Warning: Permanently added '[localhost]:11925' (ECDSA) to the list of known hosts. 2025/09/01 10:29:38 fuzzer started 2025/09/01 10:29:38 dialing manager at localhost:35473 syzkaller login: [ 60.179670] cgroup: Unknown subsys name 'net' [ 60.275739] cgroup: Unknown subsys name 'cpuset' [ 60.294111] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:29:51 syscalls: 2214 2025/09/01 10:29:51 code coverage: enabled 2025/09/01 10:29:51 comparison tracing: enabled 2025/09/01 10:29:51 extra coverage: enabled 2025/09/01 10:29:51 setuid sandbox: enabled 2025/09/01 10:29:51 namespace sandbox: enabled 2025/09/01 10:29:51 Android sandbox: enabled 2025/09/01 10:29:51 fault injection: enabled 2025/09/01 10:29:51 leak checking: enabled 2025/09/01 10:29:51 net packet injection: enabled 2025/09/01 10:29:51 net device setup: enabled 2025/09/01 10:29:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:29:51 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:29:51 USB emulation: enabled 2025/09/01 10:29:51 hci packet injection: enabled 2025/09/01 10:29:51 wifi device emulation: enabled 2025/09/01 10:29:51 802.15.4 emulation: enabled 2025/09/01 10:29:51 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:29:51 fetching corpus: 39, signal 13969/17642 (executing program) 2025/09/01 10:29:51 fetching corpus: 84, signal 24185/29321 (executing program) 2025/09/01 10:29:51 fetching corpus: 134, signal 37369/43612 (executing program) 2025/09/01 10:29:51 fetching corpus: 184, signal 46317/53648 (executing program) 2025/09/01 10:29:51 fetching corpus: 234, signal 49754/58314 (executing program) 2025/09/01 10:29:51 fetching corpus: 283, signal 56136/65678 (executing program) 2025/09/01 10:29:51 fetching corpus: 333, signal 60515/71003 (executing program) 2025/09/01 10:29:51 fetching corpus: 383, signal 63729/75242 (executing program) 2025/09/01 10:29:51 fetching corpus: 433, signal 67372/79747 (executing program) 2025/09/01 10:29:51 fetching corpus: 483, signal 70043/83377 (executing program) 2025/09/01 10:29:52 fetching corpus: 533, signal 74705/88569 (executing program) 2025/09/01 10:29:52 fetching corpus: 582, signal 77077/91740 (executing program) 2025/09/01 10:29:52 fetching corpus: 632, signal 78946/94438 (executing program) 2025/09/01 10:29:52 fetching corpus: 682, signal 81159/97410 (executing program) 2025/09/01 10:29:52 fetching corpus: 732, signal 83818/100689 (executing program) 2025/09/01 10:29:52 fetching corpus: 782, signal 85751/103359 (executing program) 2025/09/01 10:29:52 fetching corpus: 832, signal 87736/106004 (executing program) 2025/09/01 10:29:52 fetching corpus: 882, signal 90167/108977 (executing program) 2025/09/01 10:29:52 fetching corpus: 932, signal 91703/111122 (executing program) 2025/09/01 10:29:52 fetching corpus: 982, signal 93472/113481 (executing program) 2025/09/01 10:29:52 fetching corpus: 1032, signal 95865/116302 (executing program) 2025/09/01 10:29:52 fetching corpus: 1082, signal 97296/118307 (executing program) 2025/09/01 10:29:52 fetching corpus: 1132, signal 99042/120505 (executing program) 2025/09/01 10:29:53 fetching corpus: 1182, signal 101783/123378 (executing program) 2025/09/01 10:29:53 fetching corpus: 1232, signal 102969/125056 (executing program) 2025/09/01 10:29:53 fetching corpus: 1281, signal 104214/126775 (executing program) 2025/09/01 10:29:53 fetching corpus: 1331, signal 105191/128254 (executing program) 2025/09/01 10:29:53 fetching corpus: 1381, signal 107202/130414 (executing program) 2025/09/01 10:29:53 fetching corpus: 1431, signal 108183/131837 (executing program) 2025/09/01 10:29:53 fetching corpus: 1481, signal 109209/133334 (executing program) 2025/09/01 10:29:53 fetching corpus: 1531, signal 110965/135185 (executing program) 2025/09/01 10:29:53 fetching corpus: 1581, signal 111643/136370 (executing program) 2025/09/01 10:29:53 fetching corpus: 1631, signal 112918/137921 (executing program) 2025/09/01 10:29:53 fetching corpus: 1681, signal 114179/139437 (executing program) 2025/09/01 10:29:53 fetching corpus: 1731, signal 115167/140779 (executing program) 2025/09/01 10:29:53 fetching corpus: 1781, signal 116331/142198 (executing program) 2025/09/01 10:29:54 fetching corpus: 1831, signal 117924/143797 (executing program) 2025/09/01 10:29:54 fetching corpus: 1881, signal 118791/144993 (executing program) 2025/09/01 10:29:54 fetching corpus: 1931, signal 119854/146235 (executing program) 2025/09/01 10:29:54 fetching corpus: 1981, signal 120626/147256 (executing program) 2025/09/01 10:29:54 fetching corpus: 2031, signal 122268/148833 (executing program) 2025/09/01 10:29:54 fetching corpus: 2081, signal 123441/150098 (executing program) 2025/09/01 10:29:54 fetching corpus: 2131, signal 124406/151198 (executing program) 2025/09/01 10:29:54 fetching corpus: 2181, signal 125301/152349 (executing program) 2025/09/01 10:29:54 fetching corpus: 2231, signal 126037/153299 (executing program) 2025/09/01 10:29:54 fetching corpus: 2281, signal 126774/154229 (executing program) 2025/09/01 10:29:54 fetching corpus: 2330, signal 128031/155433 (executing program) 2025/09/01 10:29:54 fetching corpus: 2380, signal 128734/156300 (executing program) 2025/09/01 10:29:55 fetching corpus: 2430, signal 129492/157250 (executing program) 2025/09/01 10:29:55 fetching corpus: 2480, signal 129950/158026 (executing program) 2025/09/01 10:29:55 fetching corpus: 2530, signal 131077/158981 (executing program) 2025/09/01 10:29:55 fetching corpus: 2580, signal 131744/159853 (executing program) 2025/09/01 10:29:55 fetching corpus: 2630, signal 132357/160599 (executing program) 2025/09/01 10:29:55 fetching corpus: 2680, signal 133190/161451 (executing program) 2025/09/01 10:29:55 fetching corpus: 2730, signal 133909/162260 (executing program) 2025/09/01 10:29:55 fetching corpus: 2780, signal 134745/163037 (executing program) 2025/09/01 10:29:55 fetching corpus: 2830, signal 135471/163796 (executing program) 2025/09/01 10:29:55 fetching corpus: 2880, signal 136050/164499 (executing program) 2025/09/01 10:29:56 fetching corpus: 2930, signal 136926/165349 (executing program) 2025/09/01 10:29:56 fetching corpus: 2980, signal 137600/166038 (executing program) 2025/09/01 10:29:56 fetching corpus: 3030, signal 138510/166739 (executing program) 2025/09/01 10:29:56 fetching corpus: 3080, signal 138982/167306 (executing program) 2025/09/01 10:29:56 fetching corpus: 3130, signal 139662/167949 (executing program) 2025/09/01 10:29:56 fetching corpus: 3180, signal 140258/168577 (executing program) 2025/09/01 10:29:56 fetching corpus: 3230, signal 140890/169175 (executing program) 2025/09/01 10:29:56 fetching corpus: 3280, signal 141486/169758 (executing program) 2025/09/01 10:29:56 fetching corpus: 3330, signal 142538/170478 (executing program) 2025/09/01 10:29:56 fetching corpus: 3380, signal 142983/171027 (executing program) 2025/09/01 10:29:57 fetching corpus: 3429, signal 143639/171590 (executing program) 2025/09/01 10:29:57 fetching corpus: 3479, signal 144271/172176 (executing program) 2025/09/01 10:29:57 fetching corpus: 3529, signal 145192/172797 (executing program) 2025/09/01 10:29:57 fetching corpus: 3579, signal 145844/173296 (executing program) 2025/09/01 10:29:57 fetching corpus: 3629, signal 146477/173787 (executing program) 2025/09/01 10:29:57 fetching corpus: 3679, signal 147089/174260 (executing program) 2025/09/01 10:29:57 fetching corpus: 3729, signal 147621/174713 (executing program) 2025/09/01 10:29:57 fetching corpus: 3779, signal 148150/175189 (executing program) 2025/09/01 10:29:57 fetching corpus: 3829, signal 148815/175684 (executing program) 2025/09/01 10:29:57 fetching corpus: 3878, signal 149196/176105 (executing program) 2025/09/01 10:29:58 fetching corpus: 3928, signal 149577/176538 (executing program) 2025/09/01 10:29:58 fetching corpus: 3978, signal 150002/176900 (executing program) 2025/09/01 10:29:58 fetching corpus: 4028, signal 150538/177296 (executing program) 2025/09/01 10:29:58 fetching corpus: 4078, signal 150869/177667 (executing program) 2025/09/01 10:29:58 fetching corpus: 4128, signal 151394/178070 (executing program) 2025/09/01 10:29:58 fetching corpus: 4178, signal 151903/178420 (executing program) 2025/09/01 10:29:58 fetching corpus: 4228, signal 152377/178732 (executing program) 2025/09/01 10:29:58 fetching corpus: 4277, signal 152879/179028 (executing program) 2025/09/01 10:29:58 fetching corpus: 4327, signal 153281/179351 (executing program) 2025/09/01 10:29:58 fetching corpus: 4377, signal 153883/179442 (executing program) 2025/09/01 10:29:58 fetching corpus: 4427, signal 154454/179443 (executing program) 2025/09/01 10:29:58 fetching corpus: 4477, signal 154966/179480 (executing program) 2025/09/01 10:29:59 fetching corpus: 4527, signal 155684/179501 (executing program) 2025/09/01 10:29:59 fetching corpus: 4577, signal 156643/179506 (executing program) 2025/09/01 10:29:59 fetching corpus: 4627, signal 157292/179526 (executing program) 2025/09/01 10:29:59 fetching corpus: 4677, signal 157552/179574 (executing program) 2025/09/01 10:29:59 fetching corpus: 4727, signal 158076/179644 (executing program) 2025/09/01 10:29:59 fetching corpus: 4777, signal 158476/179659 (executing program) 2025/09/01 10:29:59 fetching corpus: 4827, signal 158979/179666 (executing program) 2025/09/01 10:29:59 fetching corpus: 4877, signal 159614/179670 (executing program) 2025/09/01 10:29:59 fetching corpus: 4927, signal 160153/179708 (executing program) 2025/09/01 10:29:59 fetching corpus: 4976, signal 160671/179736 (executing program) 2025/09/01 10:29:59 fetching corpus: 5026, signal 161259/179765 (executing program) 2025/09/01 10:30:00 fetching corpus: 5075, signal 161824/179784 (executing program) 2025/09/01 10:30:00 fetching corpus: 5125, signal 162186/179807 (executing program) 2025/09/01 10:30:00 fetching corpus: 5175, signal 162514/179810 (executing program) 2025/09/01 10:30:00 fetching corpus: 5225, signal 162908/179812 (executing program) 2025/09/01 10:30:00 fetching corpus: 