ 81.009691] Bluetooth: hci2: command tx timeout [ 81.073286] Bluetooth: hci3: command tx timeout [ 81.073767] Bluetooth: hci4: command tx timeout [ 81.074725] Bluetooth: hci5: command tx timeout [ 81.137790] Bluetooth: hci6: command tx timeout [ 81.137810] Bluetooth: hci7: command tx timeout [ 82.993170] Bluetooth: hci0: command tx timeout [ 83.057216] Bluetooth: hci2: command tx timeout [ 83.057329] Bluetooth: hci1: command tx timeout [ 83.122172] Bluetooth: hci5: command tx timeout [ 83.122210] Bluetooth: hci3: command tx timeout [ 83.122566] Bluetooth: hci4: command tx timeout [ 83.185284] Bluetooth: hci7: command tx timeout [ 83.185684] Bluetooth: hci6: command tx timeout [ 112.431356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.432474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.739578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.740588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.232266] audit: type=1400 audit(1756460704.092:8): avc: denied { open } for pid=3658 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 113.238961] audit: type=1400 audit(1756460704.092:9): avc: denied { kernel } for pid=3658 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 113.240166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.241891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:45:04 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000000)=0xd) [ 113.413348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.413956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:45:04 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000000)=0xd) 09:45:04 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000000)=0xd) 09:45:04 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) 09:45:04 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x28}}, 0x0) 09:45:04 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) 09:45:04 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x28}}, 0x0) 09:45:04 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) [ 114.193226] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.193806] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.337597] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.338212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.998660] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.999291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.168046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.168844] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.471158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.471747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.562845] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.563499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.681663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.682356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.773110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.773792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.085667] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.086334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.123591] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.124605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.365775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.366450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.408700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.409532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:45:07 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x28}}, 0x0) 09:45:07 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:45:07 executing program 6: syz_emit_ethernet(0xbe, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x88, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x10, 0x7, 0x8, 0x0, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev, @loopback, @mcast1, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, @local]}]}}}}}, 0x0) 09:45:07 executing program 7: syz_emit_ethernet(0x7a, &(0x7f0000001880)={@local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "01a69d", 0x44, 0x11, 0x0, @private2, @empty}}}}, 0x0) 09:45:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r3 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, r2) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r3) 09:45:07 executing program 4: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 09:45:07 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) 09:45:07 executing program 6: syz_emit_ethernet(0xbe, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x88, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x10, 0x7, 0x8, 0x0, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev, @loopback, @mcast1, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, @local]}]}}}}}, 0x0) 09:45:07 executing program 3: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:45:07 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:45:07 executing program 7: syz_emit_ethernet(0x7a, &(0x7f0000001880)={@local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "01a69d", 0x44, 0x11, 0x0, @private2, @empty}}}}, 0x0) 09:45:07 executing program 6: syz_emit_ethernet(0xbe, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x88, 0x0, 0x0, @local, @local, {[@srh={0x0, 0x10, 0x7, 0x8, 0x0, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev, @loopback, @mcast1, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, @local]}]}}}}}, 0x0) 09:45:07 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 