Warning: Permanently added '[localhost]:15155' (ECDSA) to the list of known hosts. 2025/09/01 10:45:01 fuzzer started 2025/09/01 10:45:02 dialing manager at localhost:35473 syzkaller login: [ 52.339905] cgroup: Unknown subsys name 'net' [ 52.390779] cgroup: Unknown subsys name 'cpuset' [ 52.403621] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:45:13 syscalls: 2214 2025/09/01 10:45:13 code coverage: enabled 2025/09/01 10:45:13 comparison tracing: enabled 2025/09/01 10:45:13 extra coverage: enabled 2025/09/01 10:45:13 setuid sandbox: enabled 2025/09/01 10:45:13 namespace sandbox: enabled 2025/09/01 10:45:13 Android sandbox: enabled 2025/09/01 10:45:13 fault injection: enabled 2025/09/01 10:45:13 leak checking: enabled 2025/09/01 10:45:13 net packet injection: enabled 2025/09/01 10:45:13 net device setup: enabled 2025/09/01 10:45:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:45:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:45:13 USB emulation: enabled 2025/09/01 10:45:13 hci packet injection: enabled 2025/09/01 10:45:13 wifi device emulation: enabled 2025/09/01 10:45:13 802.15.4 emulation: enabled 2025/09/01 10:45:13 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:45:13 fetching corpus: 45, signal 15639/19280 (executing program) 2025/09/01 10:45:13 fetching corpus: 93, signal 30247/35276 (executing program) 2025/09/01 10:45:13 fetching corpus: 143, signal 40552/46754 (executing program) 2025/09/01 10:45:13 fetching corpus: 193, signal 46207/53672 (executing program) 2025/09/01 10:45:13 fetching corpus: 243, signal 53643/62160 (executing program) 2025/09/01 10:45:13 fetching corpus: 293, signal 58190/67815 (executing program) 2025/09/01 10:45:13 fetching corpus: 342, signal 61213/71954 (executing program) 2025/09/01 10:45:14 fetching corpus: 392, signal 65009/76699 (executing program) 2025/09/01 10:45:14 fetching corpus: 441, signal 67526/80221 (executing program) 2025/09/01 10:45:14 fetching corpus: 491, signal 70035/83676 (executing program) 2025/09/01 10:45:14 fetching corpus: 541, signal 73400/87848 (executing program) 2025/09/01 10:45:14 fetching corpus: 591, signal 77526/92558 (executing program) 2025/09/01 10:45:14 fetching corpus: 641, signal 81028/96662 (executing program) 2025/09/01 10:45:14 fetching corpus: 690, signal 83947/100235 (executing program) 2025/09/01 10:45:14 fetching corpus: 740, signal 85541/102641 (executing program) 2025/09/01 10:45:14 fetching corpus: 790, signal 87914/105599 (executing program) 2025/09/01 10:45:14 fetching corpus: 839, signal 89651/107998 (executing program) 2025/09/01 10:45:14 fetching corpus: 888, signal 91236/110286 (executing program) 2025/09/01 10:45:15 fetching corpus: 938, signal 92290/112136 (executing program) 2025/09/01 10:45:15 fetching corpus: 988, signal 93596/114138 (executing program) 2025/09/01 10:45:15 fetching corpus: 1038, signal 95066/116217 (executing program) 2025/09/01 10:45:15 fetching corpus: 1088, signal 98082/119438 (executing program) 2025/09/01 10:45:15 fetching corpus: 1138, signal 99532/121429 (executing program) 2025/09/01 10:45:15 fetching corpus: 1188, signal 100208/122846 (executing program) 2025/09/01 10:45:15 fetching corpus: 1238, signal 104073/126569 (executing program) 2025/09/01 10:45:15 fetching corpus: 1288, signal 104996/128130 (executing program) 2025/09/01 10:45:15 fetching corpus: 1337, signal 106135/129725 (executing program) 2025/09/01 10:45:15 fetching corpus: 1387, signal 106931/131109 (executing program) 2025/09/01 10:45:16 fetching corpus: 1437, signal 108076/132785 (executing program) 2025/09/01 10:45:16 fetching corpus: 1487, signal 109676/134665 (executing program) 2025/09/01 10:45:16 fetching corpus: 1537, signal 110725/136142 (executing program) 2025/09/01 10:45:16 fetching corpus: 1587, signal 112524/138117 (executing program) 2025/09/01 10:45:16 fetching corpus: 1636, signal 113763/139741 (executing program) 2025/09/01 10:45:16 fetching corpus: 1685, signal 115093/141326 (executing program) 2025/09/01 10:45:16 fetching corpus: 1735, signal 115678/142455 (executing program) 2025/09/01 10:45:16 fetching corpus: 1785, signal 116571/143710 (executing program) 2025/09/01 10:45:16 fetching corpus: 1835, signal 117466/145014 (executing program) 2025/09/01 10:45:16 fetching corpus: 1881, signal 118323/146181 (executing program) 2025/09/01 10:45:17 fetching corpus: 1931, signal 119282/147435 (executing program) 2025/09/01 10:45:17 fetching corpus: 1981, signal 120264/148718 (executing program) 2025/09/01 10:45:17 fetching corpus: 2030, signal 121124/149879 (executing program) 2025/09/01 10:45:17 fetching corpus: 2080, signal 122031/151015 (executing program) 2025/09/01 10:45:17 fetching corpus: 2130, signal 122716/152044 (executing program) 2025/09/01 10:45:17 fetching corpus: 2177, signal 123577/153146 (executing program) 2025/09/01 