Warning: Permanently added '[localhost]:39726' (ECDSA) to the list of known hosts. 2025/09/01 09:24:10 fuzzer started 2025/09/01 09:24:10 dialing manager at localhost:35473 syzkaller login: [ 58.427073] cgroup: Unknown subsys name 'net' [ 58.500812] cgroup: Unknown subsys name 'cpuset' [ 58.519078] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:24:21 syscalls: 2214 2025/09/01 09:24:21 code coverage: enabled 2025/09/01 09:24:21 comparison tracing: enabled 2025/09/01 09:24:21 extra coverage: enabled 2025/09/01 09:24:21 setuid sandbox: enabled 2025/09/01 09:24:21 namespace sandbox: enabled 2025/09/01 09:24:21 Android sandbox: enabled 2025/09/01 09:24:21 fault injection: enabled 2025/09/01 09:24:21 leak checking: enabled 2025/09/01 09:24:21 net packet injection: enabled 2025/09/01 09:24:21 net device setup: enabled 2025/09/01 09:24:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:24:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:24:21 USB emulation: enabled 2025/09/01 09:24:21 hci packet injection: enabled 2025/09/01 09:24:21 wifi device emulation: enabled 2025/09/01 09:24:21 802.15.4 emulation: enabled 2025/09/01 09:24:21 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:24:21 fetching corpus: 50, signal 30118/33276 (executing program) 2025/09/01 09:24:21 fetching corpus: 100, signal 40086/44487 (executing program) 2025/09/01 09:24:21 fetching corpus: 150, signal 46631/52149 (executing program) 2025/09/01 09:24:21 fetching corpus: 200, signal 51014/57595 (executing program) 2025/09/01 09:24:22 fetching corpus: 250, signal 58031/65332 (executing program) 2025/09/01 09:24:22 fetching corpus: 300, signal 62684/70763 (executing program) 2025/09/01 09:24:22 fetching corpus: 350, signal 67730/76389 (executing program) 2025/09/01 09:24:22 fetching corpus: 400, signal 71698/81065 (executing program) 2025/09/01 09:24:22 fetching corpus: 450, signal 75323/85234 (executing program) 2025/09/01 09:24:22 fetching corpus: 500, signal 77081/87753 (executing program) 2025/09/01 09:24:22 fetching corpus: 550, signal 79235/90544 (executing program) 2025/09/01 09:24:22 fetching corpus: 600, signal 81774/93564 (executing program) 2025/09/01 09:24:22 fetching corpus: 650, signal 85251/97243 (executing program) 2025/09/01 09:24:23 fetching corpus: 700, signal 86859/99430 (executing program) 2025/09/01 09:24:23 fetching corpus: 750, signal 88424/101511 (executing program) 2025/09/01 09:24:23 fetching corpus: 800, signal 90291/103795 (executing program) 2025/09/01 09:24:23 fetching corpus: 850, signal 91496/105512 (executing program) 2025/09/01 09:24:23 fetching corpus: 900, signal 93108/107483 (executing program) 2025/09/01 09:24:23 fetching corpus: 950, signal 95716/110132 (executing program) 2025/09/01 09:24:23 fetching corpus: 1000, signal 97223/111937 (executing program) 2025/09/01 09:24:23 fetching corpus: 1050, signal 98590/113664 (executing program) 2025/09/01 09:24:23 fetching corpus: 1100, signal 100032/115356 (executing program) 2025/09/01 09:24:23 fetching corpus: 1150, signal 101762/117226 (executing program) 2025/09/01 09:24:24 fetching corpus: 1200, signal 103054/118734 (executing program) 2025/09/01 09:24:24 fetching corpus: 1250, signal 104931/120652 (executing program) 2025/09/01 09:24:24 fetching corpus: 1300, signal 107345/122847 (executing program) 2025/09/01 09:24:24 fetching corpus: 1350, signal 108403/124050 (executing program) 2025/09/01 09:24:24 fetching corpus: 1400, signal 109766/125419 (executing program) 2025/09/01 09:24:24 fetching corpus: 1450, signal 111123/126767 (executing program) 2025/09/01 09:24:24 fetching corpus: 1500, signal 112399/127998 (executing program) 2025/09/01 09:24:24 fetching corpus: 1550, signal 113650/129231 (executing program) 2025/09/01 09:24:25 fetching corpus: 1600, signal 115271/130627 (executing program) 2025/09/01 09:24:25 fetching corpus: 1650, signal 116180/131667 (executing program) 2025/09/01 09:24:25 fetching corpus: 1700, signal 116959/132518 (executing program) 2025/09/01 09:24:25 fetching corpus: 1750, signal 117795/133409 (executing program) 2025/09/01 09:24:25 fetching corpus: 1800, signal 118766/134386 (executing program) 2025/09/01 09:24:25 fetching corpus: 1850, signal 119586/135179 (executing program) 2025/09/01 09:24:25 fetching