Warning: Permanently added '[localhost]:55590' (ECDSA) to the list of known hosts. 2025/09/01 09:56:23 fuzzer started 2025/09/01 09:56:23 dialing manager at localhost:35473 syzkaller login: [ 50.951211] cgroup: Unknown subsys name 'net' [ 51.101826] cgroup: Unknown subsys name 'cpuset' [ 51.127125] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:56:34 syscalls: 2214 2025/09/01 09:56:34 code coverage: enabled 2025/09/01 09:56:34 comparison tracing: enabled 2025/09/01 09:56:34 extra coverage: enabled 2025/09/01 09:56:34 setuid sandbox: enabled 2025/09/01 09:56:34 namespace sandbox: enabled 2025/09/01 09:56:34 Android sandbox: enabled 2025/09/01 09:56:34 fault injection: enabled 2025/09/01 09:56:34 leak checking: enabled 2025/09/01 09:56:34 net packet injection: enabled 2025/09/01 09:56:34 net device setup: enabled 2025/09/01 09:56:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:56:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:56:34 USB emulation: enabled 2025/09/01 09:56:34 hci packet injection: enabled 2025/09/01 09:56:34 wifi device emulation: enabled 2025/09/01 09:56:34 802.15.4 emulation: enabled 2025/09/01 09:56:34 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:56:34 fetching corpus: 50, signal 25163/28514 (executing program) 2025/09/01 09:56:34 fetching corpus: 100, signal 35475/40116 (executing program) 2025/09/01 09:56:34 fetching corpus: 150, signal 42798/48645 (executing program) 2025/09/01 09:56:34 fetching corpus: 200, signal 55436/61984 (executing program) 2025/09/01 09:56:34 fetching corpus: 250, signal 58701/66340 (executing program) 2025/09/01 09:56:34 fetching corpus: 300, signal 62691/71288 (executing program) 2025/09/01 09:56:35 fetching corpus: 350, signal 66357/75817 (executing program) 2025/09/01 09:56:35 fetching corpus: 400, signal 68579/78994 (executing program) 2025/09/01 09:56:35 fetching corpus: 450, signal 71632/82802 (executing program) 2025/09/01 09:56:35 fetching corpus: 500, signal 75260/87095 (executing program) 2025/09/01 09:56:35 fetching corpus: 550, signal 78132/90597 (executing program) 2025/09/01 09:56:35 fetching corpus: 600, signal 81158/94200 (executing program) 2025/09/01 09:56:35 fetching corpus: 650, signal 86360/99454 (executing program) 2025/09/01 09:56:35 fetching corpus: 700, signal 89230/102789 (executing program) 2025/09/01 09:56:35 fetching corpus: 750, signal 90950/105074 (executing program) 2025/09/01 09:56:36 fetching corpus: 800, signal 92536/107190 (executing program) 2025/09/01 09:56:36 fetching corpus: 850, signal 94712/109763 (executing program) 2025/09/01 09:56:36 fetching corpus: 900, signal 96498/111944 (executing program) 2025/09/01 09:56:36 fetching corpus: 950, signal 98684/114463 (executing program) 2025/09/01 09:56:36 fetching corpus: 1000, signal 99884/116101 (executing program) 2025/09/01 09:56:36 fetching corpus: 1050, signal 101945/118445 (executing program) 2025/09/01 09:56:36 fetching corpus: 1100, signal 103571/120367 (executing program) 2025/09/01 09:56:36 fetching corpus: 1150, signal 105275/122306 (executing program) 2025/09/01 09:56:36 fetching corpus: 1200, signal 107211/124347 (executing program) 2025/09/01 09:56:37 fetching corpus: 1250, signal 108035/125586 (executing program) 2025/09/01 09:56:37 fetching corpus: 1300, signal 109568/127310 (executing program) 2025/09/01 09:56:37 fetching corpus: 1350, signal 111715/129372 (executing program) 2025/09/01 09:56:37 fetching corpus: 1400, signal 112960/130765 (executing program) 2025/09/01 09:56:37 fetching corpus: 1450, signal 113819/131929 (executing program) 2025/09/01 09:56:37 fetching corpus: 1500, signal 114572/132964 (executing program) 2025/09/01 09:56:37 fetching corpus: 1550, signal 115598/134204 (executing program) 2025/09/01 09:56:37 fetching corpus: 1600, signal 116511/135417 (executing program) 2025/09/01 09:56:37 fetching corpus: 1650, signal 117429/136550 (executing program) 2025/09/01 09:56:37 fetching corpus: 1700, signal 118462/137659 (executing program) 2025/09/01 09:56:37 fetching corpus: 1750, signal 119652/138899 (executing program) 2025/09/01 09:56:38 fetching corpus: 1800, signal 120519/139906 (executing program) 2025/09/01 09:56:38 fetching corpus: 1850, signal 121173/140764 (executing program) 2025/09/01 09:56:38 fetching corpus: 1900, signal 121977/141711 (executing program) 2025/09/01 09:56:38 fetching corpus: 1950, signal 123539/142984 (executing program) 2025/09/01 09:56:38 fetching corpus: 2000, signal 124419/143959 (executing program) 2025/09/01 09:56:38 fetching corpus: 2050, signal 125650/145070 (executing program) 2025/09/01 09:56:38 fetching corpus: 2100, signal 126589/146077 (executing program) 2025/09/01 09:56:38 fetching corpus: 2150, signal 127444/146972 (executing program) 2025/09/01 09:56:38 fetching corpus: 2200, signal 128315/147811 (executing program) 2025/09/01 09:56:38 fetching corpus: 2250, signal 128740/148467 (executing program) 2025/09/01 09:56:39 fetching corpus: 2300, signal 129339/149170 (executing program) 2025/09/01 09:56:39 fetching corpus: 2350, signal 130285/150084 (executing program) 2025/09/01 09:56:39 fetching corpus: 2400, signal 131056/150828 (executing program) 2025/09/01 09:56:39 fetching corpus: 2450, signal 131915/151574 (executing program) 2025/09/01 09:56:39 fetching corpus: 2500, signal 132941/152340 (executing program) 2025/09/01 09:56:39 fetching corpus: 2550, signal 134401/153320 (executing program) 2025/09/01 09:56:39 fetching corpus: 2600, signal 135360/154002 (executing program) 2025/09/01 09:56:39 fetching corpus: 2650, signal 136115/154634 (executing program) 2025/09/01 09:56:39 fetching corpus: 2700, signal 136849/155202 (executing program) 2025/09/01 09:56:40 fetching corpus: 2750, signal 137710/155804 (executing program) 2025/09/01 09:56:40 fetching corpus: 2800, signal 138297/156308 (executing program) 2025/09/01 09:56:40 fetching corpus: 2850, signal 138975/156867 (executing program) 2025/09/01 09:56:40 fetching corpus: 2900, signal 139699/157344 (executing program) 2025/09/01 09:56:40 fetching corpus: 2950, signal 140374/157852 (executing program) 2025/09/01 09:56:40 fetching corpus: 3000, signal 140990/158296 (executing program) 2025/09/01 09:56:40 fetching corpus: 3050, signal 141732/158745 (executing program) 2025/09/01 09:56:40 fetching corpus: 3100, signal 142333/159211 (executing program) 2025/09/01 09:56:40 fetching corpus: 3150, signal 142843/159590 (executing program) 2025/09/01 09:56:40 fetching corpus: 