10:45:17 fetching corpus: 2226, signal 124347/154202 (executing program) 2025/09/01 10:45:17 fetching corpus: 2275, signal 125279/155315 (executing program) 2025/09/01 10:45:17 fetching corpus: 2324, signal 126044/156287 (executing program) 2025/09/01 10:45:17 fetching corpus: 2374, signal 126613/157181 (executing program) 2025/09/01 10:45:17 fetching corpus: 2422, signal 127251/158115 (executing program) 2025/09/01 10:45:18 fetching corpus: 2470, signal 128418/159231 (executing program) 2025/09/01 10:45:18 fetching corpus: 2519, signal 129184/160177 (executing program) 2025/09/01 10:45:18 fetching corpus: 2569, signal 129683/161000 (executing program) 2025/09/01 10:45:18 fetching corpus: 2618, signal 130744/162067 (executing program) 2025/09/01 10:45:18 fetching corpus: 2668, signal 131296/162899 (executing program) 2025/09/01 10:45:18 fetching corpus: 2718, signal 131902/163756 (executing program) 2025/09/01 10:45:18 fetching corpus: 2768, signal 132709/164670 (executing program) 2025/09/01 10:45:18 fetching corpus: 2818, signal 133315/165440 (executing program) 2025/09/01 10:45:18 fetching corpus: 2867, signal 133941/166238 (executing program) 2025/09/01 10:45:18 fetching corpus: 2917, signal 134458/166990 (executing program) 2025/09/01 10:45:18 fetching corpus: 2967, signal 135446/167883 (executing program) 2025/09/01 10:45:18 fetching corpus: 3017, signal 136069/168626 (executing program) 2025/09/01 10:45:19 fetching corpus: 3067, signal 136525/169285 (executing program) 2025/09/01 10:45:19 fetching corpus: 3116, signal 137227/170006 (executing program) 2025/09/01 10:45:19 fetching corpus: 3165, signal 137983/170801 (executing program) 2025/09/01 10:45:19 fetching corpus: 3215, signal 138489/171471 (executing program) 2025/09/01 10:45:19 fetching corpus: 3265, signal 138985/172175 (executing program) 2025/09/01 10:45:19 fetching corpus: 3315, signal 139628/172827 (executing program) 2025/09/01 10:45:19 fetching corpus: 3365, signal 140180/173456 (executing program) 2025/09/01 10:45:19 fetching corpus: 3414, signal 140973/174108 (executing program) 2025/09/01 10:45:19 fetching corpus: 3463, signal 141444/174741 (executing program) 2025/09/01 10:45:19 fetching corpus: 3513, signal 142000/175327 (executing program) 2025/09/01 10:45:19 fetching corpus: 3563, signal 142805/175966 (executing program) 2025/09/01 10:45:20 fetching corpus: 3612, signal 143354/176561 (executing program) 2025/09/01 10:45:20 fetching corpus: 3661, signal 144044/177151 (executing program) 2025/09/01 10:45:20 fetching corpus: 3707, signal 146154/177995 (executing program) 2025/09/01 10:45:20 fetching corpus: 3756, signal 146707/178516 (executing program) 2025/09/01 10:45:20 fetching corpus: 3806, signal 147240/179002 (executing program) 2025/09/01 10:45:20 fetching corpus: 3855, signal 147940/179599 (executing program) 2025/09/01 10:45:20 fetching corpus: 3905, signal 148956/180130 (executing program) 2025/09/01 10:45:20 fetching corpus: 3955, signal 149435/180572 (executing program) 2025/09/01 10:45:20 fetching corpus: 4005, signal 149992/180994 (executing program) 2025/09/01 10:45:20 fetching corpus: 4055, signal 150604/181433 (executing program) 2025/09/01 10:45:21 fetching corpus: 4104, signal 151167/181847 (executing program) 2025/09/01 10:45:21 fetching corpus: 4154, signal 151622/182234 (executing program) 2025/09/01 10:45:21 fetching corpus: 4203, signal 152109/182608 (executing program) 2025/09/01 10:45:21 fetching corpus: 4253, signal 152753/182996 (executing program) 2025/09/01 10:45:21 fetching corpus: 4303, signal 153781/183386 (executing program) 2025/09/01 10:45:21 fetching corpus: 4353, signal 154493/183768 (executing program) 2025/09/01 10:45:21 fetching corpus: 4403, signal 155182/184104 (executing program) 2025/09/01 10:45:21 fetching corpus: 4452, signal 156092/184363 (executing program) 2025/09/01 10:45:21 fetching corpus: 4502, signal 156688/184371 (executing program) 2025/09/01 10:45:22 fetching corpus: 4552, signal 157118/184373 (executing program) 2025/09/01 10:45:22 fetching corpus: 4601, signal 157547/184375 (executing program) 2025/09/01 10:45:22 fetching corpus: 4651, signal 157874/184383 (executing program) 2025/09/01 10:45:22 fetching corpus: 4701, signal 158270/184391 (executing program) 2025/09/01 10:45:22 fetching corpus: 4751, signal 158533/184397 (executing program) 2025/09/01 10:45:22 fetching corpus: 4800, signal 158967/184399 (executing program) 2025/09/01 10:45:22 fetching corpus: 4850, signal 159372/184401 (executing program) 2025/09/01 10:45:22 fetching corpus: 4900, signal 159726/184411 (executing program) 2025/09/01 10:45:22 fetching corpus: 4950, signal 160327/184437 (executing program) 2025/09/01 10:45:22 fetching corpus: 4999, signal 160844/184477 (executing program) 2025/09/01 10:45:22 fetching corpus: 5048, signal 161327/184564 (executing