09:45:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r3 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, r2) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r3) 09:45:07 executing program 4: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 5: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) [ 116.706837] kmemleak: Found object by alias at 0x607f1a638f5c [ 116.706857] CPU: 0 UID: 0 PID: 3937 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.706875] Tainted: [W]=WARN [ 116.706879] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.706885] Call Trace: [ 116.706890] [ 116.706894] dump_stack_lvl+0xca/0x120 [ 116.706919] __lookup_object+0x94/0xb0 [ 116.706940] delete_object_full+0x27/0x70 [ 116.706955] free_percpu+0x30/0x1160 [ 116.706972] ? arch_uprobe_clear_state+0x16/0x140 [ 116.706991] futex_hash_free+0x38/0xc0 [ 116.707005] mmput+0x2d3/0x390 [ 116.707023] do_exit+0x79d/0x2970 [ 116.707040] ? __pfx_do_exit+0x10/0x10 [ 116.707054] ? find_held_lock+0x2b/0x80 [ 116.707071] ? get_signal+0x835/0x2340 [ 116.707091] do_group_exit+0xd3/0x2a0 [ 116.707105] get_signal+0x2315/0x2340 [ 116.707122] ? put_task_stack+0xd2/0x240 [ 116.707136] ? __pfx_get_signal+0x10/0x10 [ 116.707152] ? __schedule+0xe91/0x3590 [ 116.707171] arch_do_signal_or_restart+0x80/0x790 [ 116.707188] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.707204] ? __x64_sys_futex+0x1c9/0x4d0 [ 116.707216] ? __x64_sys_futex+0x1d2/0x4d0 [ 116.707229] ? fput+0x6a/0x100 [ 116.707243] ? __pfx___x64_sys_futex+0x10/0x10 [ 116.707256] ? ksys_write+0x1a3/0x240 [ 116.707272] exit_to_user_mode_loop+0x8b/0x110 [ 116.707284] do_syscall_64+0x2f7/0x360 [ 116.707296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.707307] RIP: 0033:0x7fec63de1b19 [ 116.707316] Code: Unable to access opcode bytes at 0x7fec63de1aef. [ 116.707321] RSP: 002b:00007fec61357218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.707333] RAX: 0000000000000001 RBX: 00007fec63ef4f68 RCX: 00007fec63de1b19 [ 116.707340] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fec63ef4f6c [ 116.707347] RBP: 00007fec63ef4f60 R08: 000000000000000e R09: 0000000000000000 [ 116.707354] R10: 000000000000007a R11: 0000000000000246 R12: 00007fec63ef4f6c [ 116.707360] R13: 00007ffe3f845aaf R14: 00007fec61357300 R15: 0000000000022000 [ 116.707376] [ 116.707379] kmemleak: Object (percpu) 0x607f1a638f58 (size 8): [ 116.707386] kmemleak: comm "syz-executor.4", pid 3945, jiffies 4294783532 [ 116.707393] kmemleak: min_count = 1 [ 116.707396] kmemleak: count = 0 [ 116.707400] kmemleak: flags = 0x21 [ 116.707403] kmemleak: checksum = 0 [ 116.707407] kmemleak: backtrace: [ 116.707410] pcpu_alloc_noprof+0x87a/0x1170 [ 116.707425] alloc_trace_uprobe+0xab/0x390 [ 116.707436] create_local_trace_uprobe+0x104/0x570 [ 116.707447] perf_uprobe_init+0x13a/0x220 [ 116.707464] perf_uprobe_event_init+0x103/0x190 [ 116.707481] perf_try_init_event+0x140/0x9f0 [ 116.707494] perf_event_alloc.part.0+0x118e/0x45f0 [ 116.707509] __do_sys_perf_event_open+0x719/0x2c20 [ 116.707521] do_syscall_64+0xbf/0x360 [ 116.707530] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:07 executing program 3: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:45:07 executing program 6: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:45:07 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 09:45:07 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r3 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, r2) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r3) 09:45:07 executing program 7: syz_emit_ethernet(0x7a, &(0x7f0000001880)={@local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "01a69d", 0x44, 0x11, 0x0, @private2, @empty}}}}, 0x0) [ 116.803332] kmemleak: Found object by alias at 0x607f1a639394 [ 116.803351] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.803369] Tainted: [W]=WARN [ 116.803373] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.803380] Call Trace: [ 116.803384] [ 116.803389] dump_stack_lvl+0xca/0x120 [ 116.803416] __lookup_object+0x94/0xb0 [ 116.803433] delete_object_full+0x27/0x70 [ 116.803449] free_percpu+0x30/0x1160 [ 116.803465] ? arch_uprobe_clear_state+0x16/0x140 [ 116.803484] futex_hash_free+0x38/0xc0 [ 116.803499] mmput+0x2d3/0x390 [ 116.803517] do_exit+0x79d/0x2970 [ 116.803534] ? __pfx_do_exit+0x10/0x10 [ 116.803548] ? find_held_lock+0x2b/0x80 [ 116.803565] ? get_signal+0x835/0x2340 [ 116.803585] do_group_exit+0xd3/0x2a0 [ 116.803599] get_signal+0x2315/0x2340 [ 116.803621] ? __pfx_get_signal+0x10/0x10 [ 116.803643] arch_do_signal_or_restart+0x80/0x790 [ 116.803660] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.803677] ? blkcg_maybe_throttle_current+0x2cc/0xe60 [ 116.803693] ? task_work_run+0x201/0x280 [ 116.803710] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 116.803726] ? __pfx___do_sys_close_range+0x10/0x10 [ 116.803743] exit_to_user_mode_loop+0x8b/0x110 [ 116.803755] do_syscall_64+0x2f7/0x360 [ 116.803767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.803780] RIP: 0033:0x7f437490db19 [ 116.803789] Code: Unable to access opcode bytes at 0x7f437490daef. [ 116.803794] RSP: 002b:00007f4371e83188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 116.803805] RAX: 0000000000000000 RBX: 00007f4374a20f60 RCX: 00007f437490db19 [ 116.803813] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 116.803820] RBP: 00007f4374967f6d R08: 0000000000000000 R09: 0000000000000000 [ 116.803827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.803834] R13: 