3200, signal 143399/159970 (executing program) 2025/09/01 09:56:40 fetching corpus: 3250, signal 143977/160368 (executing program) 2025/09/01 09:56:41 fetching corpus: 3300, signal 144759/160777 (executing program) 2025/09/01 09:56:41 fetching corpus: 3350, signal 145818/161167 (executing program) 2025/09/01 09:56:41 fetching corpus: 3400, signal 146292/161439 (executing program) 2025/09/01 09:56:41 fetching corpus: 3450, signal 146683/161712 (executing program) 2025/09/01 09:56:41 fetching corpus: 3500, signal 147076/161996 (executing program) 2025/09/01 09:56:41 fetching corpus: 3550, signal 147743/162279 (executing program) 2025/09/01 09:56:41 fetching corpus: 3600, signal 148328/162538 (executing program) 2025/09/01 09:56:41 fetching corpus: 3650, signal 148870/162766 (executing program) 2025/09/01 09:56:41 fetching corpus: 3700, signal 149638/163064 (executing program) 2025/09/01 09:56:41 fetching corpus: 3750, signal 150198/163283 (executing program) 2025/09/01 09:56:41 fetching corpus: 3800, signal 150993/163504 (executing program) 2025/09/01 09:56:41 fetching corpus: 3850, signal 151441/163714 (executing program) 2025/09/01 09:56:42 fetching corpus: 3900, signal 152231/163913 (executing program) 2025/09/01 09:56:42 fetching corpus: 3950, signal 152674/164084 (executing program) 2025/09/01 09:56:42 fetching corpus: 4000, signal 153475/164234 (executing program) 2025/09/01 09:56:42 fetching corpus: 4050, signal 154017/164236 (executing program) 2025/09/01 09:56:42 fetching corpus: 4100, signal 154554/164241 (executing program) 2025/09/01 09:56:42 fetching corpus: 4150, signal 155122/164289 (executing program) 2025/09/01 09:56:42 fetching corpus: 4200, signal 155713/164292 (executing program) 2025/09/01 09:56:42 fetching corpus: 4250, signal 156047/164298 (executing program) 2025/09/01 09:56:42 fetching corpus: 4300, signal 156501/164310 (executing program) 2025/09/01 09:56:42 fetching corpus: 4350, signal 157126/164314 (executing program) 2025/09/01 09:56:43 fetching corpus: 4400, signal 157497/164323 (executing program) 2025/09/01 09:56:43 fetching corpus: 4450, signal 157931/164332 (executing program) 2025/09/01 09:56:43 fetching corpus: 4500, signal 158509/164412 (executing program) 2025/09/01 09:56:43 fetching corpus: 4550, signal 158798/164421 (executing program) 2025/09/01 09:56:43 fetching corpus: 4600, signal 159237/164445 (executing program) 2025/09/01 09:56:43 fetching corpus: 4650, signal 159596/164459 (executing program) 2025/09/01 09:56:43 fetching corpus: 4700, signal 159943/164507 (executing program) 2025/09/01 09:56:43 fetching corpus: 4750, signal 160324/164513 (executing program) 2025/09/01 09:56:43 fetching corpus: 4800, signal 160698/164529 (executing program) 2025/09/01 09:56:43 fetching corpus: 4850, signal 161216/164534 (executing program) 2025/09/01 09:56:43 fetching corpus: 4900, signal 161624/164572 (executing program) 2025/09/01 09:56:43 fetching corpus: 4926, signal 161794/164582 (executing program) 2025/09/01 09:56:43 fetching corpus: 4926, signal 161794/164582 (executing program) 2025/09/01 09:56:46 starting 8 fuzzer processes 09:56:46 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/8250_core', 0x0, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) 09:56:46 executing program 6: r0 = eventfd(0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 09:56:46 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, 0x0, 0x0) 09:56:46 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x6) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 09:56:46 executing program 3: clock_adjtime(0x0, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe252a097ffffffff}) 09:56:46 executing program 7: mremap(&(0x7f0000ffe000/0x2000)=nil, 0x7ffffffff000, 0x2000, 0x3, &(0x7f0000ff9000/0x2000)=nil) 09:56:46 executing program 5: syz_mount_image$msdos(0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)) 09:56:46 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000000)={0xb8, 0x13, 0x1, 0x0, 0x0, "", [@nested={0xa5, 0x0, 0x0, 0x1, [@generic="c54df736d4b954476eb4ae83d075b49c41c4ac86c8caa3a043768ea150d2b20000180085332d3a3aa4ee34393f82045507025fc9177977b82c3bc3716c9eb824b80d58792c65d8b140ad133fc32a167a17bd248ce25252df11d54c79f5fc110b35d4d9566f090509e9fc790c2e46207a0a52b3087dcaccd0c1bcd508276e5c7e46d41a4ace1739350e85a4a4c40a796c07df96a15505486c862ed04b419fe18665"]}]}, 0xb8}], 0x1}, 0x0) [ 73.949473] audit: type=1400 audit(1756720606.515:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 75.189368] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.196116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.199804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.205688] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.208762] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.323282] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.329002] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.330540] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.332635] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.334212] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.339128] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.345150] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.346173] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.348556] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.350447] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.351925] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.353372] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.353556] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.360297] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.364259] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.364489] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.369279] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.369601] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.381200] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.390081] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.395080] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.396366] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.399517] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.402367] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.411259] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.418164] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.419539] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.427573] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 