program) 2025/09/01 10:45:23 fetching corpus: 5097, signal 161599/184573 (executing program) 2025/09/01 10:45:23 fetching corpus: 5147, signal 161943/184577 (executing program) 2025/09/01 10:45:23 fetching corpus: 5196, signal 162348/184587 (executing program) 2025/09/01 10:45:23 fetching corpus: 5246, signal 162728/184591 (executing program) 2025/09/01 10:45:23 fetching corpus: 5292, signal 163277/184596 (executing program) 2025/09/01 10:45:23 fetching corpus: 5342, signal 163804/184599 (executing program) 2025/09/01 10:45:23 fetching corpus: 5392, signal 164112/184605 (executing program) 2025/09/01 10:45:23 fetching corpus: 5442, signal 164953/184614 (executing program) 2025/09/01 10:45:23 fetching corpus: 5491, signal 165169/184618 (executing program) 2025/09/01 10:45:23 fetching corpus: 5541, signal 165555/184631 (executing program) 2025/09/01 10:45:23 fetching corpus: 5588, signal 165923/184641 (executing program) 2025/09/01 10:45:23 fetching corpus: 5637, signal 166567/184652 (executing program) 2025/09/01 10:45:24 fetching corpus: 5686, signal 166941/184670 (executing program) 2025/09/01 10:45:24 fetching corpus: 5736, signal 167625/184781 (executing program) 2025/09/01 10:45:24 fetching corpus: 5785, signal 168069/184796 (executing program) 2025/09/01 10:45:24 fetching corpus: 5834, signal 168322/184796 (executing program) 2025/09/01 10:45:24 fetching corpus: 5884, signal 169065/184796 (executing program) 2025/09/01 10:45:24 fetching corpus: 5933, signal 169541/184798 (executing program) 2025/09/01 10:45:24 fetching corpus: 5983, signal 170078/184881 (executing program) 2025/09/01 10:45:24 fetching corpus: 6033, signal 170405/184888 (executing program) 2025/09/01 10:45:24 fetching corpus: 6083, signal 170636/184889 (executing program) 2025/09/01 10:45:24 fetching corpus: 6133, signal 170945/184900 (executing program) 2025/09/01 10:45:24 fetching corpus: 6183, signal 171378/184942 (executing program) 2025/09/01 10:45:24 fetching corpus: 6232, signal 171766/184947 (executing program) 2025/09/01 10:45:25 fetching corpus: 6281, signal 172278/184951 (executing program) 2025/09/01 10:45:25 fetching corpus: 6331, signal 172593/184957 (executing program) 2025/09/01 10:45:25 fetching corpus: 6381, signal 173102/184970 (executing program) 2025/09/01 10:45:25 fetching corpus: 6431, signal 173375/184975 (executing program) 2025/09/01 10:45:25 fetching corpus: 6480, signal 173695/184977 (executing program) 2025/09/01 10:45:25 fetching corpus: 6530, signal 174066/184985 (executing program) 2025/09/01 10:45:25 fetching corpus: 6580, signal 174605/184985 (executing program) 2025/09/01 10:45:25 fetching corpus: 6628, signal 174883/184997 (executing program) 2025/09/01 10:45:25 fetching corpus: 6676, signal 175139/185046 (executing program) 2025/09/01 10:45:25 fetching corpus: 6726, signal 175440/185054 (executing program) 2025/09/01 10:45:25 fetching corpus: 6776, signal 175707/185059 (executing program) 2025/09/01 10:45:25 fetching corpus: 6824, signal 175928/185072 (executing program) 2025/09/01 10:45:26 fetching corpus: 6874, signal 176142/185073 (executing program) 2025/09/01 10:45:26 fetching corpus: 6924, signal 176494/185083 (executing program) 2025/09/01 10:45:26 fetching corpus: 6973, signal 176728/185092 (executing program) 2025/09/01 10:45:26 fetching corpus: 7022, signal 176951/185094 (executing program) 2025/09/01 10:45:26 fetching corpus: 7072, signal 177342/185102 (executing program) 2025/09/01 10:45:26 fetching corpus: 7121, signal 177803/185106 (executing program) 2025/09/01 10:45:26 fetching corpus: 7171, signal 178253/185106 (executing program) 2025/09/01 10:45:26 fetching corpus: 7220, signal 179069/185117 (executing program) 2025/09/01 10:45:26 fetching corpus: 7268, signal 179369/185136 (executing program) 2025/09/01 10:45:26 fetching corpus: 7318, signal 179765/185149 (executing program) 2025/09/01 10:45:26 fetching corpus: 7366, signal 180265/185149 (executing program) 2025/09/01 10:45:26 fetching corpus: 7416, signal 180547/185152 (executing program) 2025/09/01 10:45:27 fetching corpus: 7465, signal 180851/185161 (executing program) 2025/09/01 10:45:27 fetching corpus: 7514, signal 181019/185161 (executing program) 2025/09/01 10:45:27 fetching corpus: 7564, signal 181314/185188 (executing program) 2025/09/01 10:45:27 fetching corpus: 7613, signal 181508/185194 (executing program) 2025/09/01 10:45:27 fetching corpus: 7662, signal 181819/185211 (executing program) 2025/09/01 10:45:27 fetching corpus: 7712, signal 182211/185226 (executing program) 2025/09/01 10:45:27 fetching corpus: 7762, signal 182471/185301 (executing program) 2025/09/01 10:45:27 fetching corpus: 7791, signal 182592/185306 (executing program) 2025/09/01 10:45:27 fetching corpus: 7791, signal 182592/185306 (executing program) 2025/09/01 10:45:29 starting 8 fuzzer processes 