Warning: Permanently added '[localhost]:55757' (ECDSA) to the list of known hosts. 2025/09/01 09:39:18 fuzzer started 2025/09/01 09:39:19 dialing manager at localhost:35473 syzkaller login: [ 50.281054] cgroup: Unknown subsys name 'net' [ 50.329255] cgroup: Unknown subsys name 'cpuset' [ 50.347013] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:39:28 syscalls: 2214 2025/09/01 09:39:28 code coverage: enabled 2025/09/01 09:39:28 comparison tracing: enabled 2025/09/01 09:39:28 extra coverage: enabled 2025/09/01 09:39:28 setuid sandbox: enabled 2025/09/01 09:39:28 namespace sandbox: enabled 2025/09/01 09:39:28 Android sandbox: enabled 2025/09/01 09:39:28 fault injection: enabled 2025/09/01 09:39:28 leak checking: enabled 2025/09/01 09:39:28 net packet injection: enabled 2025/09/01 09:39:28 net device setup: enabled 2025/09/01 09:39:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:39:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:39:28 USB emulation: enabled 2025/09/01 09:39:28 hci packet injection: enabled 2025/09/01 09:39:28 wifi device emulation: enabled 2025/09/01 09:39:28 802.15.4 emulation: enabled 2025/09/01 09:39:28 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:39:29 fetching corpus: 50, signal 22858/26272 (executing program) 2025/09/01 09:39:29 fetching corpus: 100, signal 42411/46731 (executing program) 2025/09/01 09:39:29 fetching corpus: 150, signal 51472/56724 (executing program) 2025/09/01 09:39:29 fetching corpus: 200, signal 57680/63845 (executing program) 2025/09/01 09:39:29 fetching corpus: 250, signal 62080/69137 (executing program) 2025/09/01 09:39:29 fetching corpus: 300, signal 66755/74536 (executing program) 2025/09/01 09:39:29 fetching corpus: 350, signal 70195/78751 (executing program) 2025/09/01 09:39:29 fetching corpus: 400, signal 73749/82937 (executing program) 2025/09/01 09:39:30 fetching corpus: 450, signal 76447/86298 (executing program) 2025/09/01 09:39:30 fetching corpus: 500, signal 80063/90374 (executing program) 2025/09/01 09:39:30 fetching corpus: 550, signal 83053/93844 (executing program) 2025/09/01 09:39:30 fetching corpus: 600, signal 84837/96237 (executing program) 2025/09/01 09:39:30 fetching corpus: 650, signal 86833/98784 (executing program) 2025/09/01 09:39:30 fetching corpus: 700, signal 90603/102669 (executing program) 2025/09/01 09:39:30 fetching corpus: 750, signal 92135/104666 (executing program) 2025/09/01 09:39:30 fetching corpus: 800, signal 94007/106942 (executing program) 2025/09/01 09:39:30 fetching corpus: 850, signal 96340/109494 (executing program) 2025/09/01 09:39:30 fetching corpus: 900, signal 97577/111192 (executing program) 2025/09/01 09:39:31 fetching corpus: 950, signal 99294/113175 (executing program) 2025/09/01 09:39:31 fetching corpus: 1000, signal 101036/115097 (executing program) 2025/09/01 09:39:31 fetching corpus: 1050, signal 102569/116899 (executing program) 2025/09/01 09:39:31 fetching corpus: 1100, signal 104228/118730 (executing program) 2025/09/01 09:39:31 fetching corpus: 1150, signal 105507/120241 (executing program) 2025/09/01 09:39:31 fetching corpus: 1200, signal 107250/122056 (executing program) 2025/09/01 09:39:31 fetching corpus: 1250, signal 108339/123340 (executing program) 2025/09/01 09:39:31 fetching corpus: 1300, signal 109638/124750 (executing program) 2025/09/01 09:39:31 fetching corpus: 1350, signal 110999/126179 (executing program) 2025/09/01 09:39:32 fetching corpus: 1400, signal 112201/127488 (executing program) 2025/09/01 09:39:32 fetching corpus: 1450, signal 114037/129175 (executing program) 2025/09/01 09:39:32 fetching corpus: 1500, signal 115471/130581 (executing program) 2025/09/01 09:39:32 fetching corpus: 1550, signal 116456/131655 (executing program) 2025/09/01 09:39:32 fetching corpus: 1600, signal 117304/132628 (executing program) 2025/09/01 09:39:32 fetching corpus: 1650, signal 117978/133497 (executing program) 2025/09/01 09:39:32 fetching corpus: 1700, signal 119175/134589 (executing program) 2025/09/01 09:39:32 fetching corpus: 1750, signal 120073/135535 (executing program) 2025/09/01 09:39:32 fetching corpus: 1800, signal 121031/136541 (executing program) 2025/09/01 09:39:32 fetching corpus: 1850, signal 121947/137454 (executing program) 2025/09/01 09:39:33 fetching corpus: 1900, signal 122860/138326 (executing program) 2025/09/01 09:39:33 fetching corpus: 1950, signal 124080/139320 (executing program) 2025/09/01 09:39:33 fetching corpus: 2000, signal 124827/140053 (executing program) 2025/09/01 09:39:33 fetching corpus: 2050, signal 125834/140873 (executing program) 2025/09/01 09:39:33 fetching corpus: 2100, signal 126927/141751 (executing program) 2025/09/01 09:39:33 fetching corpus: 2150, signal 127847/142422 (executing program) 2025/09/01 09:39:33 fetching corpus: 2200, signal 128624/143163 (executing program) 2025/09/01 09:39:33 fetching corpus: 2250, signal 130812/144401 (executing program) 2025/09/01 09:39:33 fetching corpus: 2300, signal 131461/144980 (executing program) 2025/09/01 09:39:34 fetching corpus: 2350, signal 132544/145645 (executing program) 2025/09/01 09:39:34 fetching corpus: 2400, signal 133362/146247 (executing program) 2025/09/01 09:39:34 fetching corpus: 2450, signal 