Warning: Permanently added '[localhost]:33539' (ECDSA) to the list of known hosts. 2025/09/01 10:58:06 fuzzer started 2025/09/01 10:58:07 dialing manager at localhost:35473 syzkaller login: [ 51.633975] cgroup: Unknown subsys name 'net' [ 51.684680] cgroup: Unknown subsys name 'cpuset' [ 51.702071] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:58:16 syscalls: 2214 2025/09/01 10:58:16 code coverage: enabled 2025/09/01 10:58:16 comparison tracing: enabled 2025/09/01 10:58:16 extra coverage: enabled 2025/09/01 10:58:16 setuid sandbox: enabled 2025/09/01 10:58:16 namespace sandbox: enabled 2025/09/01 10:58:16 Android sandbox: enabled 2025/09/01 10:58:16 fault injection: enabled 2025/09/01 10:58:16 leak checking: enabled 2025/09/01 10:58:16 net packet injection: enabled 2025/09/01 10:58:16 net device setup: enabled 2025/09/01 10:58:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:58:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:58:16 USB emulation: enabled 2025/09/01 10:58:16 hci packet injection: enabled 2025/09/01 10:58:16 wifi device emulation: enabled 2025/09/01 10:58:16 802.15.4 emulation: enabled 2025/09/01 10:58:16 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:58:17 fetching corpus: 50, signal 23459/26953 (executing program) 2025/09/01 10:58:17 fetching corpus: 100, signal 35339/40193 (executing program) 2025/09/01 10:58:17 fetching corpus: 150, signal 43424/49570 (executing program) 2025/09/01 10:58:17 fetching corpus: 200, signal 48537/55956 (executing program) 2025/09/01 10:58:17 fetching corpus: 250, signal 54424/62921 (executing program) 2025/09/01 10:58:17 fetching corpus: 300, signal 60174/69666 (executing program) 2025/09/01 10:58:17 fetching corpus: 350, signal 62492/73155 (executing program) 2025/09/01 10:58:17 fetching corpus: 400, signal 66112/77775 (executing program) 2025/09/01 10:58:17 fetching corpus: 450, signal 69029/81661 (executing program) 2025/09/01 10:58:17 fetching corpus: 500, signal 71217/84830 (executing program) 2025/09/01 10:58:17 fetching corpus: 550, signal 73815/88313 (executing program) 2025/09/01 10:58:18 fetching corpus: 600, signal 76585/91920 (executing program) 2025/09/01 10:58:18 fetching corpus: 650, signal 78585/94773 (executing program) 2025/09/01 10:58:18 fetching corpus: 700, signal 81426/98239 (executing program) 2025/09/01 10:58:18 fetching corpus: 750, signal 83549/101130 (executing program) 2025/09/01 10:58:18 fetching corpus: 800, signal 85596/103895 (executing program) 2025/09/01 10:58:18 fetching corpus: 850, signal 87416/106450 (executing program) 2025/09/01 10:58:18 fetching corpus: 900, signal 89075/108795 (executing program) 2025/09/01 10:58:18 fetching corpus: 950, signal 90912/111226 (executing program) 2025/09/01 10:58:18 fetching corpus: 1000, signal 92483/113506 (executing program) 2025/09/01 10:58:18 fetching corpus: 1050, signal 94395/116003 (executing program) 2025/09/01 10:58:18 fetching corpus: 1100, signal 96236/118388 (executing program) 2025/09/01 10:58:18 fetching corpus: 1150, signal 97913/120611 (executing program) 2025/09/01 10:58:19 fetching corpus: 1200, signal 99853/122991 (executing program) 2025/09/01 10:58:19 fetching corpus: 1250, signal 101189/124861 (executing program) 2025/09/01 10:58:19 fetching corpus: 1300, signal 102464/126632 (executing program) 2025/09/01 10:58:19 fetching corpus: 1350, signal 103620/128303 (executing program) 2025/09/01 10:58:19 fetching corpus: 1400, signal 104860/130056 (executing program) 2025/09/01 10:58:19 fetching corpus: 1450, signal 106577/132033 (executing program) 2025/09/01 10:58:19 