10:45:29 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000480)) 10:45:29 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, 0x0) 10:45:29 executing program 3: getpgid(0x0) r0 = getpgrp(0x0) pidfd_open(r0, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x400a02, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$PTP_ENABLE_PPS(0xffffffffffffffff, 0x40043d04, 0x0) msgsnd(0x0, &(0x7f00000001c0)={0x2}, 0x8, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PTP_PIN_SETFUNC2(r1, 0x40603d10, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000300), 0x28786, 0x0) ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) syz_genetlink_get_family_id$nbd(&(0x7f00000003c0), 0xffffffffffffffff) 10:45:29 executing program 7: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x10000}) 10:45:29 executing program 4: syz_emit_ethernet(0x2a, &(0x7f0000000140)={@multicast, @link_local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @empty, @private, @random="645b467e8bd0"}}}}, 0x0) 10:45:29 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc02c5341, &(0x7f0000000040)={0x0, @tick=0x4d7}) [ 80.032181] audit: type=1400 audit(1756723529.912:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:45:29 executing program 5: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000100)) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) truncate(&(0x7f0000000040)='./file0\x00', 0xf829) 10:45:29 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x1f, 0x0, 0x0) [ 81.164984] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.167503] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.171025] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.176941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.181771] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.351087] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.355768] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.358694] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.363850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.367565] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.484991] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.490648] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.496846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.499683] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.502864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.514710] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.519099] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.524773] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.526223] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.527529] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.528764] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.533204] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.535796] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.538576] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.540182] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.542631] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.544707] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.547488] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.555821] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.556022] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.558046] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.559076] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.561482] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.577774] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.583628] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.592178] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.602306] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.611617] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.618627] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.623909] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.194840] Bluetooth: hci0: command tx timeout [ 83.386471] Bluetooth: hci1: command tx timeout [ 83.578490] Bluetooth: hci6: command tx timeout [ 83.579968] Bluetooth: hci3: command tx timeout [ 83.642937] Bluetooth: hci2: command tx timeout [ 83.643582] Bluetooth: hci4: command tx timeout [ 83.644036] Bluetooth: hci5: command tx timeout [ 83.707079] Bluetooth: hci7: command tx timeout [ 85.244358] Bluetooth: hci0: command tx timeout [ 85.434383] Bluetooth: hci1: command tx timeout [ 85.626505] Bluetooth: hci6: command tx timeout [ 85.626533] Bluetooth: hci3: command tx timeout [ 85.692361] Bluetooth: hci5: command tx timeout [ 85.692400] Bluetooth: hci4: command tx timeout [ 85.692813] Bluetooth: hci2: command tx timeout [ 85.754526] Bluetooth: hci7: command tx timeout [ 87.290483] Bluetooth: hci0: command tx timeout [ 87.483130] Bluetooth: hci1: command tx timeout [ 87.675076] Bluetooth: hci6: command tx timeout [ 87.676633] Bluetooth: hci3: command tx timeout [ 87.738533] Bluetooth: hci2: command tx timeout [ 87.738993] Bluetooth: hci4: command tx timeout [ 87.740385] Bluetooth: hci5: command tx timeout [ 87.803489] Bluetooth: hci7: command tx timeout [ 89.339000] Bluetooth: hci0: command tx timeout [ 89.530516] Bluetooth: hci1: command tx timeout [ 89.724354] Bluetooth: hci3: command tx timeout [ 89.724820] Bluetooth: hci6: command tx timeout [ 89.786398] Bluetooth: hci4: command tx timeout [ 89.786838] Bluetooth: hci2: command tx timeout [ 89.787226] Bluetooth: hci5: command tx timeout [ 89.852232] Bluetooth: hci7: command tx timeout [ 116.941890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.943273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.121884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.122992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.246585] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.247172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.395274] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.395947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.538921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.539593] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.661649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.662273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.741388] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.741986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:07 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000640), 0x4) [ 117.815835] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 10:46:07 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3e, &(0x7f0000000140)={0x0, 0x0}, 0x10) [ 117.928991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.929802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.978536] audit: type=1400 audit(1756723567.848:8): avc: denied { open } for pid=3843 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 117.984823] audit: type=1400 audit(1756723567.848:9): avc: denied { kernel } for pid=3843 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:46:07 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x8) 10:46:07 executing program 7: syz_emit_ethernet(0x83, &(0x7f0000000280)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"cd3e2da44097b06b3c8fefb51d038ba210ff5455f23070f8e8b984eae5dee293ebbf34c746a6c8cfe8a14dfff9d5471a27568eb048c28e608e"}}}}}}}, 0x0) 10:46:08 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3e, &(0x7f0000000140)={0x0, 0x0}, 0x10) 10:46:08 executing program 7: mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x94872, 0xffffffffffffffff, 0x0) 10:46:08 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x8) 10:46:08 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3e, &(0x7f0000000140)={0x0, 0x0}, 0x10) [ 118.317445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.318060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.409996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.410843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.547084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.548002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.599068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.599731] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.634626] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.635217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.665612] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.666177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.733039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.733765] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.765733] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.766344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:46:08 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xd, 0x0, &(0x7f0000000100)) 10:46:08 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3e, &(0x7f0000000140)={0x0, 0x0}, 0x10) 10:46:08 executing program 7: mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x94872, 0xffffffffffffffff, 0x0) 10:46:08 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') lseek(r0, 0x100000000, 0x1) 10:46:08 executing program 2: set_tid_address(0x0) 10:46:08 executing program 3: prctl$PR_SET_MM(0x25, 0xf0ff1f00000000, &(0x7f0000ffc000/0x2000)=nil) 10:46:08 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x8) 10:46:08 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = epoll_create(0x6) flistxattr(r0, 0x0, 0x0) 10:46:08 executing program 2: msgget(0x0, 0x0) 10:46:08 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = epoll_create(0x6) flistxattr(r0, 0x0, 0x0) 10:46:08 executing program 7: mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x94872, 0xffffffffffffffff, 0x0) [ 119.047934] kmemleak: Found object by alias