corpus: 1900, signal 120852/136128 (executing program) 2025/09/01 09:24:25 fetching corpus: 1950, signal 121790/136913 (executing program) 2025/09/01 09:24:25 fetching corpus: 2000, signal 122565/137676 (executing program) 2025/09/01 09:24:25 fetching corpus: 2050, signal 124366/138856 (executing program) 2025/09/01 09:24:26 fetching corpus: 2100, signal 125441/139649 (executing program) 2025/09/01 09:24:26 fetching corpus: 2150, signal 126083/140253 (executing program) 2025/09/01 09:24:26 fetching corpus: 2200, signal 126867/140894 (executing program) 2025/09/01 09:24:26 fetching corpus: 2250, signal 127851/141572 (executing program) 2025/09/01 09:24:26 fetching corpus: 2300, signal 128896/142262 (executing program) 2025/09/01 09:24:26 fetching corpus: 2350, signal 130030/142943 (executing program) 2025/09/01 09:24:26 fetching corpus: 2400, signal 130700/143429 (executing program) 2025/09/01 09:24:26 fetching corpus: 2450, signal 131240/143886 (executing program) 2025/09/01 09:24:26 fetching corpus: 2500, signal 132549/144563 (executing program) 2025/09/01 09:24:26 fetching corpus: 2550, signal 133548/145147 (executing program) 2025/09/01 09:24:27 fetching corpus: 2600, signal 134452/145661 (executing program) 2025/09/01 09:24:27 fetching corpus: 2650, signal 135069/146068 (executing program) 2025/09/01 09:24:27 fetching corpus: 2700, signal 135899/146521 (executing program) 2025/09/01 09:24:27 fetching corpus: 2750, signal 136551/146856 (executing program) 2025/09/01 09:24:27 fetching corpus: 2800, signal 137151/147190 (executing program) 2025/09/01 09:24:27 fetching corpus: 2850, signal 137919/147674 (executing program) 2025/09/01 09:24:27 fetching corpus: 2900, signal 138497/147963 (executing program) 2025/09/01 09:24:27 fetching corpus: 2950, signal 139181/148266 (executing program) 2025/09/01 09:24:27 fetching corpus: 3000, signal 139802/148567 (executing program) 2025/09/01 09:24:27 fetching corpus: 3050, signal 140367/148837 (executing program) 2025/09/01 09:24:28 fetching corpus: 3100, signal 141237/149105 (executing program) 2025/09/01 09:24:28 fetching corpus: 3150, signal 142130/149370 (executing program) 2025/09/01 09:24:28 fetching corpus: 3200, signal 142708/149585 (executing program) 2025/09/01 09:24:28 fetching corpus: 3250, signal 143225/149769 (executing program) 2025/09/01 09:24:28 fetching corpus: 3300, signal 145117/150131 (executing program) 2025/09/01 09:24:28 fetching corpus: 3350, signal 145838/150267 (executing program) 2025/09/01 09:24:28 fetching corpus: 3400, signal 146737/150396 (executing program) 2025/09/01 09:24:28 fetching corpus: 3450, signal 147495/150531 (executing program) 2025/09/01 09:24:28 fetching corpus: 3476, signal 147971/150629 (executing program) 2025/09/01 09:24:28 fetching corpus: 3476, signal 147971/150679 (executing program) 2025/09/01 09:24:28 fetching corpus: 3476, signal 147971/150721 (executing program) 2025/09/01 09:24:28 fetching corpus: 3476, signal 147971/150749 (executing program) 2025/09/01 09:24:28 fetching corpus: 3476, signal 147971/150756 (executing program) 2025/09/01 09:24:28 fetching corpus: 3476, signal 147971/150756 (executing program) 2025/09/01 09:24:31 starting 8 fuzzer processes 09:24:31 executing program 0: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:24:31 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000780), 0x0, 0x0) ioctl$EVIOCSABS3F(r0, 0x401845ff, 0x0) 09:24:31 executing program 2: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000100)) 09:24:31 executing program 7: pipe(&(0x7f0000000880)={0xffffffffffffffff}) fcntl$setstatus(r0, 0x407, 0x1044c00) fcntl$setstatus(r0, 0x407, 0x0) 09:24:31 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:24:31 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB="14002c8004"], 0x30}}, 0x0) 09:24:31 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) [ 78.911838] audit: type=1400 audit(1756718671.436:7): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:24:31 executing program 5: semop(0x0, &(0x7f0000000180)=[{}, {}, {}], 0x2aaaaaaaaaaaac91) [ 