fetching corpus: 1500, signal 107232/133319 (executing program) 2025/09/01 10:58:19 fetching corpus: 1550, signal 108451/134943 (executing program) 2025/09/01 10:58:19 fetching corpus: 1600, signal 109827/136649 (executing program) 2025/09/01 10:58:19 fetching corpus: 1650, signal 110849/138131 (executing program) 2025/09/01 10:58:19 fetching corpus: 1700, signal 112156/139786 (executing program) 2025/09/01 10:58:19 fetching corpus: 1750, signal 113954/141687 (executing program) 2025/09/01 10:58:20 fetching corpus: 1800, signal 114890/142977 (executing program) 2025/09/01 10:58:20 fetching corpus: 1850, signal 116432/144584 (executing program) 2025/09/01 10:58:20 fetching corpus: 1900, signal 117671/146029 (executing program) 2025/09/01 10:58:20 fetching corpus: 1950, signal 118654/147317 (executing program) 2025/09/01 10:58:20 fetching corpus: 2000, signal 120318/148995 (executing program) 2025/09/01 10:58:20 fetching corpus: 2050, signal 121850/150532 (executing program) 2025/09/01 10:58:20 fetching corpus: 2100, signal 122819/151753 (executing program) 2025/09/01 10:58:20 fetching corpus: 2150, signal 123944/153022 (executing program) 2025/09/01 10:58:20 fetching corpus: 2200, signal 124854/154117 (executing program) 2025/09/01 10:58:21 fetching corpus: 2250, signal 125732/155252 (executing program) 2025/09/01 10:58:21 fetching corpus: 2300, signal 126374/156181 (executing program) 2025/09/01 10:58:21 fetching corpus: 2350, signal 127049/157184 (executing program) 2025/09/01 10:58:21 fetching corpus: 2400, signal 127720/158107 (executing program) 2025/09/01 10:58:21 fetching corpus: 2450, signal 128556/159105 (executing program) 2025/09/01 10:58:21 fetching corpus: 2500, signal 129284/160041 (executing program) 2025/09/01 10:58:21 fetching corpus: 2550, signal 131449/161628 (executing program) 2025/09/01 10:58:21 fetching corpus: 2600, signal 132432/162619 (executing program) 2025/09/01 10:58:21 fetching corpus: 2650, signal 133075/163448 (executing program) 2025/09/01 10:58:22 fetching corpus: 2700, signal 133695/164250 (executing program) 2025/09/01 10:58:22 fetching corpus: 2750, signal 134601/165188 (executing program) 2025/09/01 10:58:22 fetching corpus: 2800, signal 135395/166058 (executing program) 2025/09/01 10:58:22 fetching corpus: 2850, signal 136197/166918 (executing program) 2025/09/01 10:58:22 fetching corpus: 2900, signal 136771/167682 (executing program) 2025/09/01 10:58:22 fetching corpus: 2950, signal 137719/168546 (executing program) 2025/09/01 10:58:22 fetching corpus: 3000, signal 139232/169611 (executing program) 2025/09/01 10:58:22 fetching corpus: 3050, signal 139984/170360 (executing program) 2025/09/01 10:58:22 fetching corpus: 3100, signal 140957/171178 (executing program) 2025/09/01 10:58:22 fetching corpus: 3150, signal 141448/171790 (executing program) 2025/09/01 10:58:22 fetching corpus: 3200, signal 142354/172641 (executing program) 2025/09/01 10:58:23 fetching corpus: 3250, signal 142747/173209 (executing program) 2025/09/01 10:58:23 fetching corpus: 3300, signal 143129/173790 (executing program) 2025/09/01 10:58:23 fetching corpus: 3350, signal 143800/174456 (executing program) 2025/09/01 10:58:23 fetching corpus: 3400, signal 144403/175073 (executing program) 2025/09/01 10:58:23 fetching corpus: 3450, signal 145133/175684 (executing program) 2025/09/01 10:58:23 fetching corpus: 3500, signal 146065/176351 (executing program) 2025/09/01 10:58:23 fetching corpus: 3550, signal 146460/176843 (executing program) 2025/09/01 10:58:23 fetching corpus: 3600, signal 147150/177431 (executing program) 2025/09/01 