at 0x607f1a63e0e4 [ 119.047954] CPU: 1 UID: 0 PID: 3916 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.047973] Tainted: [W]=WARN [ 119.047977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.047985] Call Trace: [ 119.047989] [ 119.047994] dump_stack_lvl+0xca/0x120 [ 119.048027] __lookup_object+0x94/0xb0 [ 119.048046] delete_object_full+0x27/0x70 [ 119.048063] free_percpu+0x30/0x1160 [ 119.048081] ? arch_uprobe_clear_state+0x16/0x140 [ 119.048103] futex_hash_free+0x38/0xc0 [ 119.048119] mmput+0x2d3/0x390 [ 119.048143] do_exit+0x79d/0x2970 [ 119.048157] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.048172] ? zap_other_threads+0x2b9/0x3a0 [ 119.048191] ? __pfx_do_exit+0x10/0x10 [ 119.048204] ? do_group_exit+0x1c3/0x2a0 [ 119.048219] ? _raw_spin_unlock_irq+0x23/0x40 [ 119.048239] do_group_exit+0xd3/0x2a0 [ 119.048255] __x64_sys_exit_group+0x3e/0x50 [ 119.048269] x64_sys_call+0x18c5/0x18d0 [ 119.048286] do_syscall_64+0xbf/0x360 [ 119.048300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.048312] RIP: 0033:0x7fbfe7830b19 [ 119.048321] Code: Unable to access opcode bytes at 0x7fbfe7830aef. [ 119.048327] RSP: 002b:00007ffd22f5c0a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 119.048341] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fbfe7830b19 [ 119.048349] RDX: 00007fbfe77e372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 119.048357] RBP: 0000000000000000 R08: 0000001b2d2237f8 R09: 0000000000000000 [ 119.048364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.048371] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd22f5c190 [ 119.048389] [ 119.048392] kmemleak: Object (percpu) 0x607f1a63e0e0 (size 8): [ 119.048399] kmemleak: comm "kworker/u9:5", pid 417, jiffies 4294785297 [ 119.048406] kmemleak: min_count = 1 [ 119.048410] kmemleak: count = 0 [ 119.048414] kmemleak: flags = 0x21 [ 119.048418] kmemleak: checksum = 0 [ 119.048422] kmemleak: backtrace: [ 119.048426] pcpu_alloc_noprof+0x87a/0x1170 [ 119.048442] fib_nh_common_init+0x30/0xd0 [ 119.048455] fib6_nh_init+0x968/0x1a00 [ 119.048467] ip6_route_info_create_nh+0x530/0xf80 [ 119.048478] ip6_route_add.part.0+0x59/0x170 [ 119.048489] ip6_route_add+0x48/0x60 [ 119.048499] addrconf_add_mroute+0x12d/0x190 [ 119.048511] addrconf_add_dev+0x148/0x1c0 [ 119.048526] addrconf_dev_config+0x1e9/0x430 [ 119.048541] addrconf_notify+0xa70/0x1920 [ 119.048551] notifier_call_chain+0xc0/0x360 [ 119.048562] call_netdevice_notifiers_info+0xbe/0x140 [ 119.048575] netif_state_change+0x157/0x330 [ 119.048585] linkwatch_do_dev+0x111/0x150 [ 119.048597] __linkwatch_run_queue+0x2ab/0x710 [ 119.048608] linkwatch_event+0x4e/0x70 10:46:08 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') lseek(r0, 0x100000000, 0x1) 10:46:08 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgsnd(0x0, 0x0, 0x0, 0x0) 10:46:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xd, 0x0, &(0x7f0000000100)) 10:46:09 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = epoll_create(0x6) flistxattr(r0, 0x0, 0x0) 10:46:09 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000080)={0x2, {0x2, 0x3ff, 0x8000, 0x6, 0x1f0}}) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="a20e73f1b1812c8df6967520cdbfb383417a9437ee7abadfd3289b313771", 0x1e}], 0x1) 10:46:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000001980)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1e, 0x0, "52dea74fddd0a221d1d69c29217d9e8b04ba0441712b57a2521ea63acd8d49aa6183b6797f1d083476f54bc21a901f4aea60f385b2c32a9c48557719ef6485c837a72484f5880208170898d1e5313464"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4) 10:46:09 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') lseek(r0, 0x100000000, 0x1) 10:46:09 executing program 3: syz_mount_image$iso9660(&(0x7f0000001300), &(0x7f0000001340)='./file0\x00', 0x0, 0x0, 0x0, 0x8cffffff, &(0x7f0000002900)) 10:46:09 executing program 7: mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x94872, 0xffffffffffffffff, 0x0) 10:46:09 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x8) [ 119.221402] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 119.222326] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.222925] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.224725] Tainted: [W]=WARN [ 119.225581] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.225589] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.225615] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.225627] RSP: 0018:ffff88801bd47780 EFLAGS: 00010012 [ 119.225638] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.225646] RDX: ffff88801bc23700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.225654] RBP: ffff88801bd479f0 R08: ffff88806ce31340 R09: ffffe8ffffc15ab0 [ 119.225663] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.225670] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.225680] FS: 