75.438207] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.445482] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.446715] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.448828] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.455417] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.459127] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.471017] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.283427] Bluetooth: hci0: command tx timeout [ 77.474424] Bluetooth: hci3: command tx timeout [ 77.474475] Bluetooth: hci2: command tx timeout [ 77.475307] Bluetooth: hci1: command tx timeout [ 77.475538] Bluetooth: hci4: command tx timeout [ 77.538129] Bluetooth: hci6: command tx timeout [ 77.538154] Bluetooth: hci7: command tx timeout [ 77.539082] Bluetooth: hci5: command tx timeout [ 79.330051] Bluetooth: hci0: command tx timeout [ 79.521951] Bluetooth: hci3: command tx timeout [ 79.522128] Bluetooth: hci4: command tx timeout [ 79.522385] Bluetooth: hci1: command tx timeout [ 79.523413] Bluetooth: hci2: command tx timeout [ 79.585949] Bluetooth: hci7: command tx timeout [ 79.585967] Bluetooth: hci5: command tx timeout [ 79.585992] Bluetooth: hci6: command tx timeout [ 81.377915] Bluetooth: hci0: command tx timeout [ 81.569935] Bluetooth: hci1: command tx timeout [ 81.570012] Bluetooth: hci4: command tx timeout [ 81.570504] Bluetooth: hci3: command tx timeout [ 81.571529] Bluetooth: hci2: command tx timeout [ 81.633972] Bluetooth: hci7: command tx timeout [ 81.634091] Bluetooth: hci5: command tx timeout [ 81.634936] Bluetooth: hci6: command tx timeout [ 83.426946] Bluetooth: hci0: command tx timeout [ 83.618054] Bluetooth: hci1: command tx timeout [ 83.618195] Bluetooth: hci2: command tx timeout [ 83.618620] Bluetooth: hci4: command tx timeout [ 83.619996] Bluetooth: hci3: command tx timeout [ 83.683041] Bluetooth: hci5: command tx timeout [ 83.683447] Bluetooth: hci6: command tx timeout [ 83.683483] Bluetooth: hci7: command tx timeout [ 112.288497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.289492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.528246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.528825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.854027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.854602] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.015679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.016399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:57:25 executing program 7: mremap(&(0x7f0000ffe000/0x2000)=nil, 0x7ffffffff000, 0x2000, 0x3, &(0x7f0000ff9000/0x2000)=nil) 09:57:25 executing program 7: mremap(&(0x7f0000ffe000/0x2000)=nil, 0x7ffffffff000, 0x2000, 0x3, &(0x7f0000ff9000/0x2000)=nil) [ 113.459466] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.460071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:57:26 executing program 7: mremap(&(0x7f0000ffe000/0x2000)=nil, 0x7ffffffff000, 0x2000, 0x3, &(0x7f0000ff9000/0x2000)=nil) 09:57:26 executing program 5: syz_mount_image$msdos(0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)) [ 113.642991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.643590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:57:26 executing program 7: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) [ 113.771959] kmemleak: Found object by alias at 0x607f1a63e454 [ 113.771978] CPU: 0 UID: 0 PID: 3764 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.771997] Tainted: [W]=WARN [ 113.772001] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.772008] Call Trace: [ 113.772012] [ 113.772017] dump_stack_lvl+0xca/0x120 [ 113.772048] __lookup_object+0x94/0xb0 [ 113.772067] delete_object_full+0x27/0x70 [ 113.772083] free_percpu+0x30/0x1160 [ 113.772100] ? arch_uprobe_clear_state+0x16/0x140 [ 113.772121] futex_hash_free+0x38/0xc0 [ 113.772136] mmput+0x2d3/0x390 [ 113.772155] do_exit+0x79d/0x2970 [ 113.772169] ? signal_wake_up_state+0x85/0x120 [ 113.772185] ? zap_other_threads+0x2b9/0x3a0 [ 113.772202] ? __pfx_do_exit+0x10/0x10 [ 113.772215] ? do_group_exit+0x1c3/0x2a0 [ 113.772229] ? lock_release+0xc8/0x290 [ 113.772246] do_group_exit+0xd3/0x2a0 [ 113.772261] __x64_sys_exit_group+0x3e/0x50 [ 113.772276] x64_sys_call+0x18c5/0x18d0 [ 113.772292] do_syscall_64+0xbf/0x360 [ 113.772305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.772316] RIP: 0033:0x7feae1fafb19 [ 113.772325] Code: Unable to access opcode bytes at 0x7feae1fafaef. [ 113.772331] RSP: 002b:00007ffc7df8cda8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 113.772343] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007feae1fafb19 [ 113.772350] RDX: 00007feae1f6272b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 113.772358] RBP: 0000000000000000 R08: 0000001b2d22001c R09: 0000000000000000 [ 113.772365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.772372] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc7df8ce90 [ 113.772387] [ 113.772391] kmemleak: Object (percpu) 0x607f1a63e450 (size 8): [ 113.772398] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294780369 [ 113.772405] kmemleak: min_count = 1 [ 113.772409] kmemleak: count = 0 [ 113.772413] kmemleak: flags = 0x21 [ 113.772417] kmemleak: checksum = 0 [ 113.772421] kmemleak: backtrace: [ 113.772424] pcpu_alloc_noprof+0x87a/0x1170 [ 113.772440] fib_nh_common_init+0x30/0xd0 [ 113.772454] fib6_nh_init+0x968/0x1a00 [ 113.772465] ip6_route_info_create_nh+0x530/0xf80 [ 113.772476] ip6_route_add.part.0+0x59/0x170 [ 113.772487] ip6_route_add+0x48/0x60 [ 113.772497] addrconf_add_mroute+0x12d/0x190 [ 113.772509] addrconf_add_dev+0x148/0x1c0 [ 113.772523] addrconf_dev_config+0x1e9/0x430 [ 113.772538] addrconf_notify+0xa70/0x1920 [ 113.772548] notifier_call_chain+0xc0/0x360 [ 113.772559] call_netdevice_notifiers_info+0xbe/0x140 [ 113.772572] netif_state_change+0x157/0x330 [ 113.772582] linkwatch_do_dev+0x111/0x150 [ 113.772593] __linkwatch_run_queue+0x2ab/0x710 [ 113.772604] linkwatch_event+0x4e/0x70 09:57:26 executing program 5: syz_mount_image$msdos(0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)) 09:57:26 executing program 7: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) [ 113.977542] kmemleak: Found object by alias at 0x607f1a63e454 [ 113.977569] CPU: 1 UID: 0 PID: 3783 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.977602] Tainted: [W]=WARN [ 113.977609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.977621] Call Trace: [ 113.977628] [ 113.977636] dump_stack_lvl+0xca/0x120 [ 113.977678] __lookup_object+0x94/0xb0 [ 113.977708] delete_object_full+0x27/0x70 [ 113.977738] free_percpu+0x30/0x1160 [ 113.977768] ? arch_uprobe_clear_state+0x16/0x140 [ 113.977804] futex_hash_free+0x38/0xc0 [ 113.977830] mmput+0x2d3/0x390 [ 113.977871] do_exit+0x79d/0x2970 [ 113.977903] ? __pfx_do_exit+0x10/0x10 [ 113.977930] ? find_held_lock+0x2b/0x80 [ 113.977962] ? get_signal+0x835/0x2340 [ 113.977999] do_group_exit+0xd3/0x2a0 [ 113.978026] get_signal+0x2315/0x2340 [ 113.978057] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.978082] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 113.978115] ? __pfx_get_signal+0x10/0x10 [ 113.978146] ? do_futex+0x135/0x370 [ 113.978171] ? __pfx_do_futex+0x10/0x10 [ 113.978199] arch_do_signal_or_restart+0x80/0x790 [ 113.978231] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 113.978262] ? __x64_sys_futex+0x1c9/0x4d0 [ 113.978285] ? __x64_sys_futex+0x1d2/0x4d0 [ 113.978313] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.978339] ? xfd_validate_state+0x55/0x180 [ 113.978377] exit_to_user_mode_loop+0x8b/0x110 [ 113.978400] do_syscall_64+0x2f7/0x360 [ 113.978423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.978445] RIP: 0033:0x7feae1fafb19 [ 113.978461] Code: Unable to access opcode bytes at 0x7feae1fafaef. [ 113.978470] RSP: 002b:00007feadf525218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.978491] RAX: fffffffffffffe00 RBX: 00007feae20c2f68 RCX: 00007feae1fafb19 [ 113.978505] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feae20c2f68 [ 113.978518] RBP: 00007feae20c2f60 R08: 0000000000000000 R09: 0000000000000000 [ 113.978531] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feae20c2f6c [ 113.978544] R13: 00007ffc7df8cb7f R14: 00007feadf525300 R15: 0000000000022000 [ 113.978573] [ 113.978579] kmemleak: Object (percpu) 0x607f1a63e450 (size 8): [ 113.978592] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294780369 [ 113.978604] kmemleak: min_count = 1 [ 113.978611] kmemleak: count = 0 [ 113.978618] kmemleak: flags = 0x21 [ 113.978625] kmemleak: checksum = 0 [ 113.978632] kmemleak: backtrace: [ 113.978638] pcpu_alloc_noprof+0x87a/0x1170 [ 113.978666] fib_nh_common_init+0x30/0xd0 [ 113.978690] fib6_nh_init+0x968/0x1a00 [ 113.978709] ip6_route_info_create_nh+0x530/0xf80 [ 113.978729] ip6_route_add.part.0+0x59/0x170 [ 113.978749] ip6_route_add+0x48/0x60 [ 113.978767] addrconf_add_mroute+0x12d/0x190 [ 113.978788] addrconf_add_dev+0x148/0x1c0 [ 113.978814] addrconf_dev_config+0x1e9/0x430 [ 113.978842] addrconf_notify+0xa70/0x1920 [ 113.978859] notifier_call_chain+0xc0/0x360 [ 113.978877] call_netdevice_notifiers_info+0xbe/0x140 [ 113.978899] netif_state_change+0x157/0x330 [ 113.978917] linkwatch_do_dev+0x111/0x150 [ 113.978938] __linkwatch_run_queue+0x2ab/0x710 [ 113.978958] linkwatch_event+0x4e/0x70 09:57:26 executing program 5: syz_mount_image$msdos(0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)) [ 114.223478] kmemleak: Found object by alias at 0x607f1a63e454 [ 114.223506] CPU: 1 UID: 0 PID: 3799 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.223537] Tainted: [W]=WARN [ 114.223544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.223555] Call Trace: [ 114.223561] [ 114.223569] dump_stack_lvl+0xca/0x120 [ 114.223608] __lookup_object+0x94/0xb0 [ 114.223635] delete_object_full+0x27/0x70 [ 114.223663] free_percpu+0x30/0x1160 [ 114.223690] ? arch_uprobe_clear_state+0x16/0x140 [ 114.223723] futex_hash_free+0x38/0xc0 [ 114.223747] mmput+0x2d3/0x390 [ 114.223778] do_exit+0x79d/0x2970 [ 114.223801] ? signal_wake_up_state+0x85/0x120 [ 114.223827] ? zap_other_threads+0x2b9/0x3a0 [ 114.223861] ? __pfx_do_exit+0x10/0x10 [ 114.223883] ? do_group_exit+0x1c3/0x2a0 [ 114.223906] ? lock_release+0xc8/0x290 [ 114.223934] do_group_exit+0xd3/0x2a0 [ 114.223959] __x64_sys_exit_group+0x3e/0x50 [ 114.223983] x64_sys_call+0x18c5/0x18d0 [ 114.224009] do_syscall_64+0xbf/0x360 [ 114.224030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.224049] RIP: 0033:0x7feae1fafb19 [ 114.224063] Code: Unable to access opcode bytes at 0x7feae1fafaef. [ 114.224072] RSP: 002b:00007ffc7df8cda8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 114.224091] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007feae1fafb19 [ 114.224104] RDX: 00007feae1f6272b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 114.224116] RBP: 0000000000000000 R08: 0000001b2d22001c R09: 0000000000000000 [ 114.224128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.224139] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc7df8ce90 [ 114.224164] [ 114.224171] kmemleak: Object (percpu) 0x607f1a63e450 (size 8): [ 114.224182] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294780369 [ 114.224194] kmemleak: min_count = 1 [ 114.224200] kmemleak: count = 0 [ 114.224206] kmemleak: flags = 0x21 [ 114.224213] kmemleak: checksum = 0 [ 114.224219] kmemleak: backtrace: [ 114.224224] pcpu_alloc_noprof+0x87a/0x1170 [ 114.224250] fib_nh_common_init+0x30/0xd0 [ 114.224272] fib6_nh_init+0x968/0x1a00 [ 114.224290] ip6_route_info_create_nh+0x530/0xf80 [ 114.224308] ip6_route_add.part.0+0x59/0x170 [ 114.224326] ip6_route_add+0x48/0x60 [ 114.224343] addrconf_add_mroute+0x12d/0x190 [ 114.224363] addrconf_add_dev+0x148/0x1c0 [ 114.224386] addrconf_dev_config+0x1e9/0x430 [ 114.224411] addrconf_notify+0xa70/0x1920 [ 114.224427] notifier_call_chain+0xc0/0x360 [ 114.224444] call_netdevice_notifiers_info+0xbe/0x140 [ 114.224464] netif_state_change+0x157/0x330 [ 114.224480] linkwatch_do_dev+0x111/0x150 [ 114.224499] __linkwatch_run_queue+0x2ab/0x710 [ 114.224517] linkwatch_event+0x4e/0x70 [ 114.923659] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.924309] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.973901] kmemleak: Cannot insert 0x607f1a63e454 into the object search tree (overlaps existing) [ 114.973917] CPU: 1 UID: 0 PID: 280 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.973936] Tainted: [W]=WARN [ 114.973939] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.973947] Call Trace: [ 114.973951] [ 114.973956] dump_stack_lvl+0xca/0x120 [ 114.973981] __link_object+0x190/0x210 [ 114.973999] __create_object+0x48/0x80 [ 114.974017] pcpu_alloc_noprof+0x87a/0x1170 [ 114.974042] alloc_netdev_mqs+0x131/0x1360 [ 114.974060] ? __pfx_ieee80211_if_setup+0x10/0x10 [ 114.974081] ieee80211_if_add+0x1d9/0x1510 [ 114.974100] ? ieee80211_init_rate_ctrl_alg+0x83/0x650 [ 114.974115] ieee80211_register_hw+0x3538/0x3e00 [ 114.974138] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 114.974153] ? net_generic+0x25/0x2a0 [ 114.974172] ? find_held_lock+0x2b/0x80 [ 114.974192] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 114.974209] ? __hrtimer_setup+0x1a4/0x2c0 [ 114.974230] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 114.974253] ? __nla_validate_parse+0x2e6/0x2880 [ 114.974271] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 114.974290] hwsim_new_radio_nl+0xb0d/0x1250 [ 114.974303] ? kasan_save_track+0x14/0x30 [ 114.974320] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 114.974340] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bc/0x290 [ 114.974354] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 114.974371] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 114.974384] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 114.974404] ? security_capable+0x2f/0x90 [ 114.974420] ? ns_capable+0xe2/0x120 [ 114.974439] genl_rcv_msg+0x532/0x7e0 [ 114.974454] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.974467] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 114.974484] ? __lock_acquire+0x694/0x1b70 [ 114.974499] netlink_rcv_skb+0x147/0x430 [ 114.974518] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.974532] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.974558] ? netlink_deliver_tap+0x1ae/0xce0 [ 114.974574] ? selinux_netlink_send+0x507/0x880 [ 114.974588] ? is_vmalloc_addr+0x86/0xa0 [ 114.974608] genl_rcv+0x28/0x40 [ 114.974618] netlink_unicast+0x5a7/0x870 [ 114.974639] ? __pfx_netlink_unicast+0x10/0x10 [ 114.974664] netlink_sendmsg+0x8ac/0xd80 [ 114.974685] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.974711] __sys_sendto+0x506/0x570 [ 114.974729] ? __pfx___sys_sendto+0x10/0x10 [ 114.974758] ? fput_close_sync+0x114/0x240 [ 114.974776] ? __pfx_fput_close_sync+0x10/0x10 [ 114.974791] ? dnotify_flush+0x79/0x4c0 [ 114.974802] ? xfd_validate_state+0x55/0x180 [ 114.974823] __x64_sys_sendto+0xe1/0x1c0 [ 114.974839] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 114.974860] do_syscall_64+0xbf/0x360 [ 114.974874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.974886] RIP: 0033:0x7faecaaeb8ac [ 114.974896] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 114.974907] RSP: 002b:00007fff9ff30580 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 114.974919] RAX: ffffffffffffffda RBX: 00007faecbb84320 RCX: 00007faecaaeb8ac [ 114.974927] RDX: 0000000000000024 RSI: 00007faecbb84370 RDI: 0000000000000003 [ 114.974934] RBP: 0000000000000000 R08: 00007fff9ff305d4 R09: 000000000000000c [ 114.974941] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 114.974948] R13: 00007faecbb84370 R14: 0000000000000003 R15: 0000000000000000 [ 114.974964] [ 114.975476] kmemleak: Kernel memory leak detector disabled [ 114.975481] kmemleak: Object (percpu) 0x607f1a63e450 (size 8): [ 114.975488] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294780369 [ 114.975495] kmemleak: min_count = 1 [ 114.975499] kmemleak: count = 0 [ 114.975502] kmemleak: flags = 0x21 [ 114.975506] kmemleak: checksum = 0 [ 114.975510] kmemleak: backtrace: [ 114.975514] pcpu_alloc_noprof+0x87a/0x1170 [ 114.975529] fib_nh_common_init+0x30/0xd0 [ 114.975543] fib6_nh_init+0x968/0x1a00 [ 114.975554] ip6_route_info_create_nh+0x530/0xf80 [ 114.975565] ip6_route_add.part.0+0x59/0x170 [ 114.975576] ip6_route_add+0x48/0x60 [ 114.975586] addrconf_add_mroute+0x12d/0x190 [ 114.975598] addrconf_add_dev+0x148/0x1c0 [ 114.975612] addrconf_dev_config+0x1e9/0x430 [ 114.975627] addrconf_notify+0xa70/0x1920 [ 114.975637] notifier_call_chain+0xc0/0x360 [ 114.975647] call_netdevice_notifiers_info+0xbe/0x140 [ 114.975658] netif_state_change+0x157/0x330 [ 114.975668] linkwatch_do_dev+0x111/0x150 [ 114.975680] __linkwatch_run_queue+0x2ab/0x710 [ 114.975691] linkwatch_event+0x4e/0x70 [ 115.022501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.023114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.094965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.095592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.167023] audit: type=1400 audit(1756720647.731:8): avc: denied { open } for pid=3883 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 115.173016] audit: type=1400 audit(1756720647.731:9): avc: denied { kernel } for pid=3883 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 115.194366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.195023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.256990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.257635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.301281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.302052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.346942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.347571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.394935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.395560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.430130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.430791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.450834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.451506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:57:28 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, 0x0, 0x0) 09:57:28 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000000)={0xb8, 0x13, 0x1, 0x0, 0x0, "", [@nested={0xa5, 0x0, 0x0, 0x1, [@generic="c54df736d4b954476eb4ae83d075b49c41c4ac86c8caa3a043768ea150d2b20000180085332d3a3aa4ee34393f82045507025fc9177977b82c3bc3716c9eb824b80d58792c65d8b140ad133fc32a167a17bd248ce25252df11d54c79f5fc110b35d4d9566f090509e9fc790c2e46207a0a52b3087dcaccd0c1bcd508276e5c7e46d41a4ace1739350e85a4a4c40a796c07df96a15505486c862ed04b419fe18665"]}]}, 0xb8}], 0x1}, 0x0) 09:57:28 executing program 7: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 09:57:28 executing program 5: r0 = io_uring_setup(0x6aff, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x9, 0x0, 0x2) 09:57:28 executing program 3: clock_adjtime(0x0, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe252a097ffffffff}) 09:57:28 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x6) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 09:57:28 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/8250_core', 0x0, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) 09:57:28 executing program 6: r0 = eventfd(0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 09:57:28 executing program 3: clock_adjtime(0x0, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe252a097ffffffff}) [ 115.657686] kmemleak: Found object by alias at 0x607f1a63e454 [ 115.657706] CPU: 0 UID: 0 PID: 3923 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.657724] Tainted: [W]=WARN [ 115.657728] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.657736] Call Trace: [ 115.657740] [ 115.657744] dump_stack_lvl+0xca/0x120 [ 115.657776] __lookup_object+0x94/0xb0 [ 115.657794] delete_object_full+0x27/0x70 [ 115.657812] free_percpu+0x30/0x1160 [ 115.657829] ? arch_uprobe_clear_state+0x16/0x140 [ 115.657855] futex_hash_free+0x38/0xc0 [ 115.657871] mmput+0x2d3/0x390 [ 115.657890] do_exit+0x79d/0x2970 [ 115.657908] ? __pfx_do_exit+0x10/0x10 [ 115.657922] ? find_held_lock+0x2b/0x80 [ 115.657941] ? get_signal+0x835/0x2340 [ 115.657962] do_group_exit+0xd3/0x2a0 [ 115.657977] get_signal+0x2315/0x2340 [ 115.657995] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.658013] ? __pfx_get_signal+0x10/0x10 [ 115.658030] ? __schedule+0xe91/0x3590 [ 115.658051] arch_do_signal_or_restart+0x80/0x790 [ 115.658072] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 115.658089] ? __x64_sys_futex+0x1c9/0x4d0 [ 115.658102] ? __x64_sys_futex+0x1d2/0x4d0 [ 115.658117] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.658131] ? xfd_validate_state+0x55/0x180 [ 115.658153] exit_to_user_mode_loop+0x8b/0x110 [ 115.658166] do_syscall_64+0x2f7/0x360 [ 115.658179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.658192] RIP: 0033:0x7feae1fafb19 [ 115.658201] Code: Unable to access opcode bytes at 0x7feae1fafaef. [ 115.658207] RSP: 002b:00007feadf525218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.658219] RAX: 0000000000000001 RBX: 00007feae20c2f68 RCX: 00007feae1fafb19 [ 115.658227] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007feae20c2f6c [ 115.658234] RBP: 00007feae20c2f60 R08: 000000000000000e R09: 0000000000000000 [ 115.658242] R10: 0000000000000003 R11: 0000000000000246 R12: 00007feae20c2f6c [ 115.658249] R13: 00007ffc7df8cb7f R14: 00007feadf525300 R15: 0000000000022000 [ 115.658265] [ 115.658269] kmemleak: Object (percpu) 0x607f1a63e450 (size 8): [ 115.658276] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294780369 [ 115.658283] kmemleak: min_count = 1 [ 115.658287] kmemleak: count = 0 [ 115.658291] kmemleak: flags = 0x21 [ 115.658295] kmemleak: checksum = 0 [ 115.658298] kmemleak: backtrace: [ 115.658302] pcpu_alloc_noprof+0x87a/0x1170 [ 115.658318] fib_nh_common_init+0x30/0xd0 [ 115.658331] fib6_nh_init+0x968/0x1a00 [ 115.658343] ip6_route_info_create_nh+0x530/0xf80 [ 115.658354] ip6_route_add.part.0+0x59/0x170 [ 115.658365] ip6_route_add+0x48/0x60 [ 115.658375] addrconf_add_mroute+0x12d/0x190 [ 115.658388] addrconf_add_dev+0x148/0x1c0 [ 115.658402] addrconf_dev_config+0x1e9/0x430 [ 115.658417] addrconf_notify+0xa70/0x1920 [ 115.658427] notifier_call_chain+0xc0/0x360 [ 115.658437] call_netdevice_notifiers_info+0xbe/0x140 [ 115.658450] netif_state_change+0x157/0x330 [ 115.658460] linkwatch_do_dev+0x111/0x150 [ 115.658472] __linkwatch_run_queue+0x2ab/0x710 [ 115.658483] linkwatch_event+0x4e/0x70 09:57:28 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, 0x0, 0x0) 09:57:28 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x6) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 09:57:28 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000000)={0xb8, 0x13, 0x1, 0x0, 0x0, "", [@nested={0xa5, 0x0, 0x0, 0x1, [@generic="c54df736d4b954476eb4ae83d075b49c41c4ac86c8caa3a043768ea150d2b20000180085332d3a3aa4ee34393f82045507025fc9177977b82c3bc3716c9eb824b80d58792c65d8b140ad133fc32a167a17bd248ce25252df11d54c79f5fc110b35d4d9566f090509e9fc790c2e46207a0a52b3087dcaccd0c1bcd508276e5c7e46d41a4ace1739350e85a4a4c40a796c07df96a15505486c862ed04b419fe18665"]}]}, 0xb8}], 0x1}, 0x0) 09:57:28 executing program 7: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 09:57:28 executing program 6: r0 = eventfd(0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 09:57:28 executing program 3: clock_adjtime(0x0, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe252a097ffffffff}) 09:57:28 executing program 5: r0 = io_uring_setup(0x6aff, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x9, 0x0, 0x2) 09:57:28 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/8250_core', 0x0, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) 09:57:28 executing program 3: r0 = eventfd(0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 09:57:28 executing program 6: r0 = eventfd(0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) [ 115.803700] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI 09:57:28 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, 0x0, 0x0) [ 115.804653] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.805416] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.807302] Tainted: [W]=WARN [ 115.808110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.810025] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.811157] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.815942] RSP: 0018:ffff8880176ff800 EFLAGS: 00010212 [ 115.816363] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001bf7000 [ 115.816924] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.817488] RBP: ffff8880176ffa70 R08: ffff88806cf31340 R09: ffffe8ffffd08498 [ 115.818040] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.818591] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.819146] FS: 00007f0035c97700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.819777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.820229] CR2: 0000000020000340 CR3: 000000000e88b000 CR4: 0000000000350ef0 [ 115.820781] Call Trace: [ 115.820985] [ 115.821178] ? __pfx_perf_tp_event+0x10/0x10 [ 115.821535] ? lock_is_held_type+0x9e/0x120 [ 115.821885] ? lock_is_held_type+0x9e/0x120 [ 115.822230] ? perf_trace_lock+0xb5/0x5d0 [ 115.822561] ? perf_trace_lock+0xb5/0x5d0 [ 115.822890] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.823256] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.823623] ? find_held_lock+0x2b/0x80 [ 115.823945] ? find_held_lock+0x2b/0x80 [ 115.824265] ? __perf_install_in_context+0x503/0xb90 [ 115.824664] ? lock_release+0xc8/0x290 [ 115.824976] ? do_raw_spin_unlock+0x53/0x220 [ 115.825339] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.825736] perf_trace_run_bpf_submit+0xef/0x180 [ 