10:58:23 fetching corpus: 3650, signal 147572/177919 (executing program) 2025/09/01 10:58:23 fetching corpus: 3700, signal 148248/178458 (executing program) 2025/09/01 10:58:24 fetching corpus: 3750, signal 148736/178955 (executing program) 2025/09/01 10:58:24 fetching corpus: 3800, signal 149179/179464 (executing program) 2025/09/01 10:58:24 fetching corpus: 3850, signal 149626/179971 (executing program) 2025/09/01 10:58:24 fetching corpus: 3900, signal 150181/180451 (executing program) 2025/09/01 10:58:24 fetching corpus: 3950, signal 150700/180921 (executing program) 2025/09/01 10:58:24 fetching corpus: 4000, signal 151088/181319 (executing program) 2025/09/01 10:58:24 fetching corpus: 4050, signal 151735/181807 (executing program) 2025/09/01 10:58:24 fetching corpus: 4100, signal 152235/182248 (executing program) 2025/09/01 10:58:24 fetching corpus: 4150, signal 152672/182631 (executing program) 2025/09/01 10:58:24 fetching corpus: 4200, signal 153309/183016 (executing program) 2025/09/01 10:58:24 fetching corpus: 4250, signal 154359/183542 (executing program) 2025/09/01 10:58:24 fetching corpus: 4300, signal 154792/183893 (executing program) 2025/09/01 10:58:24 fetching corpus: 4350, signal 155075/184237 (executing program) 2025/09/01 10:58:25 fetching corpus: 4400, signal 155762/184736 (executing program) 2025/09/01 10:58:25 fetching corpus: 4450, signal 156285/185096 (executing program) 2025/09/01 10:58:25 fetching corpus: 4500, signal 156875/185398 (executing program) 2025/09/01 10:58:25 fetching corpus: 4550, signal 157265/185533 (executing program) 2025/09/01 10:58:25 fetching corpus: 4600, signal 157654/185537 (executing program) 2025/09/01 10:58:25 fetching corpus: 4649, signal 158198/185559 (executing program) 2025/09/01 10:58:25 fetching corpus: 4699, signal 160190/185589 (executing program) 2025/09/01 10:58:25 fetching corpus: 4749, signal 160633/185595 (executing program) 2025/09/01 10:58:25 fetching corpus: 4799, signal 161250/185598 (executing program) 2025/09/01 10:58:25 fetching corpus: 4849, signal 161600/185625 (executing program) 2025/09/01 10:58:25 fetching corpus: 4899, signal 161930/185627 (executing program) 2025/09/01 10:58:26 fetching corpus: 4949, signal 162512/185635 (executing program) 2025/09/01 10:58:26 fetching corpus: 4999, signal 162853/185636 (executing program) 2025/09/01 10:58:26 fetching corpus: 5049, signal 163193/185653 (executing program) 2025/09/01 10:58:26 fetching corpus: 5099, signal 163549/185671 (executing program) 2025/09/01 10:58:26 fetching corpus: 5149, signal 164190/185683 (executing program) 2025/09/01 10:58:26 fetching corpus: 5199, signal 164614/185703 (executing program) 2025/09/01 10:58:26 fetching corpus: 5249, signal 164938/185743 (executing program) 2025/09/01 10:58:26 fetching corpus: 5299, signal 165393/185747 (executing program) 2025/09/01 10:58:26 fetching corpus: 5349, signal 165793/185756 (executing program) 2025/09/01 10:58:26 fetching corpus: 5399, signal 166156/185762 (executing program) 2025/09/01 10:58:26 fetching corpus: 5449, signal 166412/185773 (executing program) 2025/09/01 10:58:27 fetching corpus: 5499, signal 167039/185788 (executing program) 2025/09/01 10:58:27 fetching corpus: 5549, signal 167412/185831 (executing program) 2025/09/01 10:58:27 fetching corpus: 5599, signal 167766/185831 (executing program) 2025/09/01 10:58:27 fetching corpus: 5649, signal 168263/185856 (executing program) 2025/09/01 10:58:27 fetching corpus: 5699, signal 168640/185866 (executing program) 2025/09/01 10:58:27 fetching corpus: 5749, signal 169227/185890 (executing