00007ffe83bcaa6f R14: 00007f4371e83300 R15: 0000000000022000 [ 116.803850] [ 116.803853] kmemleak: Object (percpu) 0x607f1a639390 (size 8): [ 116.803860] kmemleak: comm "syz-executor.2", pid 3952, jiffies 4294783626 [ 116.803867] kmemleak: min_count = 1 [ 116.803871] kmemleak: count = 0 [ 116.803875] kmemleak: flags = 0x21 [ 116.803879] kmemleak: checksum = 0 [ 116.803883] kmemleak: backtrace: [ 116.803886] pcpu_alloc_noprof+0x87a/0x1170 [ 116.803901] fib6_nh_init+0x99a/0x1a00 [ 116.803911] ip6_route_info_create_nh+0x530/0xf80 [ 116.803921] addrconf_f6i_alloc+0x208/0x430 [ 116.803931] __ipv6_dev_ac_inc+0x2fc/0xd80 [ 116.803945] ipv6_sock_ac_join+0x8aa/0x1100 [ 116.803959] do_ipv6_setsockopt+0x3f54/0x47b0 [ 116.803974] ipv6_setsockopt+0xcb/0x170 [ 116.803988] udpv6_setsockopt+0x84/0xd0 [ 116.803998] do_sock_setsockopt+0xf7/0x1e0 [ 116.804009] __sys_setsockopt+0x11f/0x1a0 [ 116.804023] __x64_sys_setsockopt+0xbe/0x160 [ 116.804037] do_syscall_64+0xbf/0x360 [ 116.804046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.807514] kmemleak: Found object by alias at 0x607f1a6399dc [ 116.807535] CPU: 0 UID: 0 PID: 3949 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.807554] Tainted: [W]=WARN [ 116.807559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.807566] Call Trace: [ 116.807571] [ 116.807577] dump_stack_lvl+0xca/0x120 [ 116.807601] __lookup_object+0x94/0xb0 [ 116.807618] delete_object_full+0x27/0x70 [ 116.807633] free_percpu+0x30/0x1160 [ 116.807650] ? arch_uprobe_clear_state+0x16/0x140 [ 116.807670] futex_hash_free+0x38/0xc0 [ 116.807684] mmput+0x2d3/0x390 [ 116.807702] do_exit+0x79d/0x2970 [ 116.807716] ? signal_wake_up_state+0x85/0x120 [ 116.807731] ? zap_other_threads+0x2b9/0x3a0 [ 116.807747] ? __pfx_do_exit+0x10/0x10 [ 116.807759] ? do_group_exit+0x1c3/0x2a0 [ 116.807772] ? lock_release+0xc8/0x290 [ 116.807789] do_group_exit+0xd3/0x2a0 [ 116.807804] __x64_sys_exit_group+0x3e/0x50 [ 116.807817] x64_sys_call+0x18c5/0x18d0 [ 116.807833] do_syscall_64+0xbf/0x360 [ 116.807844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.807855] RIP: 0033:0x7f8a11b8db19 [ 116.807864] Code: Unable to access opcode bytes at 0x7f8a11b8daef. [ 116.807869] RSP: 002b:00007ffe01eeaa38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 116.807881] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8a11b8db19 [ 116.807888] RDX: 00007f8a11b4072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 116.807895] RBP: 0000000000000000 R08: 0000001b2d422338 R09: 0000000000000000 [ 116.807902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.807908] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe01eeab20 [ 116.807923] [ 116.807927] kmemleak: Object (percpu) 0x607f1a6399d8 (size 8): [ 116.807934] kmemleak: comm "syz-executor.6", pid 3953, jiffies 4294783627 [ 116.807940] kmemleak: min_count = 1 [ 116.807944] kmemleak: count = 0 [ 116.807948] kmemleak: flags = 0x21 [ 116.807951] kmemleak: checksum = 0 [ 116.807955] kmemleak: backtrace: [ 116.807958] pcpu_alloc_noprof+0x87a/0x1170 [ 116.807973] alloc_trace_uprobe+0xab/0x390 [ 116.807984] create_local_trace_uprobe+0x104/0x570 [ 116.807995] perf_uprobe_init+0x13a/0x220 [ 116.808008] perf_uprobe_event_init+0x103/0x190 [ 116.808023] perf_try_init_event+0x140/0x9f0 [ 116.808036] perf_event_alloc.part.0+0x118e/0x45f0 [ 116.808051] __do_sys_perf_event_open+0x719/0x2c20 [ 116.808063] do_syscall_64+0xbf/0x360 [ 116.808072] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:07 executing program 3: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)=ANY=[], 0xffd3) fcntl$setstatus(r0, 0x4, 0x6000) write$P9_RLINK(r1, &(0x7f0000000200)={0x7}, 0x7) 09:45:07 executing program 4: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) [ 116.923152] kmemleak: Found object by alias at 0x607f1a638f5c [ 116.923173] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.923191] Tainted: [W]=WARN [ 116.923195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.923202] Call Trace: [ 116.923206] [ 116.923210] dump_stack_lvl+0xca/0x120 [ 116.923236] __lookup_object+0x94/0xb0 [ 116.923252] delete_object_full+0x27/0x70 [ 116.923267] free_percpu+0x30/0x1160 [ 116.923283] ? arch_uprobe_clear_state+0x16/0x140 [ 116.923303] futex_hash_free+0x38/0xc0 [ 116.923317] mmput+0x2d3/0x390 [ 116.923336] do_exit+0x79d/0x2970 [ 116.923349] ? lock_release+0xc8/0x290 [ 116.923365] ? __pfx_do_exit+0x10/0x10 [ 116.923379] ? find_held_lock+0x2b/0x80 [ 116.923396] ? get_signal+0x835/0x2340 [ 116.923416] do_group_exit+0xd3/0x2a0 [ 116.923430] get_signal+0x2315/0x2340 [ 116.923447] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 116.923463] ? __pfx_get_signal+0x10/0x10 [ 116.923479] ? do_futex+0x135/0x370 [ 116.923492] ? __pfx_do_futex+0x10/0x10 [ 116.923507] arch_do_signal_or_restart+0x80/0x790 [ 116.923524] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.923540] ? __x64_sys_futex+0x1c9/0x4d0 [ 116.923551] ? __x64_sys_futex+0x1d2/0x4d0 [ 116.923565] ? fput+0xe7/0x100 [ 116.923579] ? __pfx___x64_sys_futex+0x10/0x10 [ 116.923591] ? ksys_write+0x1a3/0x240 [ 116.923602] ? xfd_validate_state+0x55/0x180 [ 116.923622] exit_to_user_mode_loop+0x8b/0x110 [ 116.923635] do_syscall_64+0x2f7/0x360 [ 116.923646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.923658] RIP: 0033:0x7fec63de1b19 [ 116.923667] Code: Unable to access opcode bytes at 0x7fec63de1aef. [ 116.923672] RSP: 002b:00007fec61357218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.923683] RAX: fffffffffffffe00 RBX: 00007fec63ef4f68 RCX: 00007fec63de1b19 [ 116.923691] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fec63ef4f68 [ 116.923697] RBP: 00007fec63ef4f60 R08: 0000000000000000 R09: 0000000000000000 [ 116.923704] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec63ef4f6c [ 116.923711] R13: 00007ffe3f845aaf R14: 00007fec61357300 R15: 0000000000022000 [ 116.923726] [ 116.923730] kmemleak: Object (percpu) 0x607f1a638f58 (size 8): [ 116.923736] kmemleak: comm "syz-executor.6", pid 3953, jiffies 4294783728 [ 116.923743] kmemleak: min_count = 1 [ 116.923747] kmemleak: count = 0 [ 116.923750] kmemleak: flags = 0x21 [ 116.923754] kmemleak: checksum = 0 [ 116.923758] kmemleak: backtrace: [ 116.923761] pcpu_alloc_noprof+0x87a/0x1170 [ 116.923776] perf_trace_event_init+0x366/0xa10 [ 116.923788] perf_uprobe_init+0x177/0x220 [ 116.923800] perf_uprobe_event_init+0x103/0x190 [ 116.923816] perf_try_init_event+0x140/0x9f0 [ 116.923828] perf_event_alloc.part.0+0x118e/0x45f0 [ 116.923844] __do_sys_perf_event_open+0x719/0x2c20 [ 116.923856] do_syscall_64+0xbf/0x360 [ 116.923865] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:07 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) [ 117.032899] kmemleak: Found object by alias at 0x607f1a6399dc [ 117.032931] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.032966] Tainted: [W]=WARN [ 117.032974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.032987] Call Trace: [ 117.032994] [ 117.033002] dump_stack_lvl+0xca/0x120 [ 117.033043] __lookup_object+0x94/0xb0 [ 117.033074] delete_object_full+0x27/0x70 [ 117.033105] free_percpu+0x30/0x1160 [ 117.033144] ? arch_uprobe_clear_state+0x16/0x140 [ 117.033182] futex_hash_free+0x38/0xc0 [ 117.033208] mmput+0x2d3/0x390 [ 117.033243] do_exit+0x79d/0x2970 [ 117.033269] ? signal_wake_up_state+0x85/0x120 [ 117.033299] ? zap_other_threads+0x2b9/0x3a0 [ 117.033330] ? __pfx_do_exit+0x10/0x10 [ 117.033354] ? do_group_exit+0x1c3/0x2a0 [ 117.033381] ? lock_release+0xc8/0x290 [ 117.033412] do_group_exit+0xd3/0x2a0 [ 117.033441] __x64_sys_exit_group+0x3e/0x50 [ 117.033468] x64_sys_call+0x18c5/0x18d0 [ 117.033497] do_syscall_64+0xbf/0x360 [ 117.033519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.033541] RIP: 0033:0x7f8a11b8db19 [ 117.033558] Code: Unable to access opcode bytes at 0x7f8a11b8daef. [ 117.033568] RSP: 002b:00007ffe01eeaa38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.033589] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8a11b8db19 [ 117.033604] RDX: 00007f8a11b4072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.033618] RBP: 0000000000000000 R08: 0000001b2d422354 R09: 0000000000000000 [ 117.033631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.033644] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe01eeab20 [ 117.033674] [ 117.033681] kmemleak: Object (percpu) 0x607f1a6399d8 (size 8): [ 117.033694] kmemleak: comm "syz-executor.0", pid 3968, jiffies 4294783845 [ 117.033708] kmemleak: min_count = 1 [ 117.033715] kmemleak: count = 0 [ 117.033722] kmemleak: flags = 0x21 [ 117.033729] kmemleak: checksum = 0 [ 117.033736] kmemleak: backtrace: [ 117.033742] pcpu_alloc_noprof+0x87a/0x1170 [ 117.033771] cpuacct_css_alloc+0x72/0x170 [ 117.033798] cgroup_apply_control_enable+0x446/0x9f0 [ 117.033822] cgroup_mkdir+0x86e/0x1110 [ 117.033846] kernfs_iop_mkdir+0x111/0x190 [ 117.033874] vfs_mkdir+0x59a/0x8d0 [ 117.033904] do_mkdirat+0x19f/0x3d0 [ 117.033924] __x64_sys_mkdirat+0x84/0xb0 [ 117.033944] do_syscall_64+0xbf/0x360 [ 117.033961] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:07 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) 09:45:07 executing program 5: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 6: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:07 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001a40)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2f3663c2b228265b519f686ced4979bbe74fe4fa7108b8f371ea96b323d1ba7cb85399d30530085781dd50c4fde896320e5831dfbb988c3e0c8c77749d4a30"}, 0x80, 0x0}}], 0x2, 0x0) 09:45:07 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x42) 09:45:07 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x1c, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 09:45:08 executing program 4: r0 = getpgrp(0x0) r1 = gettid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x80}) 09:45:08 executing program 6: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) [ 117.320623] kmemleak: Found object by alias at 0x607f1a638f5c [ 117.320656] CPU: 1 UID: 0 PID: 3979 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.320691] Tainted: [W]=WARN [ 117.320698] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.320710] Call Trace: [ 117.320718] [ 117.320726] dump_stack_lvl+0xca/0x120 [ 117.320767] __lookup_object+0x94/0xb0 [ 117.320798] delete_object_full+0x27/0x70 [ 117.320829] free_percpu+0x30/0x1160 [ 117.320859] ? arch_uprobe_clear_state+0x16/0x140 [ 117.320897] futex_hash_free+0x38/0xc0 [ 117.320923] mmput+0x2d3/0x390 [ 117.320958] do_exit+0x79d/0x2970 [ 117.320984] ? lock_release+0xc8/0x290 [ 117.321015] ? __pfx_do_exit+0x10/0x10 [ 117.321042] ? find_held_lock+0x2b/0x80 [ 117.321075] ? get_signal+0x835/0x2340 [ 117.321112] do_group_exit+0xd3/0x2a0 [ 117.321149] get_signal+0x2315/0x2340 [ 117.321193] ? __pfx_get_signal+0x10/0x10 [ 117.321225] ? do_futex+0x135/0x370 [ 117.321251] ? __pfx_do_futex+0x10/0x10 [ 117.321280] arch_do_signal_or_restart+0x80/0x790 [ 