115.826124] perf_trace_lock+0x337/0x5d0 [ 115.826451] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.826817] ? lock_acquire+0x15e/0x2f0 [ 115.827131] ? futex_ref_get+0x48/0x300 [ 115.827446] ? futex_ref_get+0x114/0x300 [ 115.827765] ? futex_hash+0x15c/0x390 [ 115.828068] lock_release+0x1ab/0x290 [ 115.828373] ? futex_hash+0x15c/0x390 [ 115.828505] kmemleak: Found object by alias at 0x607f1a63e454 [ 115.828524] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.828543] Tainted: [W]=WARN [ 115.828547] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.828554] Call Trace: [ 115.828558] [ 115.828563] dump_stack_lvl+0xca/0x120 [ 115.828595] __lookup_object+0x94/0xb0 [ 115.828613] delete_object_full+0x27/0x70 [ 115.828630] free_percpu+0x30/0x1160 [ 115.828647] ? arch_uprobe_clear_state+0x16/0x140 [ 115.828666] futex_hash_free+0x38/0xc0 [ 115.828681] mmput+0x2d3/0x390 [ 115.828700] do_exit+0x79d/0x2970 [ 115.828716] ? __pfx_do_exit+0x10/0x10 [ 115.828730] ? find_held_lock+0x2b/0x80 [ 115.828748] ? get_signal+0x835/0x2340 [ 115.828767] do_group_exit+0xd3/0x2a0 [ 115.828782] get_signal+0x2315/0x2340 [ 115.828799] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.828815] ? __pfx_get_signal+0x10/0x10 [ 115.828832] ? __schedule+0xe91/0x3590 [ 115.828857] arch_do_signal_or_restart+0x80/0x790 [ 115.828875] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 115.828892] ? __x64_sys_futex+0x1c9/0x4d0 [ 115.828904] ? __x64_sys_futex+0x1d2/0x4d0 [ 115.828919] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.828932] ? xfd_validate_state+0x55/0x180 [ 115.828952] exit_to_user_mode_loop+0x8b/0x110 [ 115.828965] do_syscall_64+0x2f7/0x360 [ 115.828977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.828990] RIP: 0033:0x7feae1fafb19 [ 115.828999] Code: Unable to access opcode bytes at 0x7feae1fafaef. [ 115.829005] RSP: 002b:00007feadf525218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.829017] RAX: 0000000000000001 RBX: 00007feae20c2f68 RCX: 00007feae1fafb19 [ 115.829025] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007feae20c2f6c [ 115.829032] RBP: 00007feae20c2f60 R08: 0000000000000016 R09: 0000000000000000 [ 115.829039] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007feae20c2f6c [ 115.829047] R13: 00007ffc7df8cb7f R14: 00007feadf525300 R15: 0000000000022000 [ 115.829060] [ 115.829063] kmemleak: Object (percpu) 0x607f1a63e450 (size 8): [ 115.829070] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294780369 [ 115.829078] kmemleak: min_count = 1 [ 115.829082] kmemleak: count = 1 [ 115.829085] kmemleak: flags = 0x21 [ 115.829089] kmemleak: checksum = 1482887254 [ 115.829093] kmemleak: backtrace: [ 115.829098] pcpu_alloc_noprof+0x87a/0x1170 [ 115.829113] fib_nh_common_init+0x30/0xd0 [ 115.829134] fib6_nh_init+0x968/0x1a00 [ 115.829145] ip6_route_info_create_nh+0x530/0xf80 [ 115.829156] ip6_route_add.part.0+0x59/0x170 [ 115.829167] ip6_route_add+0x48/0x60 [ 115.829177] addrconf_add_mroute+0x12d/0x190 [ 115.829190] addrconf_add_dev+0x148/0x1c0 [ 115.829204] addrconf_dev_config+0x1e9/0x430 [ 115.829219] addrconf_notify+0xa70/0x1920 [ 115.829229] notifier_call_chain+0xc0/0x360 [ 115.829240] call_netdevice_notifiers_info+0xbe/0x140 [ 115.829252] netif_state_change+0x157/0x330 [ 115.829263] linkwatch_do_dev+0x111/0x150 [ 115.829274] __linkwatch_run_queue+0x2ab/0x710 [ 115.829285] linkwatch_event+0x4e/0x70 [ 115.851088] futex_ref_get+0x119/0x300 [ 115.851399] ? futex_hash+0x15c/0x390 [ 115.851703] futex_hash+0x70/0x390 [ 115.851993] futex_wake+0x143/0x540 [ 115.852287] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.852653] ? __pfx_futex_wake+0x10/0x10 [ 115.852987] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 115.853396] ? lock_release+0xc8/0x290 [ 115.853709] do_futex+0x26d/0x370 [ 115.853993] ? __pfx_do_futex+0x10/0x10 [ 115.854310] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 115.854732] ? __pfx___schedule+0x10/0x10 [ 115.855068] __x64_sys_futex+0x1c9/0x4d0 [ 115.855395] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.855759] ? xfd_validate_state+0x55/0x180 [ 115.856123] do_syscall_64+0xbf/0x360 [ 115.856428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.856837] RIP: 0033:0x7f0038721b19 [ 115.857138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.858676] RSP: 002b:00007f0035c97218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.859265] RAX: ffffffffffffffda RBX: 00007f0038834f68 RCX: 00007f0038721b19 [ 115.859822] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0038834f6c [ 115.860375] RBP: 00007f0038834f60 R08: 000000000000000e R09: 0000000000000000 [ 115.860933] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f0038834f6c [ 115.861493] R13: 00007ffe9ffa43cf R14: 00007f0035c97300 R15: 0000000000022000 [ 115.862053] [ 115.862240] Modules linked in: [ 115.862529] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 115.863397] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.863982] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.864906] Tainted: [D]=DIE, [W]=WARN [ 115.865213] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.865850] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.866221] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.867614] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 115.868025] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.868574] RDX: ffff88804437b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.869133] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd08498 [ 115.869686] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 115.870236] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 115.870788] FS: 00007f0035c97700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.871407] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.871860] CR2: 0000000020000340 CR3: 000000000e88b000 CR4: 0000000000350ef0 [ 115.872413] Call Trace: [ 115.872617] [ 115.872796] ? __pfx_perf_tp_event+0x10/0x10 [ 115.873157] ? trace_pelt_se_tp+0xdf/0x130 [ 115.873491] ? __update_load_avg_se+0x428/0xa40 [ 115.873865] ? lock_is_held_type+0x9e/0x120 [ 115.874208] ? update_load_avg+0x17d/0x1ef0 [ 115.874550] ? update_cfs_group+0x11d/0x260 [ 115.874886] ? kvm_sched_clock_read+0x16/0x30 [ 115.875246] ? kvm_sched_clock_read+0x16/0x30 [ 115.875603] ? sched_clock+0x37/0x60 [ 115.875901] ? sched_clock_cpu+0x6c/0x4e0 [ 115.876232] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.876625] perf_trace_run_bpf_submit+0xef/0x180 [ 115.877010] perf_trace_lock+0x337/0x5d0 [ 115.877341] ? update_cfs_group+0x11d/0x260 [ 115.877684] ? kvm_sched_clock_read+0x16/0x30 [ 115.878043] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.878406] ? check_preempt_wakeup_fair+0x6e/0x950 [ 115.878800] ? sched_ttwu_pending+0x2e0/0x4a0 [ 115.879160] lock_release+0x1ab/0x290 [ 115.879462] ? ttwu_do_activate+0x1a4/0x8a0 [ 115.879805] _raw_spin_unlock+0x16/0x40 [ 115.880123] sched_ttwu_pending+0x2e0/0x4a0 [ 115.880466] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 115.880847] ? hrtimer_interrupt+0x652/0x830 [ 115.881211] __flush_smp_call_function_queue+0x434/0x740 [ 115.881648] __sysvec_call_function_single+0x6d/0x370 [ 115.882061] sysvec_call_function_single+0xa1/0xc0 [ 115.882450] [ 115.882635] [ 115.882815] asm_sysvec_call_function_single+0x1a/0x20 [ 115.883224] RIP: 0010:oops_exit+0x0/0x50 [ 115.883549] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 115.884940] RSP: 0018:ffff8880176ff690 EFLAGS: 00000202 [ 115.885360] RAX: 00000000000389f8 RBX: 0000000000000216 RCX: ffffc90001bf7000 [ 115.885909] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 115.886458] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 115.887012] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880176ff758 [ 115.887560] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 115.888115] ? oops_end+0x4a/0xe0 [ 115.888400] oops_end+0x65/0xe0 [ 115.888671] exc_general_protection+0x1a2/0x330 [ 115.889044] asm_exc_general_protection+0x26/0x30 [ 115.889428] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.889795] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.891191] RSP: 0018:ffff8880176ff800 EFLAGS: 00010212 [ 115.891604] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001bf7000 [ 115.892153] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.892701] RBP: ffff8880176ffa70 R08: ffff88806cf31340 R09: ffffe8ffffd08498 [ 115.893257] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.893804] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.894379] ? perf_tp_event+0x167/0xe70 [ 115.894719] ? __pfx_perf_tp_event+0x10/0x10 [ 115.895080] ? lock_is_held_type+0x9e/0x120 [ 115.895433] ? lock_is_held_type+0x9e/0x120 [ 115.895791] ? perf_trace_lock+0xb5/0x5d0 [ 115.896127] ? perf_trace_lock+0xb5/0x5d0 [ 115.896464] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.896835] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.897217] ? find_held_lock+0x2b/0x80 [ 115.897544] ? find_held_lock+0x2b/0x80 [ 115.897874] ? __perf_install_in_context+0x503/0xb90 [ 115.898282] ? lock_release+0xc8/0x290 [ 115.898598] ? do_raw_spin_unlock+0x53/0x220 [ 115.898959] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.899370] perf_trace_run_bpf_submit+0xef/0x180 [ 115.899771] perf_trace_lock+0x337/0x5d0 [ 115.900104] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.900479] ? lock_acquire+0x15e/0x2f0 [ 115.900804] ? futex_ref_get+0x48/0x300 [ 115.901133] ? futex_ref_get+0x114/0x300 [ 115.901457] ? futex_hash+0x15c/0x390 [ 115.901768] lock_release+0x1ab/0x290 [ 115.902081] ? futex_hash+0x15c/0x390 [ 115.902391] futex_ref_get+0x119/0x300 [ 115.902708] ? futex_hash+0x15c/0x390 [ 115.903016] futex_hash+0x70/0x390 [ 115.903309] futex_wake+0x143/0x540 [ 115.903607] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.903978] ? __pfx_futex_wake+0x10/0x10 [ 115.904316] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 115.904724] ? lock_release+0xc8/0x290 [ 115.905044] do_futex+0x26d/0x370 [ 115.905335] ? __pfx_do_futex+0x10/0x10 [ 115.905660] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 115.906089] ? __pfx___schedule+0x10/0x10 [ 115.906430] __x64_sys_futex+0x1c9/0x4d0 [ 115.906763] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.907134] ? xfd_validate_state+0x55/0x180 [ 115.907498] do_syscall_64+0xbf/0x360 [ 115.907808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.908221] RIP: 0033:0x7f0038721b19 [ 115.908521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.909972] RSP: 002b:00007f0035c97218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.910573] RAX: ffffffffffffffda RBX: 00007f0038834f68 RCX: 00007f0038721b19 [ 115.911137] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0038834f6c [ 115.911700] RBP: 00007f0038834f60 R08: 000000000000000e R09: 0000000000000000 [ 115.912265] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f0038834f6c [ 115.912830] R13: 00007ffe9ffa43cf R14: 00007f0035c97300 R15: 0000000000022000 [ 115.913406] [ 115.913599] Modules linked in: [ 115.913861] ---[ end trace 0000000000000000 ]--- [ 115.914232] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.914608] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.916044] RSP: 0018:ffff8880176ff800 EFLAGS: 00010212 [ 115.916468] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001bf7000 [ 115.917033] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.917608] RBP: ffff8880176ffa70 R08: ffff88806cf31340 R09: ffffe8ffffd08498 [ 115.918174] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.918736] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.919301] FS: 00007f0035c97700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.919939] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.920403] CR2: 0000000020000340 CR3: 000000000e88b000 CR4: 0000000000350ef0 [ 115.920968] Kernel panic - not syncing: Fatal exception in interrupt [ 116.965744] Shutting down cpus with NMI [ 116.966171] Kernel Offset: disabled [ 116.966460] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:57:28 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88804532fad0 RCX=ffffffff81a04264 RDX=ffff8880167b3700 RSI=ffffffff81a0426e RDI=0000000000000004 RBP=00000000000001fd RSP=ffff88804532f620 R8 =0000000000000000 R9 =fffff940001c64ce R10=00000000000001fd R11=1ffff1100d9c6f7b R12=0000000000000181 R13=0000000000000001 R14=ffff88800bd40000 R15=0000000000000180 RIP=ffffffff81a0426e RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f53292473a4 CR3=0000000035e04000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880176ff098 R8 =0000000000000000 R9 =ffffed10016da046 R10=00000000000fe503 R11=0000000065646f43 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0035c97700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000340 CR3=000000000e88b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f00388087c000007f00388087c8 XMM02=00007f00388087e000007f00388087c0 XMM03=00007f00388087c800007f00388087c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000