5275, signal 163339/179822 (executing program) 2025/09/01 10:30:00 fetching corpus: 5325, signal 163764/179838 (executing program) 2025/09/01 10:30:00 fetching corpus: 5375, signal 164110/179843 (executing program) 2025/09/01 10:30:00 fetching corpus: 5425, signal 164471/179851 (executing program) 2025/09/01 10:30:00 fetching corpus: 5475, signal 165151/179866 (executing program) 2025/09/01 10:30:00 fetching corpus: 5525, signal 165529/179885 (executing program) 2025/09/01 10:30:00 fetching corpus: 5575, signal 165906/179906 (executing program) 2025/09/01 10:30:01 fetching corpus: 5625, signal 166214/179915 (executing program) 2025/09/01 10:30:01 fetching corpus: 5675, signal 166460/179922 (executing program) 2025/09/01 10:30:01 fetching corpus: 5725, signal 166776/179927 (executing program) 2025/09/01 10:30:01 fetching corpus: 5775, signal 167238/179929 (executing program) 2025/09/01 10:30:01 fetching corpus: 5825, signal 167623/179947 (executing program) 2025/09/01 10:30:01 fetching corpus: 5875, signal 167895/179966 (executing program) 2025/09/01 10:30:01 fetching corpus: 5925, signal 168099/179979 (executing program) 2025/09/01 10:30:01 fetching corpus: 5975, signal 169024/179993 (executing program) 2025/09/01 10:30:01 fetching corpus: 6025, signal 169290/179999 (executing program) 2025/09/01 10:30:01 fetching corpus: 6075, signal 169529/180006 (executing program) 2025/09/01 10:30:01 fetching corpus: 6125, signal 169851/180007 (executing program) 2025/09/01 10:30:02 fetching corpus: 6175, signal 170250/180010 (executing program) 2025/09/01 10:30:02 fetching corpus: 6225, signal 170559/180010 (executing program) 2025/09/01 10:30:02 fetching corpus: 6275, signal 170892/180062 (executing program) 2025/09/01 10:30:02 fetching corpus: 6325, signal 171255/180070 (executing program) 2025/09/01 10:30:02 fetching corpus: 6375, signal 171541/180089 (executing program) 2025/09/01 10:30:02 fetching corpus: 6425, signal 171773/180105 (executing program) 2025/09/01 10:30:02 fetching corpus: 6475, signal 172171/180113 (executing program) 2025/09/01 10:30:02 fetching corpus: 6525, signal 172487/180132 (executing program) 2025/09/01 10:30:02 fetching corpus: 6575, signal 172771/180143 (executing program) 2025/09/01 10:30:02 fetching corpus: 6624, signal 173016/180180 (executing program) 2025/09/01 10:30:02 fetching corpus: 6674, signal 174687/180182 (executing program) 2025/09/01 10:30:02 fetching corpus: 6722, signal 175121/180199 (executing program) 2025/09/01 10:30:03 fetching corpus: 6772, signal 175371/180199 (executing program) 2025/09/01 10:30:03 fetching corpus: 6822, signal 175618/180210 (executing program) 2025/09/01 10:30:03 fetching corpus: 6871, signal 175934/180211 (executing program) 2025/09/01 10:30:03 fetching corpus: 6921, signal 176226/180257 (executing program) 2025/09/01 10:30:03 fetching corpus: 6971, signal 176541/180270 (executing program) 2025/09/01 10:30:03 fetching corpus: 7021, signal 176864/180307 (executing program) 2025/09/01 10:30:03 fetching corpus: 7071, signal 177238/180386 (executing program) 2025/09/01 10:30:03 fetching corpus: 7121, signal 177608/180410 (executing program) 2025/09/01 10:30:03 fetching corpus: 7132, signal 177712/180414 (executing program) 2025/09/01 10:30:03 fetching corpus: 7132, signal 177712/180414 (executing program) 2025/09/01 10:30:05 starting 8 fuzzer processes 10:30:05 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$MON_IOCQ_URB_LEN(r0, 0x9208) 10:30:05 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:05 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$PIO_FONT(r0, 0x4b61, 0x0) [ 85.596600] audit: type=1400 audit(1756722605.561:7): avc: denied { execmem } for pid=281 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:30:05 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 10:30:05 executing program 3: pkey_alloc(0x1000000, 0x0) 10:30:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc) 10:30:05 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') getdents(r0, &(0x7f00000000c0)=""/109, 0x6d) 10:30:05 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) [ 86.818652] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.821255] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.823463] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.828552] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.832560] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.835126] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.837548] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.844653] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.848368] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.855050] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.937596] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.940224] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.941604] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.945724] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.946946] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.951178] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.953341] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.957072] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.965047] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.967335] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.014625] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.021526] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.024213] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.025727] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.030778] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.032571] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.035031] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.037529] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.037611] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.044397] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.055294] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.058596] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.064016] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.067113] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.069979] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.071562] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.073527] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.076375] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.098200] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.113485] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.903417] Bluetooth: hci0: command tx timeout [ 88.904043] Bluetooth: hci1: command tx timeout [ 89.030982] Bluetooth: hci3: command tx timeout [ 89.031020] Bluetooth: hci2: command tx timeout [ 89.095893] Bluetooth: hci4: command tx timeout [ 89.158962] Bluetooth: hci5: command tx timeout [ 89.159591] Bluetooth: hci6: command tx timeout [ 89.159708] Bluetooth: hci7: command tx timeout [ 90.951102] Bluetooth: hci1: command tx timeout [ 90.951599] Bluetooth: hci0: command tx timeout [ 91.080954] Bluetooth: hci3: command tx timeout [ 91.081365] Bluetooth: hci2: command tx timeout [ 91.142972] Bluetooth: hci4: command tx timeout [ 91.206883] Bluetooth: hci7: command tx timeout [ 91.207276] Bluetooth: hci6: command tx timeout [ 91.207677] Bluetooth: hci5: command tx timeout [ 92.999028] Bluetooth: hci0: command tx timeout [ 92.999485] Bluetooth: hci1: command tx timeout [ 93.126925] Bluetooth: hci2: command tx timeout [ 93.127369] Bluetooth: hci3: command tx timeout [ 93.191002] Bluetooth: hci4: command tx timeout [ 93.254920] Bluetooth: hci5: command tx timeout [ 93.255383] Bluetooth: hci6: command tx timeout [ 93.255418] Bluetooth: hci7: command tx timeout [ 95.047994] Bluetooth: hci1: command tx timeout [ 95.048137] Bluetooth: hci0: command tx timeout [ 95.175591] Bluetooth: hci2: command tx timeout [ 95.177870] Bluetooth: hci3: command tx timeout [ 95.239018] Bluetooth: hci4: command tx timeout [ 95.302966] Bluetooth: hci5: command tx timeout [ 95.303966] Bluetooth: hci6: command tx timeout [ 95.304813] Bluetooth: hci7: command tx timeout [ 123.191191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.191878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.303289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.304074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.420907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.421492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.593352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.594099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.675893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.676497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.749179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.749794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:30:43 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$PIO_FONT(r0, 0x4b61, 0x0) [ 123.818868] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.819490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:30:43 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$PIO_FONT(r0, 0x4b61, 0x0) 10:30:43 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$PIO_FONT(r0, 0x4b61, 0x0) [ 123.953700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.954342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:30:43 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) [ 124.001012] audit: type=1400 audit(1756722643.964:8): avc: denied { open } for pid=3874 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.008591] audit: type=1400 audit(1756722643.964:9): avc: denied { kernel } for pid=3874 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.013805] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.014413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.074191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.074849] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:30:44 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) 