117.321313] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.321344] ? __x64_sys_futex+0x1c9/0x4d0 [ 117.321368] ? __x64_sys_futex+0x1d2/0x4d0 [ 117.321394] ? __sys_socket+0x9f/0x260 [ 117.321421] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.321445] ? selinux_file_ioctl+0xb9/0x280 [ 117.321473] ? xfd_validate_state+0x55/0x180 [ 117.321513] exit_to_user_mode_loop+0x8b/0x110 [ 117.321537] do_syscall_64+0x2f7/0x360 [ 117.321559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.321581] RIP: 0033:0x7fec63de1b19 [ 117.321598] Code: Unable to access opcode bytes at 0x7fec63de1aef. [ 117.321608] RSP: 002b:00007fec61357218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.321629] RAX: fffffffffffffe00 RBX: 00007fec63ef4f68 RCX: 00007fec63de1b19 [ 117.321644] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fec63ef4f68 [ 117.321658] RBP: 00007fec63ef4f60 R08: 0000000000000000 R09: 0000000000000000 [ 117.321671] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec63ef4f6c [ 117.321685] R13: 00007ffe3f845aaf R14: 00007fec61357300 R15: 0000000000022000 [ 117.321716] [ 117.321723] kmemleak: Object (percpu) 0x607f1a638f58 (size 8): [ 117.321735] kmemleak: comm "syz-executor.6", pid 3988, jiffies 4294784091 [ 117.321749] kmemleak: min_count = 1 [ 117.321756] kmemleak: count = 0 [ 117.321763] kmemleak: flags = 0x21 [ 117.321770] kmemleak: checksum = 0 [ 117.321778] kmemleak: backtrace: [ 117.321784] pcpu_alloc_noprof+0x87a/0x1170 [ 117.321812] alloc_trace_uprobe+0xab/0x390 [ 117.321832] create_local_trace_uprobe+0x104/0x570 [ 117.321855] perf_uprobe_init+0x13a/0x220 [ 117.321879] perf_uprobe_event_init+0x103/0x190 [ 117.321909] perf_try_init_event+0x140/0x9f0 [ 117.321934] perf_event_alloc.part.0+0x118e/0x45f0 [ 117.321965] __do_sys_perf_event_open+0x719/0x2c20 [ 117.321989] do_syscall_64+0xbf/0x360 [ 117.322006] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:08 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x42) 09:45:08 executing program 4: r0 = getpgrp(0x0) r1 = gettid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x80}) 09:45:08 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) 09:45:08 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/244) 09:45:08 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001a40)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2f3663c2b228265b519f686ced4979bbe74fe4fa7108b8f371ea96b323d1ba7cb85399d30530085781dd50c4fde896320e5831dfbb988c3e0c8c77749d4a30"}, 0x80, 0x0}}], 0x2, 0x0) 09:45:08 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x1c, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 09:45:08 executing program 5: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$binfmt_aout(r0, 0x0, 0x179) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xf2, 0x0, 0x0, 0x4, 0x0, 0x6b3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r2, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/176, 0xb0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000040)) [ 117.452592] kmemleak: Found object by alias at 0x607f1a639394 [ 117.452612] CPU: 0 UID: 0 PID: 3994 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.452630] Tainted: [W]=WARN [ 117.452634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.452641] Call Trace: [ 117.452645] [ 117.452650] dump_stack_lvl+0xca/0x120 [ 117.452675] __lookup_object+0x94/0xb0 [ 117.452691] delete_object_full+0x27/0x70 [ 117.452707] free_percpu+0x30/0x1160 [ 117.452723] ? arch_uprobe_clear_state+0x16/0x140 [ 117.452743] futex_hash_free+0x38/0xc0 [ 117.452757] mmput+0x2d3/0x390 [ 117.452775] do_exit+0x79d/0x2970 [ 117.452788] ? signal_wake_up_state+0x85/0x120 [ 117.452804] ? zap_other_threads+0x2b9/0x3a0 [ 117.452820] ? __pfx_do_exit+0x10/0x10 [ 117.452833] ? do_group_exit+0x1c3/0x2a0 [ 117.452846] ? lock_release+0xc8/0x290 [ 117.452863] do_group_exit+0xd3/0x2a0 [ 117.452878] __x64_sys_exit_group+0x3e/0x50 [ 117.452892] x64_sys_call+0x18c5/0x18d0 [ 117.452907] do_syscall_64+0xbf/0x360 [ 117.452919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.452930] RIP: 0033:0x7f437490db19 [ 117.452938] Code: Unable to access opcode bytes at 0x7f437490daef. [ 117.452944] RSP: 002b:00007ffe83bcac98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.452955] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f437490db19 [ 117.452962] RDX: 00007f43748c072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.452969] RBP: 0000000000000000 R08: 0000001b2ce201b4 R09: 0000000000000000 [ 117.452976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.452982] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe83bcad80 [ 117.452997] [ 117.453001] kmemleak: Object (percpu) 0x607f1a639390 (size 8): [ 117.453007] kmemleak: comm "syz-executor.5", pid 3997, jiffies 4294784273 [ 117.453014] kmemleak: min_count = 1 [ 117.453018] kmemleak: count = 0 [ 117.453022] kmemleak: flags = 0x21 [ 117.453025] kmemleak: checksum = 0 [ 117.453029] kmemleak: backtrace: [ 117.453032] pcpu_alloc_noprof+0x87a/0x1170 [ 117.453047] perf_trace_event_init+0x366/0xa10 [ 117.453061] perf_uprobe_init+0x177/0x220 [ 117.453072] perf_uprobe_event_init+0x103/0x190 [ 117.453088] perf_try_init_event+0x140/0x9f0 [ 117.453101] perf_event_alloc.part.0+0x118e/0x45f0 [ 117.453122] __do_sys_perf_event_open+0x719/0x2c20 [ 117.453134] do_syscall_64+0xbf/0x360 [ 117.453143] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:08 executing program 6: shmget(0x1, 0x1000, 0x0, &(0x7f0000cea000/0x1000)=nil) 09:45:08 executing program 4: r0 = getpgrp(0x0) r1 = gettid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x80}) 09:45:08 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x42) [ 117.555183] kmemleak: Found object by alias at 0x607f1a638f5c [ 117.555204] CPU: 0 UID: 0 PID: 3998 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.555221] Tainted: [W]=WARN [ 117.555225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.555232] Call Trace: [ 117.555236] [ 117.555240] dump_stack_lvl+0xca/0x120 [ 117.555265] __lookup_object+0x94/0xb0 [ 117.555281] delete_object_full+0x27/0x70 [ 117.555297] free_percpu+0x30/0x1160 [ 117.555313] ? arch_uprobe_clear_state+0x16/0x140 [ 117.555333] futex_hash_free+0x38/0xc0 [ 117.555346] mmput+0x2d3/0x390 [ 117.555365] do_exit+0x79d/0x2970 [ 117.555378] ? signal_wake_up_state+0x85/0x120 [ 117.555393] ? zap_other_threads+0x2b9/0x3a0 [ 117.555408] ? __pfx_do_exit+0x10/0x10 [ 117.555421] ? do_group_exit+0x1c3/0x2a0 [ 117.555434] ? lock_release+0xc8/0x290 [ 117.555450] do_group_exit+0xd3/0x2a0 [ 117.555465] __x64_sys_exit_group+0x3e/0x50 [ 117.555478] x64_sys_call+0x18c5/0x18d0 [ 117.555493] do_syscall_64+0xbf/0x360 [ 117.555505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.555516] RIP: 0033:0x7fec63de1b19 [ 117.555524] Code: Unable to access opcode bytes at 0x7fec63de1aef. [ 117.555529] RSP: 002b:00007ffe3f845cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.555541] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fec63de1b19 [ 117.555548] RDX: 00007fec63d9472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.555555] RBP: 0000000000000000 R08: 0000001b2d223cc0 R09: 0000000000000000 [ 117.555561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.555568] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe3f845dc0 [ 117.555583] [ 117.555587] kmemleak: Object (percpu) 0x607f1a638f58 (size 8): [ 117.555593] kmemleak: comm "syz-executor.5", pid 3997, jiffies 4294784272 [ 117.555600] kmemleak: min_count = 1 [ 117.555604] kmemleak: count = 0 [ 117.555608] kmemleak: flags = 0x21 [ 117.555611] kmemleak: checksum = 0 [ 117.555615] kmemleak: backtrace: [ 117.555618] pcpu_alloc_noprof+0x87a/0x1170 [ 117.555633] alloc_trace_uprobe+0xab/0x390 [ 117.555644] create_local_trace_uprobe+0x104/0x570 [ 117.555655] perf_uprobe_init+0x13a/0x220 [ 117.555668] perf_uprobe_event_init+0x103/0x190 [ 117.555683] perf_try_init_event+0x140/0x9f0 [ 117.555696] perf_event_alloc.part.0+0x118e/0x45f0 [ 117.555711] __do_sys_perf_event_open+0x719/0x2c20 [ 117.555723] do_syscall_64+0xbf/0x360 [ 117.555732] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:45:08 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001a40)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2f3663c2b228265b519f686ced4979bbe74fe4fa7108b8f371ea96b323d1ba7cb85399d30530085781dd50c4fde896320e5831dfbb988c3e0c8c77749d4a30"}, 0x80, 0x0}}], 0x2, 0x0) 09:45:08 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x1c, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 09:45:08 executing program 4: r0 = getpgrp(0x0) r1 = gettid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x80}) 09:45:08 executing program 5: socketpair(0x1, 0x0, 0x2, &(0x7f00000006c0)) 09:45:08 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001a40)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2f3663c2b228265b519f686ced4979bbe74fe4fa7108b8f371ea96b323d1ba7cb85399d30530085781dd50c4fde896320e5831dfbb988c3e0c8c77749d4a30"}, 0x80, 0x0}}], 0x2, 0x0) 09:45:08 executing program 6: socket$inet(0x2, 0x3, 0x5) write(0xffffffffffffffff, &(0x7f0000000000)="3bff899b7a8706ed9a51833b196ed4e2583d3d11d54276f2c920f2bf7f3797aa87f5df7e97a83a6eb481be101e5e141944d0b76ba7cc5bd9d1336a4635467873fd73cf727fc6cda203b87c6a792cc04a75", 0x51) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'}) 09:45:08 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000680)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000005c0)="69e71fba5d4e9123c8ace95961685e7d4e0367fbb6cee87bc52dca90f1c3e762c7", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 117.770339] syz-executor.6 uses obsolete (PF_INET,SOCK_PACKET) 09:45:08 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x1c, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 09:45:08 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x42) 09:45:08 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) llistxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/16, 0x10) 09:45:08 executing program 5: socketpair(0x1, 0x0, 0x2, &(0x7f00000006c0)) 09:45:08 executing program 6: socket$inet(0x2, 0x3, 0x5) write(0xffffffffffffffff, &(0x7f0000000000)="3bff899b7a8706ed9a51833b196ed4e2583d3d11d54276f2c920f2bf7f3797aa87f5df7e97a83a6eb481be101e5e141944d0b76ba7cc5bd9d1336a4635467873fd73cf727fc6cda203b87c6a792cc04a75", 0x51) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'}) 09:45:08 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000680)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000005c0)="69e71fba5d4e9123c8ace95961685e7d4e0367fbb6cee87bc52dca90f1c3e762c7", 0x0, 0x0, 0x0, 0x0, 0x0}) 09:45:08 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0) 09:45:08 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x401, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xf, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x63) sendfile(r1, r2, 0x0, 0xa0103) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r3, r4, 0x0, 0xa0103) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendfile(r6, r5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendfile(r7, 