133970/146726 (executing program) 2025/09/01 09:39:34 fetching corpus: 2500, signal 134862/147245 (executing program) 2025/09/01 09:39:34 fetching corpus: 2550, signal 135371/147695 (executing program) 2025/09/01 09:39:34 fetching corpus: 2600, signal 135988/148121 (executing program) 2025/09/01 09:39:34 fetching corpus: 2650, signal 136694/148551 (executing program) 2025/09/01 09:39:34 fetching corpus: 2700, signal 137367/148995 (executing program) 2025/09/01 09:39:34 fetching corpus: 2750, signal 138161/149471 (executing program) 2025/09/01 09:39:34 fetching corpus: 2800, signal 138995/149912 (executing program) 2025/09/01 09:39:35 fetching corpus: 2850, signal 139706/150263 (executing program) 2025/09/01 09:39:35 fetching corpus: 2900, signal 140266/150608 (executing program) 2025/09/01 09:39:35 fetching corpus: 2950, signal 140775/150930 (executing program) 2025/09/01 09:39:35 fetching corpus: 3000, signal 141560/151259 (executing program) 2025/09/01 09:39:35 fetching corpus: 3050, signal 142379/151578 (executing program) 2025/09/01 09:39:35 fetching corpus: 3100, signal 142987/151848 (executing program) 2025/09/01 09:39:35 fetching corpus: 3150, signal 143644/152103 (executing program) 2025/09/01 09:39:35 fetching corpus: 3200, signal 144135/152317 (executing program) 2025/09/01 09:39:35 fetching corpus: 3250, signal 144682/152501 (executing program) 2025/09/01 09:39:36 fetching corpus: 3300, signal 145085/152683 (executing program) 2025/09/01 09:39:36 fetching corpus: 3350, signal 145612/152856 (executing program) 2025/09/01 09:39:36 fetching corpus: 3400, signal 146513/153081 (executing program) 2025/09/01 09:39:36 fetching corpus: 3450, signal 147369/153322 (executing program) 2025/09/01 09:39:36 fetching corpus: 3500, signal 147937/153504 (executing program) 2025/09/01 09:39:36 fetching corpus: 3550, signal 148453/153623 (executing program) 2025/09/01 09:39:36 fetching corpus: 3600, signal 148926/153720 (executing program) 2025/09/01 09:39:36 fetching corpus: 3650, signal 149397/153801 (executing program) 2025/09/01 09:39:37 fetching corpus: 3700, signal 149955/153870 (executing program) 2025/09/01 09:39:37 fetching corpus: 3750, signal 150476/153894 (executing program) 2025/09/01 09:39:37 fetching corpus: 3772, signal 150822/153904 (executing program) 2025/09/01 09:39:37 fetching corpus: 3772, signal 150822/153904 (executing program) 2025/09/01 09:39:39 starting 8 fuzzer processes 09:39:39 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:39:39 executing program 7: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:39:39 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:39:39 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) lseek(r0, 0x0, 0x1) 09:39:39 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x40}, 0x18) 09:39:39 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) shmat(r0, &(0x7f0000ffc000/0x1000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x10000) 09:39:39 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001b80)="68eb", 0x2}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x2, 0x0) [ 70.494465] audit: type=1400 audit(1756719579.448:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:39:39 executing program 6: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 71.720276] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.724842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.727059] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.728744] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.730207] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.734477] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.737774] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.740710] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.743809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.751250] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.755478] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.756995] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.767066] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.787260] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.795499] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.797168] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.803813] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.807403] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.809129] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.812119] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.813669] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.815263] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.816627] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.822126] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.823496] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.823518] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.825283] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.828714] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.830066] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.831613] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.834774] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.835769] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.838175] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.842108] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.849704] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.855081] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.877821] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.885249] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.892035] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.918224] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.812530] Bluetooth: hci0: command tx timeout [ 73.812536] Bluetooth: hci1: command tx timeout [ 73.878943] Bluetooth: hci4: command tx timeout [ 73.879026] Bluetooth: hci2: command tx timeout [ 73.941065] Bluetooth: hci3: command tx timeout [ 73.941129] Bluetooth: hci7: command tx timeout [ 73.941698] Bluetooth: hci5: command tx timeout [ 74.004112] Bluetooth: hci6: command tx timeout [ 75.860054] Bluetooth: hci0: command tx timeout [ 75.861033] Bluetooth: hci1: command tx timeout [ 75.924008] Bluetooth: hci4: command tx timeout [ 75.926011] Bluetooth: hci2: command tx timeout [ 75.987986] Bluetooth: hci7: command tx timeout [ 75.989810] Bluetooth: hci3: command tx timeout [ 75.990222] Bluetooth: hci5: command tx timeout [ 76.053917] Bluetooth: hci6: command tx timeout [ 77.909101] Bluetooth: hci1: command tx timeout [ 77.909552] Bluetooth: hci0: command tx timeout [ 77.973943] Bluetooth: hci2: command tx timeout [ 77.974329] Bluetooth: hci4: command tx timeout [ 78.037073] Bluetooth: hci3: command tx timeout [ 78.037607] Bluetooth: hci5: command tx timeout [ 78.037729] Bluetooth: hci7: command tx timeout [ 78.099983] Bluetooth: hci6: command tx timeout [ 79.958963] Bluetooth: hci1: command tx timeout [ 79.959185] Bluetooth: hci0: command tx timeout [ 80.023054] Bluetooth: hci4: command tx timeout [ 80.023456] Bluetooth: hci2: command tx timeout [ 80.084035] Bluetooth: hci7: command tx timeout [ 80.084977] Bluetooth: hci3: command tx timeout [ 80.084984] Bluetooth: hci5: command tx timeout [ 80.148321] Bluetooth: hci6: command tx timeout [ 108.622690] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.623418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.825828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.826486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:40:18 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001b80)="68eb", 0x2}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x2, 0x0) 09:40:18 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001b80)="68eb", 0x2}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x2, 0x0) 09:40:18 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001b80)="68eb", 0x2}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x2, 0x0) 09:40:18 executing program 5: syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='smaps\x00') 09:40:18 executing program 5: syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}, 0x0) [ 109.998549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.999198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:40:18 executing program 5: syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}, 0x0) [ 110.147779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.148444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:40:19 executing program 5: syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}, 0x0) 09:40:19 executing program 5: syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}, 0x0) [ 110.460162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.461165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.642368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.643250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.730197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.731687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.819925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.820800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.940651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.941453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.999406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.000012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.029390] audit: type=1400 audit(1756719619.984:8): avc: denied { open } for pid=3881 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.035666] audit: type=1400 audit(1756719619.984:9): avc: denied { kernel } for pid=3881 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.075814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.076513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.118523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.119285] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.180120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.180704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.239563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.240350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.283943] mmap: syz-executor.4 (3896) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 111.694629] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.695489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.735650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.736268] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:40:20 