10:30:44 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) 10:30:44 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 124.287247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.287908] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.318899] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.319538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.406306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.406961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.430015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.430607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.453771] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.454400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.487524] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.488360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:30:44 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') getdents(r0, &(0x7f00000000c0)=""/109, 0x6d) 10:30:44 executing program 3: pkey_alloc(0x1000000, 0x0) 10:30:44 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 10:30:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc) 10:30:44 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) 10:30:44 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 10:30:44 executing program 3: pkey_alloc(0x1000000, 0x0) 10:30:44 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') getdents(r0, &(0x7f00000000c0)=""/109, 0x6d) 10:30:44 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc) 10:30:44 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 3: pkey_alloc(0x1000000, 0x0) 10:30:44 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 10:30:44 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc) 10:30:44 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') getdents(r0, &(0x7f00000000c0)=""/109, 0x6d) [ 124.938153] kmemleak: Found object by alias at 0x607f1a63e9ac [ 124.938189] CPU: 0 UID: 0 PID: 3952 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 124.938233] Tainted: [W]=WARN [ 124.938240] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.938254] Call Trace: [ 124.938261] [ 124.938270] dump_stack_lvl+0xca/0x120 [ 124.938316] __lookup_object+0x94/0xb0 [ 124.938349] delete_object_full+0x27/0x70 [ 124.938383] free_percpu+0x30/0x1160 [ 124.938415] ? arch_uprobe_clear_state+0x16/0x140 [ 124.938455] futex_hash_free+0x38/0xc0 [ 124.938482] mmput+0x2d3/0x390 [ 124.938520] do_exit+0x79d/0x2970 [ 124.938555] ? __pfx_do_exit+0x10/0x10 [ 124.938583] ? find_held_lock+0x2b/0x80 [ 124.938619] ? get_signal+0x835/0x2340 [ 124.938658] do_group_exit+0xd3/0x2a0 [ 124.938689] get_signal+0x2315/0x2340 [ 124.938724] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 124.938758] ? __pfx_get_signal+0x10/0x10 [ 124.938792] ? __schedule+0xe91/0x3590 [ 124.938832] arch_do_signal_or_restart+0x80/0x790 [ 124.938867] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 124.938902] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.938928] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.938953] ? __pfx___x64_sys_futex+0x10/0x10 [ 124.938990] exit_to_user_mode_loop+0x8b/0x110 [ 124.939015] do_syscall_64+0x2f7/0x360 [ 124.939040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.939064] RIP: 0033:0x7f6bf201ab19 [ 124.939081] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 124.939091] RSP: 002b:00007f6bef590218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.939115] RAX: 0000000000000001 RBX: 00007f6bf212df68 RCX: 00007f6bf201ab19 [ 124.939129] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6bf212df6c [ 124.939143] RBP: 00007f6bf212df60 R08: 000000000000000e R09: 0000000000000000 [ 124.939157] R10: 0000000000000050 R11: 0000000000000246 R12: 00007f6bf212df6c [ 124.939171] R13: 00007ffccb40f2df R14: 00007f6bef590300 R15: 0000000000022000 [ 124.939202] [ 124.939210] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 124.939223] kmemleak: comm "syz-executor.7", pid 3956, jiffies 4294791794 [ 124.939237] kmemleak: min_count = 1 [ 124.939244] kmemleak: count = 0 [ 124.939252] kmemleak: flags = 0x21 [ 124.939259] kmemleak: checksum = 0 [ 124.939266] kmemleak: backtrace: [ 124.939273] pcpu_alloc_noprof+0x87a/0x1170 [ 124.939304] perf_trace_event_init+0x366/0xa10 [ 124.939331] perf_trace_init+0x1a4/0x2f0 [ 124.939356] perf_tp_event_init+0xa6/0x120 [ 124.939387] perf_try_init_event+0x140/0x9f0 [ 124.939413] perf_event_alloc.part.0+0x118e/0x45f0 [ 124.939447] __do_sys_perf_event_open+0x719/0x2c20 [ 124.939473] do_syscall_64+0xbf/0x360 [ 124.939492] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:45 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:45 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:45 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:45 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 10:30:45 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x81) write$evdev(r0, &(0x7f0000000240)=[{{0x77359400}, 0x0, 0x1}], 0x18) 10:30:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@polexpire={0xc0, 0x1b, 0x3, 0x0, 0x0, {{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x10000000}}}, 0xc0}}, 0x0) 10:30:45 executing program 5: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x541b, 0x0) 10:30:45 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x105200, 0x0) 10:30:45 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) [ 125.162118] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 125.163030] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 125.163627] CPU: 1 UID: 0 PID: 3968 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 125.164577] Tainted: [W]=WARN [ 125.165030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.167232] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.168514] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.173516] RSP: 0018:ffff888045a8f780 EFLAGS: 00010012 [ 125.173945] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 125.174508] RDX: ffff888044b68000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 125.175076] RBP: ffff888045a8f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd169a8 [ 125.175649] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 125.176228] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 125.176794] FS: 000055556f7fe400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 125.177432] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.177906] CR2: 00007f076d8983a4 CR3: 0000000013aa5000 CR4: 0000000000350ef0 [ 125.178470] Call Trace: [ 125.178679] [ 125.178868] ? __pfx_perf_tp_event+0x10/0x10 [ 125.179234] ? arch_scale_cpu_capacity+0x17/0xa0 [ 125.179627] ? cpu_util.constprop.0+0x17d/0x340 [ 125.180020] ? __asan_memset+0x24/0x50 [ 125.180339] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 125.180772] ? lock_release+0xc8/0x290 [ 125.181089] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 125.181538] ? __lock_acquire+0x694/0x1b70 [ 125.181879] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.182280] ? sched_clock+0x37/0x60 [ 125.182590] ? sched_clock_cpu+0x6c/0x4e0 [ 125.182926] ? lock_is_held_type+0x9e/0x120 [ 125.183278] perf_trace_run_bpf_submit+0xef/0x180 [ 125.183669] perf_trace_preemptirq_template+0x259/0x430 [ 125.184111] ? lock_is_held_type+0x9e/0x120 [ 125.184460] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.184933] ? _raw_spin_lock_irqsave+0x53/0x60 [ 125.185317] trace_irq_disable.constprop.0+0xa6/0x100 [ 125.185728] _raw_spin_lock_irqsave+0x53/0x60 [ 125.186095] try_to_wake_up+0xa0/0x11d0 [ 125.186424] ? __pfx_try_to_wake_up+0x10/0x10 [ 125.186789] ? plist_del+0x122/0x270 [ 125.187103] ? find_held_lock+0x2b/0x80 [ 125.187433] ? futex_wake+0x474/0x540 [ 125.187745] wake_up_q+0xa1/0x130 [ 125.188039] futex_wake+0x47e/0x540 [ 125.188341] ? __pfx_futex_wake+0x10/0x10 [ 125.188677] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 125.189099] ? finish_task_switch.isra.0+0x206/0x840 [ 125.189514] do_futex+0x26d/0x370 [ 125.189803] ? __pfx_do_futex+0x10/0x10 [ 125.190129] ? __pfx___schedule+0x10/0x10 [ 125.190472] __x64_sys_futex+0x1c9/0x4d0 [ 125.190803] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.191268] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.191638] ? xfd_validate_state+0x55/0x180 [ 125.192012] do_syscall_64+0xbf/0x360 [ 125.192320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.192734] RIP: 0033:0x7f31215e3b19 [ 125.193036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.194468] RSP: 002b:00007fffe9d04d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.195072] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f31215e3b19 [ 125.195640] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31216f6f68 [ 125.196219] RBP: 00007f31216f6f60 R08: 00007f311eb59700 R09: 0000000000000000 [ 125.196780] R10: 00007f311eb59700 R11: 0000000000000246 R12: 00007f31216fba68 [ 125.197344] R13: 00007fffe9d04e70 R14: 00007f31216f6f60 R15: 000000000001e87a [ 125.197912] [ 125.198102] Modules linked in: [ 125.198366] ---[ end trace 0000000000000000 ]--- [ 125.198738] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.199120] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.200572] RSP: 0018:ffff888045a8f780 EFLAGS: 00010012 [ 125.201000] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 125.201567] RDX: ffff888044b68000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 125.202226] RBP: ffff888045a8f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd169a8 [ 125.202814] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 125.203382] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 125.203955] FS: 000055556f7fe400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 125.204596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.205061] CR2: 00007f076d8983a4 CR3: 0000000013aa5000 CR4: 0000000000350ef0 [ 125.205630] note: syz-executor.4[3968] exited with irqs disabled [ 125.206228] note: syz-executor.4[3968] exited with preempt_count 2 10:30:45 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) getsockname$unix(r0, 