000055556d03a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.225692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.225700] CR2: 00007f25be719018 CR3: 0000000044b6f000 CR4: 0000000000350ef0 [ 119.225708] Call Trace: [ 119.225712] [ 119.225719] ? __pfx_perf_tp_event+0x10/0x10 [ 119.225737] ? arch_scale_cpu_capacity+0x17/0xa0 [ 119.225758] ? cpu_util.constprop.0+0x17d/0x340 [ 119.225778] ? __asan_memset+0x24/0x50 [ 119.225793] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 119.225808] ? lock_release+0xc8/0x290 [ 119.225825] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 119.225837] ? __lock_acquire+0x694/0x1b70 [ 119.225851] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.225868] perf_trace_run_bpf_submit+0xef/0x180 [ 119.225886] perf_trace_preemptirq_template+0x259/0x430 [ 119.225900] ? __pick_eevdf+0x326/0x570 [ 119.225911] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.225924] ? update_curr+0x39e/0x500 [ 119.225937] ? find_held_lock+0x2b/0x80 [ 119.225955] ? try_to_wake_up+0x8ae/0x11d0 [ 119.225972] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 119.225990] trace_irq_enable.constprop.0+0xa6/0x100 [ 119.226003] trace_hardirqs_on+0x26/0x40 [ 119.226014] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 119.226030] try_to_wake_up+0x8ae/0x11d0 [ 119.226048] ? __pfx_try_to_wake_up+0x10/0x10 [ 119.226065] ? plist_del+0x122/0x270 [ 119.226083] ? find_held_lock+0x2b/0x80 [ 119.226103] ? futex_wake+0x474/0x540 [ 119.226120] wake_up_q+0xa1/0x130 [ 119.226137] futex_wake+0x47e/0x540 [ 119.226153] ? __pfx_futex_wake+0x10/0x10 [ 119.226170] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 119.226182] ? finish_task_switch.isra.0+0x206/0x840 [ 119.226203] do_futex+0x26d/0x370 [ 119.226217] ? __pfx_do_futex+0x10/0x10 [ 119.226231] ? __pfx___schedule+0x10/0x10 [ 119.226248] __x64_sys_futex+0x1c9/0x4d0 [ 119.226262] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.226275] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.226288] ? xfd_validate_state+0x55/0x180 [ 119.226308] do_syscall_64+0xbf/0x360 [ 119.226321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.226334] RIP: 0033:0x7f6e85567b19 [ 119.226342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.226354] RSP: 002b:00007fff5c384e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.226365] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6e85567b19 [ 119.226373] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6e8567af68 [ 119.226381] RBP: 00007f6e8567af60 R08: 00007f6e82add700 R09: 0000000000000000 [ 119.226388] R10: 00007f6e82add700 R11: 0000000000000246 R12: 00007f6e8567f060 [ 119.226396] R13: 00007fff5c384f60 R14: 00007f6e8567af60 R15: 000000000001d149 [ 119.226407] [ 119.226411] Modules linked in: [ 119.226420] ---[ end trace 0000000000000000 ]--- [ 119.226425] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.226441] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.226452] RSP: 0018:ffff88801bd47780 EFLAGS: 00010012 [ 119.226462] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.226469] RDX: ffff88801bc23700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.226477] RBP: ffff88801bd479f0 R08: ffff88806ce31340 R09: ffffe8ffffc15ab0 [ 119.226485] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.226492] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.226502] FS: 000055556d03a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.226513] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.226521] CR2: 00007f25be719018 CR3: 0000000044b6f000 CR4: 0000000000350ef0 [ 119.226529] note: syz-executor.2[3946] exited with irqs disabled [ 119.226577] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 119.226591] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.226604] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.226624] Tainted: [D]=DIE, [W]=WARN [ 119.226629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.226636] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.226655] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.226667] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 119.226678] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.226686] RDX: ffff88801bc23700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.226695] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15ab0 [ 119.226704] R10: 0000000000000000 R11: ffff88800df49098 R12: dffffc0000000000 [ 119.226712] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 119.226722] FS: 000055556d03a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.226733] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.226742] CR2: 00007f25be719018 CR3: 0000000044b6f000 CR4: 0000000000350ef0 [ 119.226750] Call Trace: [ 119.226754] [ 119.226761] ? __pfx_perf_tp_event+0x10/0x10 [ 119.226779] ? enqueue_task_fair+0xded/0x1e00 [ 