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:20 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mbind(&(0x7f0000873000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2) 09:40:20 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x40}, 0x18) 09:40:20 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) shmat(r0, &(0x7f0000ffc000/0x1000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x10000) 09:40:20 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) lseek(r0, 0x0, 0x1) 09:40:20 executing program 7: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:40:20 executing program 6: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:20 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:20 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mbind(&(0x7f0000873000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2) 09:40:20 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x40}, 0x18) 09:40:20 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) lseek(r0, 0x0, 0x1) 09:40:20 executing program 7: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:40:20 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) shmat(r0, &(0x7f0000ffc000/0x1000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x10000) 09:40:21 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:21 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:21 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) shmat(r0, &(0x7f0000ffc000/0x1000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x10000) 09:40:21 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) lseek(r0, 0x0, 0x1) 09:40:21 executing program 7: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:40:21 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x40}, 0x18) 09:40:21 executing program 6: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:21 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mbind(&(0x7f0000873000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2) 09:40:21 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mbind(&(0x7f0000873000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2) 09:40:21 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:22 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:22 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:22 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:22 executing program 6: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:22 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:22 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:22 executing program 1: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:22 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 113.852248] kmemleak: Found object by alias at 0x607f1a63e69c [ 113.852284] CPU: 0 UID: 0 PID: 3979 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.852325] Tainted: [W]=WARN [ 113.852333] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.852347] Call Trace: [ 113.852356] [ 113.852366] dump_stack_lvl+0xca/0x120 [ 113.852416] __lookup_object+0x94/0xb0 [ 113.852453] delete_object_full+0x27/0x70 [ 113.852490] free_percpu+0x30/0x1160 [ 113.852527] ? arch_uprobe_clear_state+0x16/0x140 [ 113.852572] futex_hash_free+0x38/0xc0 [ 113.852616] mmput+0x2d3/0x390 [ 113.852657] do_exit+0x79d/0x2970 [ 113.852697] ? __pfx_do_exit+0x10/0x10 [ 113.852729] ? find_held_lock+0x2b/0x80 [ 113.852768] ? get_signal+0x835/0x2340 [ 113.852812] do_group_exit+0xd3/0x2a0 [ 113.852846] get_signal+0x2315/0x2340 [ 113.852906] ? __pfx_get_signal+0x10/0x10 [ 113.852943] ? do_futex+0x135/0x370 [ 113.852974] ? __pfx_do_futex+0x10/0x10 [ 113.853009] arch_do_signal_or_restart+0x80/0x790 [ 113.853047] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 113.853084] ? __x64_sys_futex+0x1c9/0x4d0 [ 113.853111] ? __x64_sys_futex+0x1d2/0x4d0 [ 113.853146] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.853177] ? xfd_validate_state+0x55/0x180 [ 113.853224] exit_to_user_mode_loop+0x8b/0x110 [ 113.853252] do_syscall_64+0x2f7/0x360 [ 113.853280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.853306] RIP: 0033:0x7fac47c23b19 [ 113.853325] Code: Unable to access opcode bytes at 0x7fac47c23aef. [ 113.853336] RSP: 002b:00007fac45199218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.853361] RAX: fffffffffffffe00 RBX: 00007fac47d36f68 RCX: 00007fac47c23b19 [ 113.853377] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fac47d36f68 [ 113.853393] RBP: 00007fac47d36f60 R08: 0000000000000000 R09: 0000000000000000 [ 113.853408] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac47d36f6c [ 113.853423] R13: 00007fff980c16bf R14: 00007fac45199300 R15: 0000000000022000 [ 113.853461] [ 113.853469] kmemleak: Object (percpu) 0x607f1a63e698 (size 8): [ 113.853484] kmemleak: comm "syz-executor.5", pid 3971, jiffies 4294780336 [ 113.853500] kmemleak: min_count = 1 [ 113.853508] kmemleak: count = 0 [ 113.853516] kmemleak: flags = 0x21 [ 113.853525] kmemleak: checksum = 0 [ 113.853533] kmemleak: backtrace: [ 113.853540] pcpu_alloc_noprof+0x87a/0x1170 [ 113.853574] perf_trace_event_init+0x366/0xa10 [ 113.853603] perf_trace_init+0x1a4/0x2f0 [ 113.853630] perf_tp_event_init+0xa6/0x120 [ 