0x0, &(0x7f0000000300)) 10:30:45 executing program 6: futex(0x0, 0x1, 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0) 10:30:45 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) getsockname$unix(r0, 0x0, &(0x7f0000000300)) [ 125.274594] kmemleak: Found object by alias at 0x607f1a63e9ac 10:30:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@polexpire={0xc0, 0x1b, 0x3, 0x0, 0x0, {{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x10000000}}}, 0xc0}}, 0x0) [ 125.274626] CPU: 0 UID: 0 PID: 3973 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 125.274664] Tainted: [D]=DIE, [W]=WARN [ 125.274672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.274686] Call Trace: [ 125.274693] [ 125.274701] dump_stack_lvl+0xca/0x120 [ 125.274744] __lookup_object+0x94/0xb0 [ 125.274776] delete_object_full+0x27/0x70 [ 125.274807] free_percpu+0x30/0x1160 [ 125.274847] ? arch_uprobe_clear_state+0x16/0x140 [ 125.274882] futex_hash_free+0x38/0xc0 [ 125.274908] mmput+0x2d3/0x390 [ 125.274943] do_exit+0x79d/0x2970 [ 125.274969] ? lock_release+0x1c7/0x290 [ 125.274997] ? __pfx_do_exit+0x10/0x10 [ 125.275023] ? do_raw_spin_lock+0x123/0x260 [ 125.275054] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.275086] do_group_exit+0xd3/0x2a0 [ 125.275114] get_signal+0x2315/0x2340 [ 125.275149] ? putname.part.0+0x11b/0x160 [ 125.275183] ? __pfx_get_signal+0x10/0x10 [ 125.275216] ? do_futex+0x135/0x370 [ 125.275241] ? __pfx_do_futex+0x10/0x10 [ 125.275268] arch_do_signal_or_restart+0x80/0x790 [ 125.275301] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 125.275333] ? __x64_sys_futex+0x1c9/0x4d0 [ 125.275358] ? __x64_sys_futex+0x1d2/0x4d0 [ 125.275384] ? __x64_sys_openat+0x142/0x200 [ 125.275418] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.275443] ? selinux_file_ioctl+0xb9/0x280 [ 125.275477] exit_to_user_mode_loop+0x8b/0x110 [ 125.275501] do_syscall_64+0x2f7/0x360 [ 125.275524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.275547] RIP: 0033:0x7f6bf201ab19 [ 125.275564] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 125.275574] RSP: 002b:00007f6bef590218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.275597] RAX: 0000000000000000 RBX: 00007f6bf212df68 RCX: 00007f6bf201ab19 [ 125.275612] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6bf212df68 [ 125.275626] RBP: 00007f6bf212df60 R08: 0000000000000000 R09: 0000000000000000 [ 125.275639] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bf212df6c [ 125.275653] R13: 00007ffccb40f2df R14: 00007f6bef590300 R15: 0000000000022000 [ 125.275674] [ 125.275682] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 125.275695] kmemleak: comm "syz-executor.7", pid 3969, jiffies 4294792020 [ 125.275709] kmemleak: min_count = 1 [ 125.275716] kmemleak: count = 0 [ 125.275724] kmemleak: flags = 0x21 [ 125.275731] kmemleak: checksum = 0 [ 125.275738] kmemleak: backtrace: [ 125.275745] pcpu_alloc_noprof+0x87a/0x1170 [ 125.275776] perf_trace_event_init+0x366/0xa10 [ 125.275803] perf_trace_init+0x1a4/0x2f0 [ 125.275827] perf_tp_event_init+0xa6/0x120 [ 125.275859] perf_try_init_event+0x140/0x9f0 [ 125.275886] perf_event_alloc.part.0+0x118e/0x45f0 [ 125.275920] __do_sys_perf_event_open+0x719/0x2c20 [ 125.275946] do_syscall_64+0xbf/0x360 [ 125.275976] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:45 executing program 5: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:45 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@polexpire={0xc0, 0x1b, 0x3, 0x0, 0x0, {{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x10000000}}}, 0xc0}}, 0x0) 10:30:45 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) [ 125.414860] audit: type=1400 audit(1756722645.379:10): avc: denied { watch_reads } for pid=3988 comm="syz-executor.5" path="/syzkaller-testdir248404761/syzkaller.paxLmX/5" dev="sda" ino=15972 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 [ 125.456751] ------------[ cut here ]------------ [ 125.457367] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#1: syz-executor.2/294 [ 125.458132] Modules linked in: [ 125.458412] CPU: 1 UID: 0 PID: 294 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 125.459408] Tainted: [D]=DIE, [W]=WARN [ 125.459726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.460434] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 125.460843] Code: c7 20 49 d1 85 e8 41 b3 fa 02 49 8d 7d 40 5b 48 c7 c6 d0 fa be 81 5d 41 5c 41 5d 41 5e 41 5f e9 97 9a 9c ff e8 f2 3c b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 e4 3c b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 125.462384] RSP: 0018:ffff88801bb67e20 EFLAGS: 00010293 [ 125.462856] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bfb6a5 [ 125.463442] RDX: ffff888016ea3700 RSI: ffffffff81bfb9be RDI: 0000000000000005 [ 125.464046] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 125.464632] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888016ea3fd8 [ 125.465243] R13: ffff88800ce7c1c0 R14: 0000000000000001 R15: ffff88800ce7c200 [ 125.465817] FS: 0000555556e25400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 125.466485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.466977] CR2: 00007ffe064b6ff8 CR3: 00000000434f7000 CR4: 0000000000350ef0 [ 125.467564] Call Trace: [ 125.467788] [ 125.468041] task_work_run+0x172/0x280 [ 125.468373] ? __pfx_task_work_run+0x10/0x10 [ 125.468737] ? __x64_sys_umount+0x114/0x190 [ 125.469105] ? __pfx___x64_sys_umount+0x10/0x10 [ 125.469491] exit_to_user_mode_loop+0xef/0x110 [ 125.469888] do_syscall_64+0x2f7/0x360 [ 125.470216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.470633] RIP: 0033:0x7f6e0b9f8f87 [ 125.470951] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.472430] RSP: 002b:00007ffe064b71c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 125.473058] RAX: 0000000000000000 RBX: 000000000000000e RCX: 00007f6e0b9f8f87 [ 125.473635] RDX: 00007ffe064b7299 RSI: 000000000000000a RDI: 00007ffe064b7290 [ 125.474218] RBP: 00007ffe064b7290 R08: 00000000ffffffff R09: 00007ffe064b7060 [ 125.474794] R10: 0000555556e26c7b R11: 0000000000000246 R12: 00007f6e0ba51105 [ 125.475377] R13: 00007ffe064b8350 R14: 0000555556e26c20 R15: 00007ffe064b8390 [ 125.475978] [ 125.476172] irq event stamp: 169316 [ 125.476463] hardirqs last enabled at (169315): [] exit_to_user_mode_loop+0x5d/0x110 [ 125.477222] hardirqs last disabled at (169316): [] __schedule+0x16dd/0x3590 [ 125.477927] softirqs last enabled at (169312): [] handle_softirqs+0x50c/0x770 [ 125.478641] softirqs last disabled at (169269): [] __irq_exit_rcu+0xc4/0x100 [ 125.479356] ---[ end trace 0000000000000000 ]--- 10:30:48 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) getsockname$unix(r0, 0x0, &(0x7f0000000300)) 10:30:48 executing program 6: futex(0x0, 0x1, 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0) 10:30:48 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@polexpire={0xc0, 0x1b, 0x3, 0x0, 0x0, {{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x10000000}}}, 0xc0}}, 0x0) 10:30:48 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 1: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 5: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 4: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 6: futex(0x0, 0x1, 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0) 10:30:48 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 1: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) getsockname$unix(r0, 0x0, &(0x7f0000000300)) 10:30:48 executing program 6: futex(0x0, 0x1, 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0) 10:30:48 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') [ 128.350417] ------------[ cut here ]------------ [ 128.350812] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.1/282 [ 128.351550] Modules linked in: [ 128.351802] CPU: 1 UID: 0 PID: 282 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.352704] Tainted: [D]=DIE, [W]=WARN [ 128.353010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.353623] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 128.354019] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 128.355384] RSP: 0018:ffff888015cf7ce0 EFLAGS: 00010293 [ 128.355789] RAX: 0000000000000000 RBX: 1ffff11002b9efa1 RCX: ffffffff81bfaf93 [ 128.356344] RDX: ffff88801615b700 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 128.356893] RBP: ffff88800ce7c380 R08: 0000000000000001 R09: 0000000000000000 [ 128.357429] R10: 00000000ffffffff R11: ffff88801ed1c870 R12: ffff888015cf7d48 [ 128.357979] R13: 00000000ffffffff R14: ffff88800ce7c380 R15: ffff88800ce7c468 [ 128.358518] FS: 00005555744b8400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 128.359129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.359567] CR2: 00007f076c95a4ec CR3: 00000000363bc000 CR4: 0000000000350ef0 [ 128.360124] Call Trace: [ 128.360322] [ 128.360513] ? do_raw_spin_lock+0x123/0x260 [ 128.360883] ? __pfx_mntput_no_expire+0x10/0x10 [ 128.361264] ? lock_release+0x1c7/0x290 [ 128.361589] ? lock_release+0x1c7/0x290 [ 128.361942] path_umount+0x6e0/0x1100 [ 128.362250] ? kmem_cache_free+0x2a1/0x540 [ 128.362602] ? __pfx_path_umount+0x10/0x10 [ 128.362962] ? putname.part.0+0x11b/0x160 [ 128.363303] __x64_sys_umount+0x15c/0x190 [ 128.363648] ? __pfx___x64_sys_umount+0x10/0x10 [ 128.364066] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.364493] do_syscall_64+0xbf/0x360 [ 128.364802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.365234] RIP: 0033:0x7f0b2ec89f87 [ 128.365544] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.366996] RSP: 002b:00007ffd6a3d44d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 128.367609] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007f0b2ec89f87 [ 128.368201] RDX: 00007ffd6a3d45a9 RSI: 000000000000000a RDI: 00007ffd6a3d45a0 [ 128.368770] RBP: 00007ffd6a3d45a0 R08: 00000000ffffffff R09: 00007ffd6a3d4370 [ 128.369351] R10: 00005555744b9c7b R11: 0000000000000246 R12: 00007f0b2ece2105 [ 128.369935] R13: 00007ffd6a3d5660 R14: 