0xffffffffffffffff, 0x0, 0x0) r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendfile(r9, r8, 0x0, 0x40000) [ 118.040398] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 118.042159] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 118.043318] CPU: 1 UID: 0 PID: 4036 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.048131] Tainted: [W]=WARN [ 118.048621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.049880] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.050639] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.053395] RSP: 0018:ffff888016b3f780 EFLAGS: 00010012 [ 118.054225] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90005429000 [ 118.055320] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.056407] RBP: ffff888016b3f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15f58 [ 118.057499] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 118.058602] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.059701] FS: 00007f2837d73700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.060927] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.061820] CR2: 00007f283a911018 CR3: 0000000045217000 CR4: 0000000000350ef0 [ 118.062923] Call Trace: [ 118.063336] [ 118.063693] ? __pfx_perf_tp_event+0x10/0x10 [ 118.064390] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 118.065351] ? lock_acquire+0x15e/0x2f0 [ 118.065975] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 118.066975] ? lock_is_held_type+0x9e/0x120 [ 118.067653] ? lock_is_held_type+0x9e/0x120 [ 118.068337] ? ctx_sched_in+0x134/0x9b0 [ 118.068964] ? kvm_sched_clock_read+0x16/0x30 [ 118.069673] ? sched_clock+0x37/0x60 [ 118.070286] ? sched_clock_cpu+0x6c/0x4e0 [ 118.070936] ? lock_is_held_type+0x9e/0x120 [ 118.071615] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.072408] ? lock_is_held_type+0x9e/0x120 [ 118.073082] perf_trace_run_bpf_submit+0xef/0x180 [ 118.073836] perf_trace_preemptirq_template+0x259/0x430 [ 118.074727] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.075640] ? check_preempt_wakeup_fair+0x406/0x950 [ 118.076429] ? find_held_lock+0x2b/0x80 [ 118.077056] ? try_to_wake_up+0x8ae/0x11d0 [ 118.077722] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 118.078523] trace_irq_enable.constprop.0+0xa6/0x100 [ 118.079302] trace_hardirqs_on+0x26/0x40 [ 118.079929] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 118.080704] try_to_wake_up+0x8ae/0x11d0 [ 118.081343] ? __pfx_try_to_wake_up+0x10/0x10 [ 118.082070] ? plist_del+0x122/0x270 [ 118.082659] ? find_held_lock+0x2b/0x80 [ 118.083297] ? futex_wake+0x474/0x540 [ 118.083899] wake_up_q+0xa1/0x130 [ 118.084455] futex_wake+0x47e/0x540 [ 118.085032] ? __pfx_futex_wake+0x10/0x10 [ 118.085685] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 118.086488] ? lock_release+0xc8/0x290 [ 118.087103] do_futex+0x26d/0x370 [ 118.087657] ? __pfx_do_futex+0x10/0x10 [ 118.088277] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 118.089096] ? find_held_lock+0x2b/0x80 [ 118.089729] __x64_sys_futex+0x1c9/0x4d0 [ 118.090372] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.091285] ? __pfx___x64_sys_futex+0x10/0x10 [ 118.091998] ? xfd_validate_state+0x55/0x180 [ 118.092698] do_syscall_64+0xbf/0x360 [ 118.093288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.094096] RIP: 0033:0x7f283a7fdb19 [ 118.094671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.097427] RSP: 002b:00007f2837d73218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.098598] RAX: ffffffffffffffda RBX: 00007f283a910f68 RCX: 00007f283a7fdb19 [ 118.099690] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f283a910f6c [ 118.100784] RBP: 00007f283a910f60 R08: 000000000000000e R09: 0000000000000000 [ 118.101867] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f283a910f6c [ 118.102971] R13: 00007ffe3dee8ccf R14: 00007f2837d73300 R15: 0000000000022000 [ 118.104065] [ 118.104434] Modules linked in: [ 118.104940] ---[ end trace 0000000000000000 ]--- [ 118.105666] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.106403] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.109167] RSP: 0018:ffff888016b3f780 EFLAGS: 00010012 [ 118.109984] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90005429000 [ 118.111087] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.112177] RBP: ffff888016b3f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15f58 [ 118.113260] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 118.114360] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.115463] FS: 00007f2837d73700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.116692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.117595] CR2: 00007f283a911018 CR3: 0000000045217000 CR4: 0000000000350ef0 [ 118.118707] note: syz-executor.2[4036] exited with irqs disabled [ 118.119793] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 118.121524] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 118.122696] CPU: 1 UID: 0 PID: 4036 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.124541] Tainted: [D]=DIE, [W]=WARN [ 118.125142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.126403] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.127141] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.129899] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 118.130748] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 118.131843] RDX: ffff88801b809b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.132929] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd15f58 [ 118.134005] R10: 0000000000000000 R11: 00000000000211bd R12: dffffc0000000000 [ 118.135121] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 118.136207] FS: 00007f2837d73700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.137415] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.138319] CR2: 00007f283a911018 CR3: 0000000045217000 CR4: 0000000000350ef0 [ 118.139414] Call Trace: [ 118.139817] [ 118.140168] ? css_rstat_updated+0x1b8/0x4d0 [ 118.140855] ? __pfx_perf_tp_event+0x10/0x10 [ 118.141558] ? trace_pelt_se_tp+0xdf/0x130 [ 118.142230] ? __cgroup_account_cputime+0x31/0xc0 [ 118.142979] ? do_raw_spin_lock+0x123/0x260 [ 118.143645] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.144364] ? lock_acquire+0x18c/0x2f0 [ 118.144985] ? update_cfs_group+0x11d/0x260 [ 118.145662] ? lock_release+0x1c7/0x290 [ 118.146286] ? do_raw_spin_unlock+0x53/0x220 [ 118.146982] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 118.147778] ? try_to_wake_up+0x128/0x11d0 [ 118.148448] ? do_raw_spin_lock+0x123/0x260 [ 118.149124] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.149851] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.150643] perf_trace_run_bpf_submit+0xef/0x180 [ 118.151398] perf_trace_preemptirq_template+0x259/0x430 [ 118.152226] ? read_tsc+0x9/0x20 [ 118.152770] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.153685] ? clockevents_program_event+0x135/0x360 [ 118.154480] ? tick_program_event+0xac/0x140 [ 118.155176] ? handle_softirqs+0x16e/0x770 [ 118.155846] trace_irq_enable.constprop.0+0xa6/0x100 [ 118.156627] trace_hardirqs_on+0x26/0x40 [ 118.157251] handle_softirqs+0x16e/0x770 [ 118.157892] __irq_exit_rcu+0xc4/0x100 [ 118.158524] irq_exit_rcu+0x9/0x20 [ 118.159077] sysvec_apic_timer_interrupt+0x70/0x80 [ 118.159847] [ 118.160206] [ 118.160573] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 118.161377] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 118.162108] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 118.164849] RSP: 0018:ffff888016b3ff28 EFLAGS: 00000246 [ 118.165673] RAX: 0000000000000001 RBX: ffff88801b809b80 RCX: ffffffff817c2b86 [ 118.166774] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 118.167852] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 118.168926] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88801b809b80 [ 118.170003] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 118.171113] ? trace_irq_enable.constprop.0+0x26/0x100 [ 118.171918] ? make_task_dead+0x214/0x3b0 [ 118.172570] ? make_task_dead+0x214/0x3b0 [ 118.173223] ? do_syscall_64+0xbf/0x360 [ 118.173838] rewind_stack_and_make_dead+0x16/0x20 [ 118.174609] RIP: 0033:0x7f283a7fdb19 [ 118.175183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.177913] RSP: 002b:00007f2837d73218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.179060] RAX: ffffffffffffffda RBX: 00007f283a910f68 RCX: 00007f283a7fdb19 [ 118.180149] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f283a910f6c [ 118.181241] RBP: 00007f283a910f60 R08: 000000000000000e R09: 0000000000000000 [ 118.182356] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f283a910f6c [ 118.183445] R13: 00007ffe3dee8ccf R14: 00007f2837d73300 R15: 0000000000022000 [ 118.184526] [ 118.184891] Modules linked in: [ 118.185390] ---[ end trace 0000000000000000 ]--- [ 118.186123] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.186853] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.189580] RSP: 0018:ffff888016b3f780 EFLAGS: 00010012 [ 118.190399] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90005429000 [ 118.191377] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.192331] RBP: ffff888016b3f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15f58 [ 118.193276] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 118.194232] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.195179] FS: 00007f2837d73700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.196251] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.197033] CR2: 00007f283a911018 CR3: 0000000045217000 CR4: 0000000000350ef0 [ 118.197985] Kernel panic - not syncing: Fatal exception in interrupt [ 118.199120] Kernel Offset: disabled [ 118.199615] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:45:09 Registers: info registers vcpu 0 RAX=ffffea0000cd9d40 RBX=0000000000000001 RCX=ffffffff819cd6f7 RDX=ffff8880165b5280 RSI=ffffffff819cd734 RDI=0000000000000006 RBP=00007f8a11c6d000 RSP=ffff88801c1ff6b8 R8 =0000000000000000 R9 =fffff9400019b3a0 R10=000000000000786a R11=0000000000000000 R12=8400000033675005 R13=ffffea0000cd9d00 R14=0000000000000010 R15=dffffc0000000000 RIP=ffffffff819cd76b RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558f17a400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f86901f2004 CR3=0000000042cc6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f868fdc17c000007f868fdc17c8 XMM02=00007f868fdc17e000007f868fdc17c0 XMM03=00007f868fdc17c800007f868fdc17c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888016b3f0e0 R8 =0000000000000000 R9 =ffffed100140e046 R10=0000000000000020 R11=552031203a555043 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2837d73700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f283a911018 CR3=0000000045217000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f283a8e47c000007f283a8e47c8 XMM02=00007f283a8e47e000007f283a8e47c0 XMM03=00007f283a8e47c800007f283a8e47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000