113.853664] perf_try_init_event+0x140/0x9f0 [ 113.853693] perf_event_alloc.part.0+0x118e/0x45f0 [ 113.853730] __do_sys_perf_event_open+0x719/0x2c20 [ 113.853758] do_syscall_64+0xbf/0x360 [ 113.853779] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:40:22 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:22 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:22 executing program 0: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:22 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:22 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:23 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:23 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) [ 114.078558] kmemleak: Found object by alias at 0x607f1a63e69c [ 114.078576] CPU: 1 UID: 0 PID: 3995 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.078595] Tainted: [W]=WARN [ 114.078598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.078606] Call Trace: [ 114.078610] [ 114.078615] dump_stack_lvl+0xca/0x120 [ 114.078646] __lookup_object+0x94/0xb0 [ 114.078664] delete_object_full+0x27/0x70 [ 114.078681] free_percpu+0x30/0x1160 [ 114.078698] ? arch_uprobe_clear_state+0x16/0x140 [ 114.078725] futex_hash_free+0x38/0xc0 [ 114.078742] mmput+0x2d3/0x390 [ 114.078761] do_exit+0x79d/0x2970 [ 114.078775] ? signal_wake_up_state+0x85/0x120 [ 114.078791] ? zap_other_threads+0x2b9/0x3a0 [ 114.078808] ? __pfx_do_exit+0x10/0x10 [ 114.078821] ? do_group_exit+0x1c3/0x2a0 [ 114.078835] ? lock_release+0xc8/0x290 [ 114.078853] do_group_exit+0xd3/0x2a0 [ 114.078868] __x64_sys_exit_group+0x3e/0x50 [ 114.078882] x64_sys_call+0x18c5/0x18d0 [ 114.078903] do_syscall_64+0xbf/0x360 [ 114.078917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.078929] RIP: 0033:0x7fac47c23b19 [ 114.078938] Code: Unable to access opcode bytes at 0x7fac47c23aef. [ 114.078944] RSP: 002b:00007fff980c18e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 114.078958] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fac47c23b19 [ 114.078967] RDX: 00007fac47bd672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 114.078976] RBP: 0000000000000000 R08: 0000001b2d128664 R09: 0000000000000000 [ 114.078983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.078990] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff980c19d0 [ 114.079006] [ 114.079010] kmemleak: Object (percpu) 0x607f1a63e698 (size 8): [ 114.079017] kmemleak: comm "syz-executor.7", pid 3998, jiffies 4294780634 [ 114.079024] kmemleak: min_count = 1 [ 114.079029] kmemleak: count = 0 [ 114.079032] kmemleak: flags = 0x21 [ 114.079036] kmemleak: checksum = 0 [ 114.079040] kmemleak: backtrace: [ 114.079044] pcpu_alloc_noprof+0x87a/0x1170 [ 114.079060] perf_trace_event_init+0x366/0xa10 [ 114.079074] perf_trace_init+0x1a4/0x2f0 [ 114.079086] perf_tp_event_init+0xa6/0x120 [ 114.079103] perf_try_init_event+0x140/0x9f0 [ 114.079116] perf_event_alloc.part.0+0x118e/0x45f0 [ 114.079134] __do_sys_perf_event_open+0x719/0x2c20 [ 114.079147] do_syscall_64+0xbf/0x360 [ 114.079156] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:40:23 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 09:40:23 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r2 = dup2(r0, r1) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$TCSBRKP(r2, 0x5437, 0x0) 09:40:23 executing program 3: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:40:23 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:23 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SG_GET_PACK_ID(r2, 0x2284, 0x0) 09:40:23 executing program 1: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:23 executing program 0: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) r1 = signalfd(r0, &(0x7f0000000040), 0x8) read(r0, &(0x7f0000000080)=""/136, 0x88) signalfd(r1, &(0x7f0000000140), 0x8) fcntl$getown(0xffffffffffffffff, 0x9) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:40:23 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x1c, 0x34, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x1c}], 0x1}, 0x0) 09:40:23 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x1c, 0x34, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x1c}], 0x1}, 0x0) 09:40:23 executing program 3: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:40:24 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SG_GET_PACK_ID(r2, 0x2284, 0x0) 09:40:24 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x1c, 0x34, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x1c}], 0x1}, 0x0) 09:40:24 executing program 3: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x17, &(0x7f0000000000), 0x0) 09:40:24 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SG_GET_PACK_ID(r2, 0x2284, 0x0) 09:40:24 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SG_GET_PACK_ID(r2, 0x2284, 0x0) [ 115.210409] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 115.211766] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.212666] CPU: 0 UID: 0 PID: 4036 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.214786] Tainted: [W]=WARN [ 115.215386] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.216984] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.217845] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.221006] RSP: 