119.226795] ? check_preempt_wakeup_fair+0x6e/0x950 [ 119.226811] ? wakeup_preempt+0x140/0x2a0 [ 119.226824] ? lock_release+0x1c7/0x290 [ 119.226837] ? lock_release+0x1c7/0x290 [ 119.226954] ? do_raw_spin_unlock+0x53/0x220 [ 119.226972] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 119.226989] ? try_to_wake_up+0x8ae/0x11d0 [ 119.227008] ? do_raw_spin_lock+0x123/0x260 [ 119.227025] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 119.227043] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.227061] perf_trace_run_bpf_submit+0xef/0x180 [ 119.227080] perf_trace_preemptirq_template+0x259/0x430 [ 119.227094] ? read_tsc+0x9/0x20 [ 119.227110] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.227124] ? clockevents_program_event+0x135/0x360 [ 119.227142] ? tick_program_event+0xac/0x140 [ 119.227155] ? handle_softirqs+0x16e/0x770 [ 119.227175] trace_irq_enable.constprop.0+0xa6/0x100 [ 119.227189] trace_hardirqs_on+0x26/0x40 [ 119.227201] handle_softirqs+0x16e/0x770 [ 119.227221] __irq_exit_rcu+0xc4/0x100 [ 119.227240] irq_exit_rcu+0x9/0x20 [ 119.227251] sysvec_apic_timer_interrupt+0x70/0x80 [ 119.227270] [ 119.227274] [ 119.227279] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 119.227293] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 119.227309] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 119.227325] RSP: 0018:ffff88801bd47f28 EFLAGS: 00000246 [ 119.227336] RAX: 0000000000000001 RBX: ffff88801bc23700 RCX: ffffffff817c3ab6 [ 119.227344] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 119.227352] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 119.227360] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801bc23700 [ 119.227368] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 119.227378] ? trace_irq_enable.constprop.0+0x26/0x100 [ 119.227391] ? make_task_dead+0x214/0x3b0 [ 119.227407] ? make_task_dead+0x214/0x3b0 [ 119.227422] ? do_syscall_64+0xbf/0x360 [ 119.227434] rewind_stack_and_make_dead+0x16/0x20 [ 119.227451] RIP: 0033:0x7f6e85567b19 [ 119.227460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.227472] RSP: 002b:00007fff5c384e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.227484] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6e85567b19 [ 119.227493] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6e8567af68 [ 119.227501] RBP: 00007f6e8567af60 R08: 00007f6e82add700 R09: 0000000000000000 [ 119.227509] R10: 00007f6e82add700 R11: 0000000000000246 R12: 00007f6e8567f060 [ 119.227517] R13: 00007fff5c384f60 R14: 00007f6e8567af60 R15: 000000000001d149 [ 119.227529] [ 119.227533] Modules linked in: [ 119.227542] ---[ end trace 0000000000000000 ]--- [ 119.227548] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.227565] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.227577] RSP: 0018:ffff88801bd47780 EFLAGS: 00010012 [ 119.227586] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.227594] RDX: ffff88801bc23700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.227603] RBP: ffff88801bd479f0 R08: ffff88806ce31340 R09: ffffe8ffffc15ab0 [ 119.227611] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.227619] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.227630] FS: 000055556d03a400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.227642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.227650] CR2: 00007f25be719018 CR3: 0000000044b6f000 CR4: 0000000000350ef0 [ 119.227660] Kernel panic - not syncing: Fatal exception in interrupt [ 119.227867] Kernel Offset: disabled [ 119.302617] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:46:09 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000009 RCX=ffffffff8168d7c3 RDX=ffff88801bc23700 RSI=ffffffff8168d777 RDI=0000000000000001 RBP=ffffffff853479e2 RSP=ffff88806ce07e90 R8 =ffff88806ce07f48 R9 =ffff88806ce08068 R10=0000000000000009 R11=0000000000000001 R12=0000000000000021 R13=000000000000005f R14=dffffc0000000000 R15=ffff88806ce07f68 RIP=ffffffff8173f6ec RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556d03a400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f25be719018 CR3=0000000044b6f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f6e8564e7c000007f6e8564e7c8 XMM02=00007f6e8564e7e000007f6e8564e7c0 XMM03=00007f6e8564e7c800007f6e8564e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff812c6331 RDX=ffff88800edd9b80 RSI=ffffffff812c6379 RDI=ffffffff8787dd20 RBP=0000000000000001 RSP=ffff88806cf08fd0 R8 =0000000000000001 R9 =fffffbfff0f0fba4 R10=ffffffff8787dd27 R11=ffff88806cf08ff8 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff812c637a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fbfe4da6700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa50406a545 CR3=000000000dcc0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=00000000000000002fa17c52b0513800 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000