00005555744b9c20 R15: 00007ffd6a3d56a0 [ 128.370512] [ 128.370701] irq event stamp: 169398 [ 128.371007] hardirqs last enabled at (169397): [] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 128.371770] hardirqs last disabled at (169398): [] __schedule+0x16dd/0x3590 [ 128.372495] softirqs last enabled at (169206): [] fpu_clone+0x16e/0x740 [ 128.373181] softirqs last disabled at (169204): [] fpu_clone+0xfa/0x740 [ 128.373850] ---[ end trace 0000000000000000 ]--- 10:30:48 executing program 5: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 1: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 4: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) 10:30:48 executing program 3: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) ftruncate(r1, 0x0) 10:30:48 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 6: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) r1 = dup(r0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x80e85411, 0x0) 10:30:48 executing program 5: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) ftruncate(r1, 0x0) 10:30:48 executing program 3: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 4: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 10:30:48 executing program 3: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@raw={0xc, 0x0, {"8502ae0213ae18fb98"}}, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=@isofs_parent={0x14}, &(0x7f0000000140), 0x0) 10:30:48 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$netlink(r0, &(0x7f0000000440)=@proc, 0xc) 10:30:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) [ 128.700623] kmemleak: Found object by alias at 0x607f1a63e9ac [ 128.700658] CPU: 0 UID: 0 PID: 4046 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.700696] Tainted: [D]=DIE, [W]=WARN [ 128.700704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.700718] Call Trace: [ 128.700725] [ 128.700733] dump_stack_lvl+0xca/0x120 [ 128.700777] __lookup_object+0x94/0xb0 [ 128.700808] delete_object_full+0x27/0x70 [ 128.700848] free_percpu+0x30/0x1160 [ 128.700881] ? arch_uprobe_clear_state+0x16/0x140 [ 128.700916] futex_hash_free+0x38/0xc0 [ 128.700942] mmput+0x2d3/0x390 [ 128.700977] do_exit+0x79d/0x2970 [ 128.701003] ? signal_wake_up_state+0x85/0x120 [ 128.701033] ? zap_other_threads+0x2b9/0x3a0 [ 128.701062] ? __pfx_do_exit+0x10/0x10 [ 128.701087] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.701120] ? lock_release+0x1c7/0x290 [ 128.701147] do_group_exit+0xd3/0x2a0 [ 128.701175] __x64_sys_exit_group+0x3e/0x50 [ 128.701203] x64_sys_call+0x18c5/0x18d0 [ 128.701233] do_syscall_64+0xbf/0x360 [ 128.701256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.701279] RIP: 0033:0x7f6bf201ab19 [ 128.701296] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 128.701306] RSP: 002b:00007ffccb40f508 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.701329] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6bf201ab19 [ 128.701344] RDX: 00007f6bf1fcd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.701358] RBP: 0000000000000000 R08: 0000001b2dc277d4 R09: 0000000000000000 [ 128.701372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.701387] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffccb40f5f0 [ 128.701409] [ 128.701417] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 128.701430] kmemleak: comm "syz-executor.3", pid 4066, jiffies 4294795557 [ 128.701444] kmemleak: min_count = 1 [ 128.701452] kmemleak: count = 0 [ 128.701459] kmemleak: flags = 0x21 [ 128.701466] kmemleak: checksum = 0 [ 128.701474] kmemleak: backtrace: [ 128.701480] pcpu_alloc_noprof+0x87a/0x1170 [ 128.701511] alloc_vfsmnt+0x135/0x6e0 [ 128.701538] vfs_create_mount.part.0+0x40/0x440 [ 128.701569] path_mount+0x1637/0x1dd0 [ 128.701591] __x64_sys_mount+0x27b/0x300 [ 128.701615] do_syscall_64+0xbf/0x360 [ 128.701634] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:48 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) ftruncate(r1, 0x0) 10:30:48 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) accept(r0, 0x0, 0x0) 10:30:48 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) [ 128.870316] EXT4-fs: Invalid want_extra_isize 0 [ 128.872494] EXT4-fs: Invalid want_extra_isize 0 [ 128.890406] kmemleak: Found object by alias at 0x607f1a63e9ac [ 128.890426] CPU: 1 UID: 0 PID: 4076 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.890452] Tainted: [D]=DIE, [W]=WARN [ 128.890458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.890467] Call Trace: [ 128.890472] [ 128.890478] dump_stack_lvl+0xca/0x120 [ 128.890510] __lookup_object+0x94/0xb0 [ 128.890533] delete_object_full+0x27/0x70 [ 128.890554] free_percpu+0x30/0x1160 [ 128.890577] ? arch_uprobe_clear_state+0x16/0x140 [ 128.890602] futex_hash_free+0x38/0xc0 [ 128.890621] mmput+0x2d3/0x390 [ 128.890645] do_exit+0x79d/0x2970 [ 128.890662] ? signal_wake_up_state+0x85/0x120 [ 128.890683] ? zap_other_threads+0x2b9/0x3a0 [ 128.890703] ? __pfx_do_exit+0x10/0x10 [ 128.890720] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.890742] ? lock_release+0x1c7/0x290 [ 128.890761] do_group_exit+0xd3/0x2a0 [ 128.890779] __x64_sys_exit_group+0x3e/0x50 [ 128.890798] x64_sys_call+0x18c5/0x18d0 [ 128.890819] do_syscall_64+0xbf/0x360 [ 128.890842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.890857] RIP: 0033:0x7f6bf201ab19 [ 128.890868] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 128.890875] RSP: 002b:00007ffccb40f508 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.890890] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6bf201ab19 [ 128.890901] RDX: 00007f6bf1fcd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.890910] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 128.890919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.890928] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffccb40f5f0 [ 128.890942] [ 128.890948] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 128.890957] kmemleak: comm "syz-executor.0", pid 4083, jiffies 4294795752 [ 128.890966] kmemleak: min_count = 1 [ 128.890971] kmemleak: count = 0 [ 128.890976] kmemleak: flags = 0x21 [ 128.890980] kmemleak: checksum = 0 [ 128.890985] kmemleak: backtrace: [ 128.890990] pcpu_alloc_noprof+0x87a/0x1170 [ 128.891010] perf_trace_event_init+0x366/0xa10 [ 128.891028] perf_trace_init+0x1a4/0x2f0 [ 128.891044] perf_tp_event_init+0xa6/0x120 [ 128.891066] perf_try_init_event+0x140/0x9f0 [ 128.891084] perf_event_alloc.part.0+0x118e/0x45f0 [ 128.891106] __do_sys_perf_event_open+0x719/0x2c20 [ 128.891124] do_syscall_64+0xbf/0x360 [ 128.891136] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:48 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) ftruncate(r1, 0x0) 10:30:48 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 10:30:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) 10:30:48 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0x39, 0x0, 0x0, &(0x7f0000000480)={[{@debug_want_extra_isize}]}) 10:30:48 executing program 4: io_setup(0x40, &(0x7f0000000040)=0x0) r1 = socket$packet(0x11, 0x2, 0x300) io_submit(r0, 0x1, &(0x7f0000000640)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) 10:30:48 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) 10:30:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_BINDTODEVICE(r1, 0x29, 0x19, &(0x7f0000000000)='lo\x00', 0x10) 10:30:48 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x12, &(0x7f0000000140), 0x4) 10:30:48 executing program 4: io_setup(0x40, &(0x7f0000000040)=0x0) r1 = socket$packet(0x11, 0x2, 0x300) io_submit(r0, 0x1, &(0x7f0000000640)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) 10:30:48 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0x39, 0x0, 0x0, &(0x7f0000000480)={[{@debug_want_extra_isize}]}) [ 128.986147] EXT4-fs: Invalid want_extra_isize 0 10:30:48 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0185879, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}) 10:30:48 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) 10:30:49 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) 10:30:49 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0x39, 0x0, 0x0, &(0x7f0000000480)={[{@debug_want_extra_isize}]}) 10:30:49 executing program 4: io_setup(0x40, &(0x7f0000000040)=0x0) r1 = socket$packet(0x11, 0x2, 0x300) io_submit(r0, 0x1, &(0x7f0000000640)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) 10:30:49 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) [ 129.069735] EXT4-fs: Invalid want_extra_isize 0 10:30:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_BINDTODEVICE(r1, 0x29, 0x19, &(0x7f0000000000)='lo\x00', 0x10) 10:30:49 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xf9ffffff}) [ 129.098659] kmemleak: Found object by alias at 0x607f1a63e9ac [ 129.098676] CPU: 1 UID: 0 PID: 4104 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.098696] Tainted: [D]=DIE, [W]=WARN [ 129.098700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.098707] Call Trace: [ 129.098710] [ 129.098715] dump_stack_lvl+0xca/0x120 [ 129.098738] __lookup_object+0x94/0xb0 [ 129.098758] delete_object_full+0x27/0x70 [ 129.098774] free_percpu+0x30/0x1160 [ 129.098791] ? arch_uprobe_clear_state+0x16/0x140 [ 129.098809] futex_hash_free+0x38/0xc0 [ 129.098822] mmput+0x2d3/0x390 [ 129.098840] do_exit+0x79d/0x2970 [ 129.098853] ? signal_wake_up_state+0x85/0x120 [ 129.098868] ? zap_other_threads+0x2b9/0x3a0 [ 129.098883] ? __pfx_do_exit+0x10/0x10 [ 129.098896] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.098912] ? lock_release+0x1c7/0x290 [ 129.098926] do_group_exit+0xd3/0x2a0 [ 129.098940] __x64_sys_exit_group+0x3e/0x50 [ 129.098954] x64_sys_call+0x18c5/0x18d0 [ 129.098969] do_syscall_64+0xbf/0x360 [ 129.098981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.098992] RIP: 0033:0x7f6bf201ab19 [ 129.099001] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 129.099006] RSP: 002b:00007ffccb40f508 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 129.099018] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6bf201ab19 [ 129.099025] RDX: 00007f6bf1fcd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 129.099033] RBP: 0000000000000000 R08: 0000001b2dc2001c R09: 0000000000000000 [ 129.099039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.099046] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffccb40f5f0 [ 129.099057] [ 129.099060] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 129.099067] kmemleak: comm "syz-executor.7", pid 4107, jiffies 4294795951 [ 129.099074] kmemleak: min_count = 1 [ 129.099078] kmemleak: count = 0 [ 129.099082] kmemleak: flags = 0x21 [ 129.099085] kmemleak: checksum = 0 [ 129.099089] kmemleak: backtrace: [ 129.099092] pcpu_alloc_noprof+0x87a/0x1170 [ 129.099108] perf_trace_event_init+0x366/0xa10 [ 129.099122] perf_trace_init+0x1a4/0x2f0 [ 129.099134] perf_tp_event_init+0xa6/0x120 [ 129.099150] perf_try_init_event+0x140/0x9f0 [ 129.099164] perf_event_alloc.part.0+0x118e/0x45f0 [ 129.099181] __do_sys_perf_event_open+0x719/0x2c20 [ 129.099194] do_syscall_64+0xbf/0x360 [ 129.099203] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:49 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0x39, 0x0, 0x0, &(0x7f0000000480)={[{@debug_want_extra_isize}]}) [ 129.163973] EXT4-fs: Invalid want_extra_isize 0 10:30:49 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) 10:30:49 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 10:30:49 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) 10:30:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_BINDTODEVICE(r1, 0x29, 0x19, &(0x7f0000000000)='lo\x00', 0x10) 10:30:49 executing program 4: io_setup(0x40, &(0x7f0000000040)=0x0) r1 = socket$packet(0x11, 0x2, 0x300) io_submit(r0, 0x1, &(0x7f0000000640)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) 10:30:49 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) 10:30:49 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001c80), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000001d00)={{0x1, 0x1, 0x18}, './file0\x00'}) 10:30:49 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x18, &(0x7f0000000080), 0x4) 10:30:49 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) 10:30:49 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) 10:30:49 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 10:30:49 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) 10:30:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_BINDTODEVICE(r1, 0x29, 0x19, &(0x7f0000000000)='lo\x00', 0x10) 10:30:49 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001c80), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000001d00)={{0x1, 0x1, 0x18}, './file0\x00'}) 10:30:49 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) 10:30:49 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) [ 129.516989] kmemleak: Found object by alias at 0x607f1a63e9ac [ 129.517020] CPU: 1 UID: 0 PID: 4136 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.517061] Tainted: [D]=DIE, [W]=WARN [ 129.517070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.517084] Call Trace: [ 129.517091] 10:30:49 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) [ 129.517100] dump_stack_lvl+0xca/0x120 [ 129.517144] __lookup_object+0x94/0xb0 [ 129.517177] delete_object_full+0x27/0x70 [ 129.517211] free_percpu+0x30/0x1160 [ 129.517244] ? arch_uprobe_clear_state+0x16/0x140 [ 129.517282] futex_hash_free+0x38/0xc0 [ 129.517309] mmput+0x2d3/0x390 [ 129.517347] do_exit+0x79d/0x2970 [ 129.517375] ? lock_release+0x1c7/0x290 [ 129.517404] ? __pfx_do_exit+0x10/0x10 [ 129.517433] ? do_raw_spin_lock+0x123/0x260 [ 129.517466] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.517498] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 129.517532] do_group_exit+0xd3/0x2a0 [ 129.517561] get_signal+0x2315/0x2340 [ 129.517599] ? errseq_sample+0x5a/0x70 [ 129.517633] ? __pfx_get_signal+0x10/0x10 [ 129.517668] ? do_futex+0x135/0x370 [ 129.517696] ? __pfx_do_futex+0x10/0x10 [ 129.517725] arch_do_signal_or_restart+0x80/0x790 [ 129.517760] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 129.517795] ? __x64_sys_futex+0x1c9/0x4d0 [ 129.517822] ? __x64_sys_futex+0x1d2/0x4d0 [ 129.517859] ? __sys_socket+0x9f/0x260 [ 129.517889] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.517918] ? xfd_validate_state+0x55/0x180 [ 129.517956] exit_to_user_mode_loop+0x8b/0x110 [ 129.517990] do_syscall_64+0x2f7/0x360 [ 129.518015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.518039] RIP: 0033:0x7f6bf201ab19 [ 129.518057] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 129.518068] RSP: 002b:00007f6bef590218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.518092] RAX: fffffffffffffe00 RBX: 00007f6bf212df68 RCX: 00007f6bf201ab19 [ 129.518109] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6bf212df68 [ 129.518124] RBP: 00007f6bf212df60 R08: 0000000000000000 R09: 0000000000000000 [ 129.518139] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bf212df6c [ 129.518154] R13: 00007ffccb40f2df R14: 00007f6bef590300 R15: 0000000000022000 [ 129.518177] [ 129.518185] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 129.518199] kmemleak: comm "syz-executor.3", pid 4145, jiffies 4294796373 [ 129.518214] kmemleak: min_count = 1 [ 129.518222] kmemleak: count = 0 [ 129.518230] kmemleak: flags = 0x21 10:30:49 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001c80), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000001d00)={{0x1, 0x1, 0x18}, './file0\x00'}) [ 129.518238] kmemleak: checksum = 0 [ 129.518246] kmemleak: backtrace: [ 129.518253] pcpu_alloc_noprof+0x87a/0x1170 [ 129.518286] perf_trace_event_init+0x366/0xa10 [ 129.518315] perf_trace_init+0x1a4/0x2f0 [ 129.518341] perf_tp_event_init+0xa6/0x120 [ 129.518374] perf_try_init_event+0x140/0x9f0 [ 129.518403] perf_event_alloc.part.0+0x118e/0x45f0 [ 129.518440] __do_sys_perf_event_open+0x719/0x2c20 [ 129.518467] do_syscall_64+0xbf/0x360 [ 129.518487] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:49 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) 10:30:49 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x5, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @dev}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 10:30:49 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001c80), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000001d00)={{0x1, 0x1, 0x18}, './file0\x00'}) 10:30:49 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) 10:30:49 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) 10:30:49 executing program 4: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/102400, 0x19000) 10:30:49 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x80000001}, 0x1c) 10:30:49 executing program 6: readlinkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/182, 0xb6) 10:30:49 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:49 executing program 6: readlinkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/182, 0xb6) [ 129.844488] kmemleak: Found object by alias at 0x607f1a63e9ac [ 129.844517] CPU: 1 UID: 0 PID: 4164 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.844556] Tainted: [D]=DIE, [W]=WARN [ 129.844564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.844577] Call Trace: [ 129.844583] [ 129.844591] dump_stack_lvl+0xca/0x120 [ 129.844629] __lookup_object+0x94/0xb0 [ 129.844658] delete_object_full+0x27/0x70 [ 129.844687] free_percpu+0x30/0x1160 [ 129.844717] ? arch_uprobe_clear_state+0x16/0x140 [ 129.844749] futex_hash_free+0x38/0xc0 [ 129.844773] mmput+0x2d3/0x390 [ 129.844806] do_exit+0x79d/0x2970 [ 129.844837] ? signal_wake_up_state+0x85/0x120 [ 129.844864] ? zap_other_threads+0x2b9/0x3a0 [ 129.844891] ? __pfx_do_exit+0x10/0x10 [ 129.844915] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.844944] ? lock_release+0x1c7/0x290 [ 129.844970] do_group_exit+0xd3/0x2a0 [ 129.844996] __x64_sys_exit_group+0x3e/0x50 [ 129.845022] x64_sys_call+0x18c5/0x18d0 [ 129.845049] do_syscall_64+0xbf/0x360 [ 129.845070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.845091] RIP: 0033:0x7f6bf201ab19 [ 129.845107] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 129.845116] RSP: 002b:00007ffccb40f508 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 129.845137] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6bf201ab19 [ 129.845151] RDX: 00007f6bf1fcd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 129.845165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 129.845177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.845190] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffccb40f5f0 [ 129.845209] [ 129.845216] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 129.845228] kmemleak: comm "syz-executor.3", pid 4173, jiffies 4294796698 [ 129.845241] kmemleak: min_count = 1 [ 129.845248] kmemleak: count = 0 [ 129.845255] kmemleak: flags = 0x21 [ 129.845262] kmemleak: checksum = 0 [ 129.845272] kmemleak: backtrace: [ 129.845279] pcpu_alloc_noprof+0x87a/0x1170 [ 129.845317] perf_trace_event_init+0x366/0xa10 [ 129.845342] perf_trace_init+0x1a4/0x2f0 [ 129.845365] perf_tp_event_init+0xa6/0x120 [ 129.845394] perf_try_init_event+0x140/0x9f0 [ 129.845419] perf_event_alloc.part.0+0x118e/0x45f0 [ 129.845451] __do_sys_perf_event_open+0x719/0x2c20 [ 129.845475] do_syscall_64+0xbf/0x360 [ 129.845493] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:49 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) [ 130.715940] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 130.716727] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 130.737275] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 130.738014] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 130.754724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 130.755595] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 130.776914] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 130.777695] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 130.793190] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 