80.092881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.095443] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.098578] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.100804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.102630] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.106975] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.113668] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.116942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.125104] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.127601] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.347005] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.361958] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.367274] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.372860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.381815] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.383556] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.386302] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.387949] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.399650] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.403239] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.405027] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.410746] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.411035] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.424457] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.428964] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.432726] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.435926] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.441869] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.444139] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.446156] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.451055] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.453768] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.456077] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.459607] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.462250] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.467513] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.469250] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.487932] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.501914] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.504855] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.184760] Bluetooth: hci0: command tx timeout [ 82.184766] Bluetooth: hci1: command tx timeout [ 82.504927] Bluetooth: hci3: command tx timeout [ 82.505013] Bluetooth: hci2: command tx timeout [ 82.506141] Bluetooth: hci4: command tx timeout [ 82.568293] Bluetooth: hci7: command tx timeout [ 82.570063] Bluetooth: hci6: command tx timeout [ 82.570973] Bluetooth: hci5: command tx timeout [ 84.231425] Bluetooth: hci1: command tx timeout [ 84.231947] Bluetooth: hci0: command tx timeout [ 84.551617] Bluetooth: hci2: command tx timeout [ 84.552088] Bluetooth: hci3: command tx timeout [ 84.553412] Bluetooth: hci4: command tx timeout [ 84.615772] Bluetooth: hci7: command tx timeout [ 84.617398] Bluetooth: hci6: command tx timeout [ 84.617417] Bluetooth: hci5: command tx timeout [ 86.280429] Bluetooth: hci0: command tx timeout [ 86.280464] Bluetooth: hci1: command tx timeout [ 86.599494] Bluetooth: hci3: command tx timeout [ 86.599593] Bluetooth: hci4: command tx timeout [ 86.599947] Bluetooth: hci2: command tx timeout [ 86.663437] Bluetooth: hci6: command tx timeout [ 86.663468] Bluetooth: hci7: command tx timeout [ 86.665480] Bluetooth: hci5: command tx timeout [ 88.327482] Bluetooth: hci0: command tx timeout [ 88.327938] Bluetooth: hci1: command tx timeout [ 88.647521] Bluetooth: hci4: command tx timeout [ 88.647569] Bluetooth: hci2: command tx timeout [ 88.647977] Bluetooth: hci3: command tx timeout [ 88.711403] Bluetooth: hci6: command tx timeout [ 88.712470] Bluetooth: hci5: command tx timeout [ 88.712863] Bluetooth: hci7: command tx timeout [ 