0018:ffff888046bb7600 EFLAGS: 00010212 [ 115.221978] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90005e28000 [ 115.223238] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.224469] RBP: ffff888046bb7870 R08: ffff88806ce31340 R09: ffffe8ffffc16698 [ 115.226260] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.227559] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.228878] FS: 00007f9516c4f700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.230558] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.231909] CR2: 000055557bd9bc18 CR3: 000000001f6bc000 CR4: 0000000000350ef0 [ 115.232627] Call Trace: [ 115.232890] [ 115.233126] ? __pfx_perf_tp_event+0x10/0x10 [ 115.233606] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.234121] perf_trace_run_bpf_submit+0xef/0x180 [ 115.234609] perf_trace_lock+0x337/0x5d0 [ 115.235019] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.235482] ? lock_acquire+0x15e/0x2f0 [ 115.235887] ? futex_ref_get+0x48/0x300 [ 115.236291] ? futex_ref_get+0x114/0x300 [ 115.236707] ? futex_hash+0x15c/0x390 [ 115.237096] lock_release+0x1ab/0x290 [ 115.237484] ? futex_hash+0x15c/0x390 [ 115.237872] futex_ref_get+0x119/0x300 [ 115.238265] ? futex_hash+0x15c/0x390 [ 115.238656] futex_hash+0x70/0x390 [ 115.239027] futex_wait_setup+0xae/0x550 [ 115.239445] __futex_wait+0x151/0x300 [ 115.239837] ? __pfx___futex_wait+0x10/0x10 [ 115.240279] ? __pfx_futex_wake_mark+0x10/0x10 [ 115.240762] futex_wait+0xde/0x380 [ 115.241132] ? __pfx_futex_wait+0x10/0x10 [ 115.241560] ? perf_trace_lock+0xb5/0x5d0 [ 115.241983] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.242504] do_futex+0x2ee/0x370 [ 115.242862] ? __pfx_do_futex+0x10/0x10 [ 115.243268] ? do_raw_spin_lock+0x123/0x260 [ 115.243708] __x64_sys_futex+0x1c9/0x4d0 [ 115.244121] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.244658] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.245121] ? kcov_ioctl+0x386/0x6c0 [ 115.245511] ? fput+0x6a/0x100 [ 115.245846] do_syscall_64+0xbf/0x360 [ 115.246230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.246750] RIP: 0033:0x7f95196d9b19 [ 115.247126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.248924] RSP: 002b:00007f9516c4f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.249684] RAX: ffffffffffffffda RBX: 00007f95197ecf68 RCX: 00007f95196d9b19 [ 115.250391] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f95197ecf68 [ 115.251097] RBP: 00007f95197ecf60 R08: 00007f9516c4f700 R09: 0000000000000000 [ 115.251809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95197ecf6c [ 115.252512] R13: 00007fff683cac0f R14: 00007f9516c4f300 R15: 0000000000022000 [ 115.253239] [ 115.253478] Modules linked in: [ 115.253811] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 115.255487] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 115.256730] CPU: 1 UID: 0 PID: 4035 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.258405] Tainted: [D]=DIE, [W]=WARN [ 115.258957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.260109] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.260812] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.263362] RSP: 0018:ffff8880167c7800 EFLAGS: 00010212 [ 115.264114] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.265138] RDX: ffff888015d10000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 115.266154] RBP: ffff8880167c7a70 R08: ffff88806cf31340 R09: ffffe8ffffd16698 [ 115.267169] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 115.268169] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.269182] FS: 0000555580bb2400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.270325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.271150] CR2: 0000555580bb3c18 CR3: 000000004430f000 CR4: 0000000000350ef0 [ 115.272156] Call Trace: [ 115.272532] [ 115.272879] ? arch_scale_cpu_capacity+0x17/0xa0 [ 115.273578] ? __pfx_perf_tp_event+0x10/0x10 [ 115.274222] ? __asan_memset+0x24/0x50 [ 115.274806] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.275472] ? __pfx___mutex_lock+0x10/0x10 [ 115.276106] ? perf_trace_lock+0xb5/0x5d0 [ 115.276744] ? kvm_sched_clock_read+0x16/0x30 [ 115.277395] ? sched_clock+0x37/0x60 [ 115.277947] ? sched_clock_cpu+0x6c/0x4e0 [ 115.278555] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.279272] perf_trace_run_bpf_submit+0xef/0x180 [ 115.279972] perf_trace_lock+0x337/0x5d0 [ 115.280558] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.281233] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.281911] ? get_futex_key+0x592/0x14a0 [ 115.282513] ? futex_ref_get+0x114/0x300 [ 115.283096] ? futex_hash+0x15c/0x390 [ 115.283644] lock_release+0x1ab/0x290 [ 115.284204] ? futex_hash+0x15c/0x390 [ 115.284758] futex_ref_get+0x119/0x300 [ 115.285320] ? futex_hash+0x15c/0x390 [ 115.285867] futex_hash+0x70/0x390 [ 115.286384] futex_wake+0x143/0x540 [ 115.286920] ? put_pid+0x1f/0x30 [ 115.287414] ? kernel_clone+0x204/0x7f0 [ 115.288000] ? __pfx_futex_wake+0x10/0x10 [ 115.288606] ? __pfx_kernel_clone+0x10/0x10 [ 115.289239] ? perf_trace_lock+0xb5/0x5d0 [ 115.289840] ? __pfx___handle_mm_fault+0x10/0x10 [ 115.290541] do_futex+0x26d/0x370 [ 115.291057] ? __pfx_do_futex+0x10/0x10 [ 115.291641] ? __pfx___do_sys_clone+0x10/0x10 [ 115.292293] ? handle_mm_fault+0x590/0x9b0 [ 115.292922] __x64_sys_futex+0x1c9/0x4d0 [ 115.293512] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.294191] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.294938] do_syscall_64+0xbf/0x360 [ 115.295493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.296238] RIP: 0033:0x7fac47c23b19 [ 115.296782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.299358] RSP: 002b:00007fff980c1738 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.300435] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fac47c23b19 [ 115.301460] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fac47d36f68 [ 115.302467] RBP: 00007fac47d36f60 R08: 00007fac45199700 R09: 0000000000000000 [ 115.303479] R10: 00007fac45199700 R11: 0000000000000246 R12: 00007fac47d3ba68 [ 115.304481] R13: 00007fff980c1840 R14: 00007fac47d36f60 R15: 000000000001c155 [ 115.305512] [ 115.305853] Modules linked in: [ 115.306322] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 115.307431] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.308187] CPU: 0 UID: 0 PID: 4036 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.309385] Tainted: [D]=DIE, [W]=WARN [ 115.309770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.310583] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.311057] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.312853] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 115.313387] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.314097] RDX: ffff888015d11b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.314806] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16698 [ 115.315509] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 115.316218] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 115.316929] FS: 00007f9516c4f700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.317730] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.318309] CR2: 000055557bd9bc18 CR3: 000000001f6bc000 CR4: 0000000000350ef0 [ 115.319024] Call Trace: [ 115.319289] [ 115.319519] ? __pfx_perf_tp_event+0x10/0x10 [ 115.319978] ? stack_depot_save_flags+0x2c/0xa20 [ 115.320470] ? kasan_save_stack+0x34/0x50 [ 115.320916] ? kasan_save_stack+0x24/0x50 [ 115.321339] ? kasan_save_track+0x14/0x30 [ 115.321755] ? __kasan_save_free_info+0x3a/0x60 [ 115.322221] ? __kasan_slab_free+0x3f/0x50 [ 115.322649] ? kmem_cache_free+0x2a1/0x540 [ 115.323071] ? rcu_core+0x7c8/0x1800 [ 115.323459] ? handle_softirqs+0x1b1/0x770 [ 115.323887] ? __irq_exit_rcu+0xc4/0x100 [ 115.324307] ? irq_exit_rcu+0x9/0x20 [ 115.324700] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 115.325219] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.325774] ? __sanitizer_cov_trace_pc+0x8/0x80 [ 115.326267] ? tracing_gen_ctx_irq_test+0xfd/0x1f0 [ 115.326771] ? perf_trace_buf_update+0x37/0x190 [ 115.327245] ? perf_tp_event+0x107/0xe70 [ 115.327653] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.328171] ? perf_trace_lock+0x337/0x5d0 [ 115.328612] ? lock_release+0x1ab/0x290 [ 115.329011] ? unwind_next_frame+0x3b7/0x2540 [ 115.329486] ? arch_stack_walk+0x86/0xf0 [ 115.329891] ? stack_trace_save+0x8e/0xc0 [ 115.330310] ? kasan_save_stack+0x24/0x50 [ 115.330728] ? kasan_record_aux_stack+0x89/0xa0 [ 115.331200] ? kmem_cache_free+0x148/0x540 [ 115.331621] ? __fput+0x67b/0xb50 [ 115.331988] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.332495] perf_trace_run_bpf_submit+0xef/0x180 [ 115.332991] perf_trace_lock+0x337/0x5d0 [ 115.333399] ? place_entity+0x1c/0x410 [ 115.333791] ? kvm_sched_clock_read+0x16/0x30 [ 115.334251] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.334707] ? check_preempt_wakeup_fair+0x6e/0x950 [ 115.335212] ? sched_ttwu_pending+0x2e0/0x4a0 [ 115.335671] lock_release+0x1ab/0x290 [ 115.336064] ? ttwu_do_activate+0x1a4/0x8a0 [ 115.336511] _raw_spin_unlock+0x16/0x40 [ 115.336921] sched_ttwu_pending+0x2e0/0x4a0 [ 115.337374] ? __pfx_try_to_wake_up+0x10/0x10 [ 115.337841] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 115.338343] ? hrtimer_interrupt+0x652/0x830 [ 115.338803] __flush_smp_call_function_queue+0x434/0x740 [ 115.339368] __sysvec_call_function_single+0x6d/0x370 [ 115.339909] sysvec_call_function_single+0xa1/0xc0 [ 115.340423] [ 115.340672] [ 115.340911] asm_sysvec_call_function_single+0x1a/0x20 [ 115.341450] RIP: 0010:oops_exit+0x0/0x50 [ 115.341870] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 115.343702] RSP: 0018:ffff888046bb7490 EFLAGS: 00000202 [ 115.344242] RAX: 0000000000026388 RBX: 0000000000000216 RCX: ffffc90005e28000 [ 115.344971] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 115.345696] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 115.346412] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046bb7558 [ 115.347130] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 115.347860] ? oops_end+0x4a/0xe0 [ 115.348230] oops_end+0x65/0xe0 [ 115.348581] exc_general_protection+0x1a2/0x330 [ 115.349080] asm_exc_general_protection+0x26/0x30 [ 115.349577] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.350069] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.351918] RSP: 0018:ffff888046bb7600 EFLAGS: 00010212 [ 