130.794121] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 130.806953] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 130.807743] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 130.825980] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 130.826775] Bluetooth: hci7: Error when powering off device on rfkill (-4) [ 130.846966] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 130.847761] Bluetooth: hci5: Error when powering off device on rfkill (-4) 10:30:51 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:51 executing program 6: readlinkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/182, 0xb6) 10:30:51 executing program 0: shmctl$IPC_STAT(0x0, 0x2, 0x0) 10:30:51 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) 10:30:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x4e22, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffff0000000070"], 0x28}, 0x0) 10:30:51 executing program 1: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:51 executing program 6: readlinkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/182, 0xb6) [ 131.209053] kmemleak: Found object by alias at 0x607f1a63e9ac [ 131.209088] CPU: 0 UID: 0 PID: 4200 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 131.209127] Tainted: [D]=DIE, [W]=WARN [ 131.209136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 131.209149] Call Trace: [ 131.209156] [ 131.209164] dump_stack_lvl+0xca/0x120 [ 131.209208] __lookup_object+0x94/0xb0 [ 131.209240] delete_object_full+0x27/0x70 [ 131.209271] free_percpu+0x30/0x1160 [ 131.209303] ? arch_uprobe_clear_state+0x16/0x140 [ 131.209345] futex_hash_free+0x38/0xc0 [ 131.209372] mmput+0x2d3/0x390 [ 131.209407] do_exit+0x79d/0x2970 [ 131.209433] ? lock_release+0x1c7/0x290 [ 131.209461] ? __pfx_do_exit+0x10/0x10 [ 131.209487] ? do_raw_spin_lock+0x123/0x260 [ 131.209518] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 131.209550] do_group_exit+0xd3/0x2a0 [ 131.209578] get_signal+0x2315/0x2340 [ 131.209613] ? errseq_sample+0x5a/0x70 [ 131.209644] ? __pfx_get_signal+0x10/0x10 [ 131.209678] ? do_futex+0x135/0x370 [ 131.209703] ? __pfx_do_futex+0x10/0x10 [ 131.209730] arch_do_signal_or_restart+0x80/0x790 [ 131.209763] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 131.209795] ? __x64_sys_futex+0x1c9/0x4d0 [ 131.209820] ? __x64_sys_futex+0x1d2/0x4d0 [ 131.209846] ? __sys_socket+0x9f/0x260 [ 131.209875] ? __pfx___x64_sys_futex+0x10/0x10 [ 131.209902] ? xfd_validate_state+0x55/0x180 [ 131.209937] exit_to_user_mode_loop+0x8b/0x110 [ 131.209961] do_syscall_64+0x2f7/0x360 [ 131.209984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.210007] RIP: 0033:0x7f6bf201ab19 [ 131.210024] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 131.210034] RSP: 002b:00007f6bef590218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 131.210057] RAX: fffffffffffffe00 RBX: 00007f6bf212df68 RCX: 00007f6bf201ab19 [ 131.210073] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6bf212df68 [ 131.210086] RBP: 00007f6bf212df60 R08: 0000000000000000 R09: 0000000000000000 [ 131.210100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bf212df6c [ 131.210116] R13: 00007ffccb40f2df R14: 00007f6bef590300 R15: 0000000000022000 [ 131.210138] [ 131.210146] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 131.210159] kmemleak: comm "systemd", pid 1, jiffies 4294796768 [ 131.210172] kmemleak: min_count = 1 [ 131.210179] kmemleak: count = 0 [ 131.210187] kmemleak: flags = 0x21 [ 131.210194] kmemleak: checksum = 0 [ 131.210201] kmemleak: backtrace: [ 131.210208] pcpu_alloc_noprof+0x87a/0x1170 [ 131.210239] percpu_ref_init+0x37/0x400 [ 131.210257] cgroup_mkdir+0x28a/0x1110 [ 131.210283] kernfs_iop_mkdir+0x111/0x190 [ 131.210313] vfs_mkdir+0x59a/0x8d0 [ 131.210344] do_mkdirat+0x19f/0x3d0 [ 131.210366] __x64_sys_mkdir+0xf3/0x140 [ 131.210388] do_syscall_64+0xbf/0x360 [ 131.210407] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:51 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 0: shmctl$IPC_STAT(0x0, 0x2, 0x0) 10:30:51 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:51 executing program 1: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:51 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) 10:30:51 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:51 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 0: shmctl$IPC_STAT(0x0, 0x2, 0x0) 10:30:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x4e22, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffff0000000070"], 0x28}, 0x0) 10:30:51 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 10:30:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 2: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 1: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 6: openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:30:51 executing program 6: openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:30:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x4e22, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffff0000000070"], 0x28}, 0x0) 10:30:51 executing program 0: shmctl$IPC_STAT(0x0, 0x2, 0x0) 10:30:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 2: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 1: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 6: openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:30:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:30:51 executing program 2: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_rr_get_interval(0x0, &(0x7f0000001c80)) 10:30:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x11, r0, 0xee00, 0xee00) 10:30:51 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) [ 131.753042] kmemleak: Found object by alias at 0x607f1a63e9ac [ 131.753076] CPU: 0 UID: 0 PID: 4251 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 131.753114] Tainted: [D]=DIE, [W]=WARN [ 131.753122] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 131.753136] Call Trace: [ 131.753143] [ 131.753152] dump_stack_lvl+0xca/0x120 [ 131.753194] __lookup_object+0x94/0xb0 [ 131.753226] delete_object_full+0x27/0x70 [ 131.753257] free_percpu+0x30/0x1160 [ 131.753289] ? arch_uprobe_clear_state+0x16/0x140 [ 131.753324] futex_hash_free+0x38/0xc0 [ 131.753349] mmput+0x2d3/0x390 [ 131.753384] do_exit+0x79d/0x2970 [ 131.753410] ? signal_wake_up_state+0x85/0x120 [ 131.753439] ? zap_other_threads+0x2b9/0x3a0 [ 131.753468] ? __pfx_do_exit+0x10/0x10 [ 131.753493] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 131.753525] ? lock_release+0x1c7/0x290 [ 131.753553] do_group_exit+0xd3/0x2a0 [ 131.753580] __x64_sys_exit_group+0x3e/0x50 [ 131.753607] x64_sys_call+0x18c5/0x18d0 [ 131.753638] do_syscall_64+0xbf/0x360 [ 131.753661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.753683] RIP: 0033:0x7f6bf201ab19 [ 131.753700] Code: Unable to access opcode bytes at 0x7f6bf201aaef. [ 131.753714] RSP: 002b:00007ffccb40f508 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 131.753744] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6bf201ab19 [ 131.753763] RDX: 00007f6bf1fcd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 131.753777] RBP: 0000000000000000 R08: 0000001b2dc2130c R09: 0000000000000000 [ 131.753791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.753804] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffccb40f5f0 [ 131.753833] [ 131.753841] kmemleak: Object (percpu) 0x607f1a63e9a8 (size 8): [ 131.753854] kmemleak: comm "syz-executor.3", pid 4259, jiffies 4294798611 [ 131.753868] kmemleak: min_count = 1 [ 131.753876] kmemleak: count = 0 [ 131.753883] kmemleak: flags = 0x21 [ 131.753891] kmemleak: checksum = 0 [ 131.753898] kmemleak: backtrace: [ 131.753904] pcpu_alloc_noprof+0x87a/0x1170 [ 131.753935] perf_trace_event_init+0x366/0xa10 [ 131.753962] perf_trace_init+0x1a4/0x2f0 [ 131.753987] perf_tp_event_init+0xa6/0x120 [ 131.754018] perf_try_init_event+0x140/0x9f0 [ 131.754045] perf_event_alloc.part.0+0x118e/0x45f0 [ 131.754078] __do_sys_perf_event_open+0x719/0x2c20 [ 131.754104] do_syscall_64+0xbf/0x360 [ 131.754124] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:30:51 executing program 6: openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:30:51 executing program 1: io_setup(0x572, &(0x7f0000000140)=0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) io_submit(r0, 0x2, &(0x7f0000000100)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0x0, r2, 0x0, 0x28}]) 10:30:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x11, r0, 0xee00, 0xee00) 10:30:51 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)) 10:30:51 executing program 2: setresuid(0xee01, 0xee00, 0x0) mlockall(0x5) 10:30:51 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x0) [ 131.946314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.272094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 10:30:52 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x4e22, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffff0000000070"], 0x28}, 0x0) 10:30:52 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000080)=0x1) 10:30:52 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) 10:30:52 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x11, r0, 0xee00, 0xee00) 10:30:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x572, &(0x7f0000000140)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000340)={&(0x7f0000000040)={[0xc0]}, 0x8}) 10:30:52 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) 10:30:52 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x0) 10:30:52 executing program 2: setresuid(0xee01, 0xee00, 0x0) mlockall(0x5) [ 132.329113] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 132.329996] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 132.330575] CPU: 1 UID: 0 PID: 4286 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 132.331481] Tainted: [D]=DIE, [W]=WARN [ 132.331778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.332412] RIP: 0010:perf_tp_event+0x175/0xe70 [ 132.332782] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 