116.732816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.733769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.894512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.895136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.391155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.391943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.475986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.476670] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.572373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.573000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.703215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.703927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.770662] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.771301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.807395] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.808033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.895480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.896154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.928568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.929162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.984430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.985021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.997551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.998184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.059035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.059687] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.085408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.086042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.124880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.125495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.185540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.186164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.369718] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 118.378524] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 09:25:10 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) 09:25:10 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) 09:25:10 executing program 7: pipe(&(0x7f0000000880)={0xffffffffffffffff}) fcntl$setstatus(r0, 0x407, 0x1044c00) fcntl$setstatus(r0, 0x407, 0x0) 09:25:10 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB="14002c8004"], 0x30}}, 0x0) 09:25:10 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000780), 0x0, 0x0) ioctl$EVIOCSABS3F(r0, 0x401845ff, 0x0) 09:25:10 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:25:10 executing program 5: semop(0x0, &(0x7f0000000180)=[{}, {}, {}], 0x2aaaaaaaaaaaac91) 09:25:10 executing program 0: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:25:10 executing program 5: semop(0x0, &(0x7f0000000180)=[{}, {}, {}], 0x2aaaaaaaaaaaac91) [ 118.458993] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 09:25:11 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000780), 0x0, 0x0) ioctl$EVIOCSABS3F(r0, 0x401845ff, 0x0) 09:25:11 executing program 5: semop(0x0, &(0x7f0000000180)=[{}, {}, {}], 0x2aaaaaaaaaaaac91) 09:25:11 executing program 7: pipe(&(0x7f0000000880)={0xffffffffffffffff}) fcntl$setstatus(r0, 0x407, 0x1044c00) fcntl$setstatus(r0, 0x407, 0x0) 09:25:11 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB="14002c8004"], 0x30}}, 0x0) 09:25:11 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) 09:25:11 executing program 0: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:25:11 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:25:11 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000780), 0x0, 0x0) ioctl$EVIOCSABS3F(r0, 0x401845ff, 0x0) 09:25:11 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) [ 118.619588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 09:25:11 executing program 7: pipe(&(0x7f0000000880)={0xffffffffffffffff}) fcntl$setstatus(r0, 0x407, 0x1044c00) fcntl$setstatus(r0, 0x407, 0x0) 09:25:11 executing program 5: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:25:11 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) 09:25:11 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:25:11 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB="14002c8004"], 0x30}}, 0x0) 09:25:11 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) io_setup(0xeff, &(0x7f0000000240)=0x0) io_destroy(r0) 09:25:11 executing program 0: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:25:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 118.738019] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 118.742448] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 09:25:11 executing program 7: modify_ldt$write(0x1, &(0x7f0000000000), 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x0, 0x0, 0x1000}, 0x10) 09:25:11 executing program 5: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:25:11 executing program 5: r0 = memfd_create(&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x03r\xc7\xde\xeeB\xb0\x17\xcd4\x00\x00Y\xc7\xa6\xfdt\xf5\nL\x9e\f\xb1\x8eK\xc5\x95\xa5_\x9f\xe8nma\x8d~Y[,\xefg\xd7\xc5]Y\x92yy\xfb\x83\x00 W\xe8\x0f]@\xc0\x01\x01\x00\x00\x00\x00\x00\xe7\xfc\x83n\xd8\x81\x8d\xf1\xeb7\xd9\xff\xe3\xea\x15\xeb\xa7\xf3A;lg)c]\xae3\xb5k\xa0\b\xf7;o\xf52I\f\xc5\x95\x1d.