115.352466] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90005e28000 [ 115.353196] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.353914] RBP: ffff888046bb7870 R08: ffff88806ce31340 R09: ffffe8ffffc16698 [ 115.354636] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.355363] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.356096] ? perf_tp_event+0x167/0xe70 [ 115.356530] ? __pfx_perf_tp_event+0x10/0x10 [ 115.357029] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.357546] perf_trace_run_bpf_submit+0xef/0x180 [ 115.358051] perf_trace_lock+0x337/0x5d0 [ 115.358478] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.358950] ? lock_acquire+0x15e/0x2f0 [ 115.359364] ? futex_ref_get+0x48/0x300 [ 115.359772] ? futex_ref_get+0x114/0x300 [ 115.360191] ? futex_hash+0x15c/0x390 [ 115.360589] lock_release+0x1ab/0x290 [ 115.360998] ? futex_hash+0x15c/0x390 [ 115.361395] futex_ref_get+0x119/0x300 [ 115.361802] ? futex_hash+0x15c/0x390 [ 115.362186] futex_hash+0x70/0x390 [ 115.362561] futex_wait_setup+0xae/0x550 [ 115.362995] __futex_wait+0x151/0x300 [ 115.363398] ? __pfx___futex_wait+0x10/0x10 [ 115.363851] ? __pfx_futex_wake_mark+0x10/0x10 [ 115.364340] futex_wait+0xde/0x380 [ 115.364727] ? __pfx_futex_wait+0x10/0x10 [ 115.365154] ? perf_trace_lock+0xb5/0x5d0 [ 115.365592] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.366131] do_futex+0x2ee/0x370 [ 115.366502] ? __pfx_do_futex+0x10/0x10 [ 115.366915] ? do_raw_spin_lock+0x123/0x260 [ 115.367365] __x64_sys_futex+0x1c9/0x4d0 [ 115.367787] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.368328] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.368817] ? kcov_ioctl+0x386/0x6c0 [ 115.369210] ? fput+0x6a/0x100 [ 115.369559] do_syscall_64+0xbf/0x360 [ 115.369956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.370490] RIP: 0033:0x7f95196d9b19 [ 115.370874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.372720] RSP: 002b:00007f9516c4f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.373494] RAX: ffffffffffffffda RBX: 00007f95197ecf68 RCX: 00007f95196d9b19 [ 115.374215] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f95197ecf68 [ 115.374936] RBP: 00007f95197ecf60 R08: 00007f9516c4f700 R09: 0000000000000000 [ 115.375663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95197ecf6c [ 115.376385] R13: 00007fff683cac0f R14: 00007f9516c4f300 R15: 0000000000022000 [ 115.377120] [ 115.377367] Modules linked in: [ 115.377701] ---[ end trace 0000000000000000 ]--- [ 115.377704] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 115.378183] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.379834] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 115.380302] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.381601] CPU: 1 UID: 0 PID: 4035 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.383432] RSP: 0018:ffff888046bb7600 EFLAGS: 00010212 [ 115.385203] Tainted: [D]=DIE, [W]=WARN [ 115.385732] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90005e28000 [ 115.386306] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.387017] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.388248] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.388976] RBP: ffff888046bb7870 R08: ffff88806ce31340 R09: ffffe8ffffc16698 [ 115.389667] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.390383] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.393098] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 115.393818] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.393822] [ 115.393833] FS: 00007f9516c4f700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.394617] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.395342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.395602] RDX: ffff888015d10000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 115.396409] CR2: 000055557bd9bc18 CR3: 000000001f6bc000 CR4: 0000000000350ef0 [ 115.397489] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16698 [ 115.398083] Kernel panic - not syncing: Fatal exception in interrupt [ 116.443896] Shutting down cpus with NMI [ 116.446118] Kernel Offset: disabled [ 116.446411] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:40:24 Registers: info registers vcpu 0 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888046bb6f70 R8 =0000000000000000 R9 =ffffed10017a6046 R10=0000000000000037 R11=3838666666662052 R12=0000000000000037 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f9516c4f700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055557bd9bc18 CR3=000000001f6bc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f95197c07c000007f95197c07c8 XMM02=00007f95197c07e000007f95197c07c0 XMM03=00007f95197c07c800007f95197c07c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff8880167c75b0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff11002cf8eb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff8880167c75e8 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555580bb2400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555580bb3c18 CR3=000000004430f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fac47d0a7c000007fac47d0a7c8 XMM02=00007fac47d0a7e000007fac47d0a7c0 XMM03=00007fac47d0a7c800007fac47d0a7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000