132.334151] RSP: 0018:ffff8880469df780 EFLAGS: 00010012 [ 132.334556] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000685d000 [ 132.335098] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 132.335638] RBP: ffff8880469df9f0 R08: ffff88806cf31340 R09: ffffe8ffffd169a8 [ 132.336185] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 132.336725] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.337272] FS: 00007f311eb59700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.337885] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.338330] CR2: 00007f31216f7018 CR3: 0000000013b32000 CR4: 0000000000350ef0 [ 132.338869] Call Trace: [ 132.339073] [ 132.339253] ? __pfx_perf_tp_event+0x10/0x10 [ 132.339601] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 132.340085] ? lock_release+0x1c7/0x290 [ 132.340402] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 132.340895] ? kvm_sched_clock_read+0x16/0x30 [ 132.341249] ? local_clock_noinstr+0xf/0xc0 [ 132.341589] ? ctx_sched_in+0x134/0x9b0 [ 132.341899] ? __kernel_text_address+0xd/0x40 [ 132.342249] ? __pfx_ctx_sched_in+0x10/0x10 [ 132.342581] ? arch_stack_walk+0x9c/0xf0 [ 132.342899] ? perf_trace_run_bpf_submit+0xef/0x180 [ 132.343287] ? lock_release+0x1c7/0x290 [ 132.343598] perf_trace_run_bpf_submit+0xef/0x180 [ 132.343976] perf_trace_preemptirq_template+0x259/0x430 [ 132.344391] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 132.344819] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.345268] ? __pfx___resched_curr+0x10/0x10 [ 132.345624] ? check_preempt_wakeup_fair+0x406/0x950 [ 132.346018] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 132.346413] trace_irq_enable.constprop.0+0xa6/0x100 [ 132.346804] trace_hardirqs_on+0x26/0x40 [ 132.347119] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 132.347501] try_to_wake_up+0x8ae/0x11d0 [ 132.347821] ? __pfx_try_to_wake_up+0x10/0x10 [ 132.348180] ? plist_del+0x122/0x270 [ 132.348477] ? __futex_unqueue+0xda/0x1c0 [ 132.348802] wake_up_q+0xa1/0x130 [ 132.349081] futex_wake+0x47e/0x540 [ 132.349372] ? __pfx_futex_wake+0x10/0x10 [ 132.349696] ? lock_release+0x1c7/0x290 [ 132.350008] ? lock_release+0x1c7/0x290 [ 132.350318] ? fd_install+0x1f0/0x660 [ 132.350616] do_futex+0x26d/0x370 [ 132.350891] ? __pfx_do_futex+0x10/0x10 [ 132.351202] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 132.351613] ? count_memcg_events+0x32b/0x420 [ 132.351967] __x64_sys_futex+0x1c9/0x4d0 [ 132.352290] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.352739] ? __pfx___x64_sys_futex+0x10/0x10 [ 132.353099] do_syscall_64+0xbf/0x360 [ 132.353397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.353794] RIP: 0033:0x7f31215e3b19 [ 132.354090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.355462] RSP: 002b:00007f311eb59218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.356037] RAX: ffffffffffffffda RBX: 00007f31216f6f68 RCX: 00007f31215e3b19 [ 132.356583] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31216f6f6c [ 132.357123] RBP: 00007f31216f6f60 R08: 000000000000000e R09: 0000000000000000 [ 132.357661] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f31216f6f6c [ 132.358204] R13: 00007fffe9d04cef R14: 00007f311eb59300 R15: 0000000000022000 [ 132.358748] [ 132.358931] Modules linked in: [ 132.359181] ---[ end trace 0000000000000000 ]--- [ 132.359539] RIP: 0010:perf_tp_event+0x175/0xe70 [ 132.359905] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 132.361280] RSP: 0018:ffff888045a8f780 EFLAGS: 00010012 [ 132.361686] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 132.362228] RDX: ffff888044b68000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 132.362769] RBP: ffff888045a8f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd169a8 [ 132.363311] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 132.363854] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.364400] FS: 00007f311eb59700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.365009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.365452] CR2: 00007f31216f7018 CR3: 0000000013b32000 CR4: 0000000000350ef0 [ 132.365996] note: syz-executor.4[4286] exited with irqs disabled [ 132.366507] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 132.367351] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 132.367924] CPU: 1 UID: 0 PID: 4286 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 132.368829] Tainted: [D]=DIE, [W]=WARN [ 132.369122] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.369743] RIP: 0010:perf_tp_event+0x175/0xe70 [ 132.370110] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 132.371479] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 132.371887] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 132.372432] RDX: ffff88801684d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 132.372973] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd169a8 [ 132.373515] R10: 0000000000000000 R11: ffff888018910898 R12: dffffc0000000000 [ 132.374053] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 132.374592] FS: 00007f311eb59700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.375200] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.375643] CR2: 00007f31216f7018 CR3: 0000000013b32000 CR4: 0000000000350ef0 [ 132.376190] Call Trace: [ 132.376391] [ 132.376565] ? __pfx_perf_tp_event+0x10/0x10 [ 132.376914] ? enqueue_task_fair+0xded/0x1e00 [ 132.377266] ? check_preempt_wakeup_fair+0x6e/0x950 [ 132.377650] ? wakeup_preempt+0x140/0x2a0 [ 132.377975] ? lock_release+0x1c7/0x290 [ 132.378289] ? lock_release+0x1c7/0x290 [ 132.378602] ? do_raw_spin_unlock+0x53/0x220 [ 132.378952] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 132.379350] ? try_to_wake_up+0x8ae/0x11d0 [ 132.379687] ? do_raw_spin_lock+0x123/0x260 [ 132.380028] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 132.380405] ? perf_trace_run_bpf_submit+0xef/0x180 [ 132.380799] perf_trace_run_bpf_submit+0xef/0x180 [ 132.381183] perf_trace_preemptirq_template+0x259/0x430 [ 132.381596] ? read_tsc+0x9/0x20 [ 132.381870] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.382321] ? clockevents_program_event+0x135/0x360 [ 132.382720] ? tick_program_event+0xac/0x140 [ 132.383066] ? handle_softirqs+0x16e/0x770 [ 132.383404] trace_irq_enable.constprop.0+0xa6/0x100 [ 132.383799] trace_hardirqs_on+0x26/0x40 [ 132.384122] handle_softirqs+0x16e/0x770 [ 132.384448] __irq_exit_rcu+0xc4/0x100 [ 132.384760] irq_exit_rcu+0x9/0x20 [ 132.385039] sysvec_apic_timer_interrupt+0x70/0x80 [ 132.385424] [ 132.385601] [ 132.385780] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.386185] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 132.386551] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 132.387938] RSP: 0018:ffff8880469dff28 EFLAGS: 00000246 [ 132.388354] RAX: 0000000000000001 RBX: ffff88801684d280 RCX: ffffffff817c3ab6 [ 132.388902] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 132.389447] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 132.389993] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801684d280 [ 132.390538] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 132.391086] ? trace_irq_enable.constprop.0+0x26/0x100 [ 132.391494] ? make_task_dead+0x214/0x3b0 [ 132.391822] ? make_task_dead+0x214/0x3b0 [ 132.392157] ? do_syscall_64+0xbf/0x360 [ 132.392468] rewind_stack_and_make_dead+0x16/0x20 [ 132.392849] RIP: 0033:0x7f31215e3b19 [ 132.393137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.394521] RSP: 002b:00007f311eb59218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.395101] RAX: ffffffffffffffda RBX: 00007f31216f6f68 RCX: 00007f31215e3b19 [ 132.395644] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31216f6f6c [ 132.396193] RBP: 00007f31216f6f60 R08: 000000000000000e R09: 0000000000000000 [ 132.396736] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f31216f6f6c [ 132.397279] R13: 00007fffe9d04cef R14: 00007f311eb59300 R15: 0000000000022000 [ 132.397829] [ 132.398013] Modules linked in: [ 132.398264] ---[ end trace 0000000000000000 ]--- [ 132.398627] RIP: 0010:perf_tp_event+0x175/0xe70 [ 132.398994] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 132.400426] RSP: 0018:ffff888045a8f780 EFLAGS: 00010012 [ 132.400856] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 132.401430] RDX: ffff888044b68000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 132.402007] RBP: ffff888045a8f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd169a8 [ 132.402581] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 132.403161] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.403737] FS: 00007f311eb59700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.404389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.404855] CR2: 00007f31216f7018 CR3: 0000000013b32000 CR4: 0000000000350ef0 [ 132.405430] Kernel panic - not syncing: Fatal exception in interrupt [ 132.406039] Kernel Offset: disabled [ 132.406331] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:30:45 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888017315280 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888045707988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555d5cb400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d925000 CR3=000000001dbc5000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000ff0000000000000000000000 XMM01=00000000010000000000000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f62bf49e7c800007f62bf49e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045a8f070 R8 =0000000000000000 R9 =ffffed1001411046 R10=0000000000000062 R11=0000000065646f43 R12=0000000000000062 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556f7fe400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f076d8983a4 CR3=0000000013aa5000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f31216ca7c000007f31216ca7c8 XMM02=00007f31216ca7e000007f31216ca7c0 XMM03=00007f31216ca7c800007f31216ca7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000