\x92\xe9\x8f\\\x19\xf7\n\xab\"\x1e\xeaI\xb1~OO\xb1\x89B\x00'/161, 0xd) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 09:25:11 executing program 3: write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @void, @llc={@snap={0x0, 0x0, "1e", "74408d", 0x0, "a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"}}}, 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)) 09:25:11 executing program 2: munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0) 09:25:11 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001d00010200000000000000ff07"], 0x1c}], 0x1}, 0x0) 09:25:11 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000001140)={0x1f, @none}, 0x8) 09:25:11 executing program 6: pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) sigaltstack(&(0x7f0000ffd000/0x1000)=nil, 0x0) pkey_mprotect(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x2, 0xffffffffffffffff) 09:25:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:25:11 executing program 0: perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000340)={{0x1}}) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) r3 = socket(0x2c, 0x800, 0x1) connect$inet6(r3, 0x0, 0x0) dup2(r1, r2) 09:25:11 executing program 2: munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0) 09:25:11 executing program 6: pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) sigaltstack(&(0x7f0000ffd000/0x1000)=nil, 0x0) pkey_mprotect(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x2, 0xffffffffffffffff) [ 118.965508] audit: type=1400 audit(1756718711.488:8): avc: denied { open } for pid=3976 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.974031] audit: type=1400 audit(1756718711.488:9): avc: denied { kernel } for pid=3976 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.980547] kmemleak: Found object by alias at 0x607f1a63de24 [ 118.980562] CPU: 0 UID: 0 PID: 3970 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.980580] Tainted: [W]=WARN [ 118.980584] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.980591] Call Trace: [ 118.980596] [ 118.980600] dump_stack_lvl+0xca/0x120 [ 118.980632] __lookup_object+0x94/0xb0 [ 118.980650] delete_object_full+0x27/0x70 [ 118.980667] free_percpu+0x30/0x1160 [ 118.980684] ? arch_uprobe_clear_state+0x16/0x140 [ 118.980705] futex_hash_free+0x38/0xc0 [ 118.980721] mmput+0x2d3/0x390 [ 118.980740] do_exit+0x79d/0x2970 [ 118.980754] ? signal_wake_up_state+0x85/0x120 [ 118.980770] ? zap_other_threads+0x2b9/0x3a0 [ 118.980787] ? __pfx_do_exit+0x10/0x10 [ 118.980800] ? do_group_exit+0x1c3/0x2a0 [ 118.980814] ? lock_release+0xc8/0x290 [ 118.980832] do_group_exit+0xd3/0x2a0 [ 118.980847] __x64_sys_exit_group+0x3e/0x50 [ 118.980866] x64_sys_call+0x18c5/0x18d0 [ 118.980882] do_syscall_64+0xbf/0x360 [ 118.980895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.980908] RIP: 0033:0x7f4e8dd63b19 [ 118.980917] Code: Unable to access opcode bytes at 0x7f4e8dd63aef. [ 118.980922] RSP: 002b:00007fff652679b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 118.980934] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f4e8dd63b19 [ 118.980942] RDX: 00007f4e8dd1672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 118.980950] RBP: 0000000000000000 R08: 0000001b2e02336c R09: 0000000000000000 [ 118.980957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.980964] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff65267aa0 [ 118.980980] [ 118.980984] kmemleak: Object (percpu) 0x607f1a63de20 (size 8): [ 118.980990] kmemleak: comm "syz-executor.0", pid 3979, jiffies 4294785654 [ 118.980997] kmemleak: min_count = 1 [ 118.981001] kmemleak: count = 0 [ 118.981005] kmemleak: flags = 0x21 [ 118.981009] kmemleak: checksum = 0 [ 118.981013] kmemleak: backtrace: [ 118.981016] pcpu_alloc_noprof+0x87a/0x1170 [ 118.981033] perf_trace_event_init+0x366/0xa10 [ 118.981047] perf_trace_init+0x1a4/0x2f0 [ 118.981059] perf_tp_event_init+0xa6/0x120 [ 118.981076] perf_try_init_event+0x140/0x9f0 [ 118.981090] perf_event_alloc.part.0+0x118e/0x45f0 [ 118.981107] __do_sys_perf_event_open+0x719/0x2c20 [ 118.981121] do_syscall_64+0xbf/0x360 [ 118.981131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.011163] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 09:25:11 executing program 5: pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) sigaltstack(&(0x7f0000ffd000/0x1000)=nil, 0x0) pkey_mprotect(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x2, 0xffffffffffffffff) 09:25:11 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001d00010200000000000000ff07"], 0x1c}], 0x1}, 0x0) 09:25:11 executing program 5: pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) sigaltstack(&(0x7f0000ffd000/0x1000)=nil, 0x0) pkey_mprotect(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x2, 0xffffffffffffffff) 09:25:11 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000001140)={0x1f, @none}, 0x8) 09:25:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000019140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="1800000004010102"], 0x18}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:25:11 executing program 2: munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0) 09:25:11 executing program 6: pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) sigaltstack(&(0x7f0000ffd000/0x1000)=nil, 0x0) pkey_mprotect(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x2, 0xffffffffffffffff) [ 119.198725] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 119.200564] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.203111] CPU: 1 UID: 0 PID: 3993 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.209230] Tainted: [W]=WARN [ 119.209717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.209729] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 119.210962] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.212366] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.215120] RSP: 0018:ffff888044887800 EFLAGS: 00010212 [ 119.215939] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.217019] RDX: ffff88801c923700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.218109] RBP: ffff888044887a70 R08: ffff88806cf31340 R09: ffffe8ffffd15e20 [ 119.219186] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.220281] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.221367] FS: 000055555e7b2400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.222583] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.223469] CR2: 000055555e7b3c18 CR3: 000000001f3b8000 CR4: 0000000000350ef0 [ 119.224570] Call Trace: [ 119.224976] [ 119.225341] ? arch_scale_cpu_capacity+0x17/0xa0 [ 119.226091] ? __pfx_perf_tp_event+0x10/0x10 [ 119.226782] ? __asan_memset+0x24/0x50 [ 119.227420] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 119.228286] ? __resched_curr+0x2a2/0x330 [ 119.228939] ? __pfx___resched_curr+0x10/0x10 [ 119.229660] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.230441] perf_trace_run_bpf_submit+0xef/0x180 [ 119.231200] perf_trace_lock+0x337/0x5d0 [ 119.231849] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.232569] ? lock_acquire+0x15e/0x2f0 [ 119.233193] ? futex_ref_get+0x48/0x300 [ 119.233808] ? futex_ref_get+0x114/0x300 [ 119.234435] ? futex_hash+0x15c/0x390 [ 119.235029] lock_release+0x1ab/0x290 [ 119.235628] ? futex_hash+0x15c/0x390 [ 119.236236] futex_ref_get+0x119/0x300 [ 119.236847] ? futex_hash+0x15c/0x390 [ 119.237436] futex_hash+0x70/0x390 [ 119.237998] futex_wake+0x143/0x540 [ 119.238572] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.239284] ? update_curr+0x71/0x500 [ 119.239891] ? __pfx_futex_wake+0x10/0x10 [ 119.240555] ? __schedule+0x24e0/0x3590 [ 119.241190] ? lock_release+0xc8/0x290 [ 119.241816] do_futex+0x26d/0x370 [ 119.242380] ? __pfx_do_futex+0x10/0x10 [ 119.243019] ? __pfx___schedule+0x10/0x10 [ 119.243686] __x64_sys_futex+0x1c9/0x4d0 [ 119.244342] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.245081] do_syscall_64+0xbf/0x360 [ 119.245690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.246499] RIP: 0033:0x7fb3742bdb19 [ 119.247085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.249898] RSP: 002b:00007ffc8e13e108 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.251082] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3742bdb19 [ 119.252194] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb3743d0f68 [ 119.253296] RBP: 00007fb3743d0f60 R08: 00007fb371833700 R09: 0000000000000000 [ 119.254406] R10: 00007fb371833700 R11: 0000000000000246 R12: 00007fb3743d5060 [ 119.255512] R13: 00007ffc8e13e210 R14: 00007fb3743d0f60 R15: 000000000001d101 [ 119.256633] [ 119.257007] Modules linked in: [ 119.257575] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 119.259290] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.260466] CPU: 1 UID: 0 PID: 3993 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.262310] Tainted: [D]=DIE, [W]=WARN [ 119.262910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.264197] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.264940] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.267750] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 119.268591] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.269696] RDX: ffff88801c923700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.270801] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15e20 [ 119.271914] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 119.273014] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 119.274112] FS: 000055555e7b2400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.275359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.276277] CR2: 000055555e7b3c18 CR3: 000000001f3b8000 CR4: 0000000000350ef0 [ 119.277376] Call Trace: [ 119.277785] [ 119.278141] ? __pfx_perf_tp_event+0x10/0x10 [ 119.278838] ? perf_trace_lock+0xb5/0x5d0 [ 119.279490] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.280218] ? perf_trace_lock+0xb5/0x5d0 [ 119.280868] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.281582] ? kvm_sched_clock_read+0x16/0x30 [ 119.282284] ? sched_clock+0x37/0x60 [ 119.282881] ? sched_clock_cpu+0x6c/0x4e0 [ 119.283535] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.284319] perf_trace_run_bpf_submit+0xef/0x180 [ 119.285088] perf_trace_lock+0x337/0x5d0 [ 119.285728] ? update_cfs_group+0x11d/0x260 [ 119.286392] ? kvm_sched_clock_read+0x16/0x30 [ 119.287102] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.287828] ? check_preempt_wakeup_fair+0x6e/0x950 [ 119.288611] ? sched_ttwu_pending+0x2e0/0x4a0 [ 119.289318] lock_release+0x1ab/0x290 [ 119.289922] ? ttwu_do_activate+0x1a4/0x8a0 [ 119.290596] _raw_spin_unlock+0x16/0x40 [ 119.291218] sched_ttwu_pending+0x2e0/0x4a0 [ 119.291901] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 119.292663] ? flush_tlb_func+0x3eb/0x560 [ 119.293312] __flush_smp_call_function_queue+0x434/0x740 [ 119.294157] __sysvec_call_function_single+0x6d/0x370 [ 119.294957] sysvec_call_function_single+0xa1/0xc0 [ 119.295722] [ 119.296083] [ 119.296439] asm_sysvec_call_function_single+0x1a/0x20 [ 119.297241] RIP: 0010:oops_exit+0x0/0x50 [ 119.297882] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 119.300637] RSP: 0018:ffff888044887690 EFLAGS: 00000202 [ 119.301482] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 119.302607] RDX: ffff88801c923700 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 119.303732] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 119.304866] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888044887758 [ 119.305993] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 119.307123] ? add_taint+0x5f/0xd0 [ 119.307703] ? oops_end+0x4a/0xe0 [ 119.308289] oops_end+0x65/0xe0 [ 119.308837] exc_general_protection+0x1a2/0x330 [ 119.309597] asm_exc_general_protection+0x26/0x30 [ 119.310369] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.311121] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.313985] RSP: 0018:ffff888044887800 EFLAGS: 00010212 [ 119.314831] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.315962] RDX: ffff88801c923700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.317085] RBP: ffff888044887a70 R08: ffff88806cf31340 R09: ffffe8ffffd15e20 [ 119.318205] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.319328] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.320464] ? perf_tp_event+0x167/0xe70 [ 119.321130] ? arch_scale_cpu_capacity+0x17/0xa0 [ 119.321901] ? __pfx_perf_tp_event+0x10/0x10 [ 119.322615] ? __asan_memset+0x24/0x50 [ 119.323272] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 119.324162] ? __resched_curr+0x2a2/0x330 [ 119.324834] ? __pfx___resched_curr+0x10/0x10 [ 119.325574] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.326375] perf_trace_run_bpf_submit+0xef/0x180 [ 119.327157] perf_trace_lock+0x337/0x5d0 [ 119.327828] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.328571] ? lock_acquire+0x15e/0x2f0 [ 119.329212] ? futex_ref_get+0x48/0x300 [ 119.329849] ? futex_ref_get+0x114/0x300 [ 119.330495] ? futex_hash+0x15c/0x390 [ 119.331107] lock_release+0x1ab/0x290 [ 119.331725] ? futex_hash+0x15c/0x390 [ 119.332344] futex_ref_get+0x119/0x300 [ 119.332968] ? futex_hash+0x15c/0x390 [ 119.333579] futex_hash+0x70/0x390 [ 119.334155] futex_wake+0x143/0x540 [ 119.334748] ? __pfx_perf_trace_lock+0x10/0x10 [ 119.335484] ? update_curr+0x71/0x500 [ 119.336106] ? __pfx_futex_wake+0x10/0x10 [ 119.336781] ? __schedule+0x24e0/0x3590 [ 119.337426] ? lock_release+0xc8/0x290 [ 119.338059] do_futex+0x26d/0x370 [ 119.338627] ? __pfx_do_futex+0x10/0x10 [ 119.339271] ? __pfx___schedule+0x10/0x10 [ 119.339952] __x64_sys_futex+0x1c9/0x4d0 [ 119.340612] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.341357] do_syscall_64+0xbf/0x360 [ 119.341972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.342788] RIP: 0033:0x7fb3742bdb19 [ 119.343382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.346234] RSP: 002b:00007ffc8e13e108 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.347428] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3742bdb19 [ 119.348552] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb3743d0f68 [ 119.349670] RBP: 00007fb3743d0f60 R08: 00007fb371833700 R09: 0000000000000000 [ 119.350787] R10: 00007fb371833700 R11: 0000000000000246 R12: 00007fb3743d5060 [ 119.351915] R13: 00007ffc8e13e210 R14: 00007fb3743d0f60 R15: 000000000001d101 [ 119.353050] [ 119.353431] Modules linked in: [ 119.353953] ---[ end trace 0000000000000000 ]--- [ 119.354698] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.355451] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.358306] RSP: 0018:ffff888044887800 EFLAGS: 00010212 [ 119.359147] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.360275] RDX: ffff88801c923700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.361395] RBP: ffff888044887a70 R08: ffff88806cf31340 R09: ffffe8ffffd15e20 [ 119.362513] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.363631] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.364789] FS: 000055555e7b2400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 119.366050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.366969] CR2: 000055555e7b3c18 CR3: 000000001f3b8000 CR4: 0000000000350ef0 [ 119.368104] Kernel panic - not syncing: Fatal exception in interrupt [ 119.369316] Kernel Offset: disabled [ 119.369895] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:25:11 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=1ffff110085dff58 RCX=000000000000000d RDX=1ffffd1ffff82bc4 RSI=ffffffff85d09578 RDI=ffffffff85b23608 RBP=ffff888042effb68 RSP=ffff888042effa90 R8 =ffffffff8575c078 R9 =ffff88800bf47508 R10=0000000000000003 R11=0000000000000000 R12=ffffffff85b235a0 R13=ffffffff85d09590 R14=ffff888042effb40 R15=ffffe8ffffc15e20 RIP=ffffffff8150e0c7 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555839c1400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f312ea73718 CR3=000000001f861000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000ff0000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00000000000000000000000000000000 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888044887160 R8 =0000000000000000 R9 =ffffed10016cf046 R10=0000000000000033 R11=552031203a555043 R12=0000000000000033 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555e7b2400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555e7b3c18 CR3=000000001f3b8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fb3743a47c000007fb3743a47c8 XMM02=00007fb3743a47e000007fb3743a47c0 XMM03=00007fb3743a47c800007fb3743a47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000