program) 2025/09/01 10:58:27 fetching corpus: 5799, signal 169657/185930 (executing program) 2025/09/01 10:58:27 fetching corpus: 5849, signal 170277/185941 (executing program) 2025/09/01 10:58:27 fetching corpus: 5899, signal 170628/185963 (executing program) 2025/09/01 10:58:27 fetching corpus: 5949, signal 170869/185970 (executing program) 2025/09/01 10:58:27 fetching corpus: 5999, signal 171215/185970 (executing program) 2025/09/01 10:58:27 fetching corpus: 6049, signal 171854/186054 (executing program) 2025/09/01 10:58:27 fetching corpus: 6099, signal 172224/186110 (executing program) 2025/09/01 10:58:27 fetching corpus: 6149, signal 172449/186116 (executing program) 2025/09/01 10:58:28 fetching corpus: 6199, signal 172834/186121 (executing program) 2025/09/01 10:58:28 fetching corpus: 6249, signal 173244/186137 (executing program) 2025/09/01 10:58:28 fetching corpus: 6299, signal 173585/186144 (executing program) 2025/09/01 10:58:28 fetching corpus: 6349, signal 173981/186146 (executing program) 2025/09/01 10:58:28 fetching corpus: 6399, signal 174208/186171 (executing program) 2025/09/01 10:58:28 fetching corpus: 6449, signal 174718/186196 (executing program) 2025/09/01 10:58:28 fetching corpus: 6499, signal 175134/186202 (executing program) 2025/09/01 10:58:28 fetching corpus: 6549, signal 175399/186204 (executing program) 2025/09/01 10:58:28 fetching corpus: 6599, signal 175684/186204 (executing program) 2025/09/01 10:58:28 fetching corpus: 6649, signal 176054/186219 (executing program) 2025/09/01 10:58:28 fetching corpus: 6699, signal 176456/186270 (executing program) 2025/09/01 10:58:28 fetching corpus: 6749, signal 176698/186282 (executing program) 2025/09/01 10:58:28 fetching corpus: 6799, signal 177111/186284 (executing program) 2025/09/01 10:58:29 fetching corpus: 6849, signal 177431/186324 (executing program) 2025/09/01 10:58:29 fetching corpus: 6899, signal 177659/186331 (executing program) 2025/09/01 10:58:29 fetching corpus: 6949, signal 178151/186338 (executing program) 2025/09/01 10:58:29 fetching corpus: 6999, signal 178552/186351 (executing program) 2025/09/01 10:58:29 fetching corpus: 7049, signal 178793/186355 (executing program) 2025/09/01 10:58:29 fetching corpus: 7099, signal 179169/186363 (executing program) 2025/09/01 10:58:29 fetching corpus: 7149, signal 179402/186363 (executing program) 2025/09/01 10:58:29 fetching corpus: 7199, signal 179660/186394 (executing program) 2025/09/01 10:58:29 fetching corpus: 7249, signal 179933/186394 (executing program) 2025/09/01 10:58:29 fetching corpus: 7299, signal 180157/186394 (executing program) 2025/09/01 10:58:29 fetching corpus: 7349, signal 180377/186400 (executing program) 2025/09/01 10:58:30 fetching corpus: 7399, signal 180592/186440 (executing program) 2025/09/01 10:58:30 fetching corpus: 7449, signal 180867/186451 (executing program) 2025/09/01 10:58:30 fetching corpus: 7499, signal 181163/186455 (executing program) 2025/09/01 10:58:30 fetching corpus: 7549, signal 181485/186490 (executing program) 2025/09/01 10:58:30 fetching corpus: 7599, signal 181709/186495 (executing program) 2025/09/01 10:58:30 fetching corpus: 7649, signal 182090/186495 (executing program) 2025/09/01 10:58:30 fetching corpus: 7699, signal 182353/186496 (executing program) 2025/09/01 10:58:30 fetching corpus: 7749, signal 182577/186501 (executing program) 2025/09/01 10:58:30 fetching corpus: 7799, signal 182943/186511 (executing program) 2025/09/01 10:58:30 fetching corpus: 7849, signal 183202/186516 (executing program) 2025/09/01 10:58:30 fetching corpus: 7899, signal 183573/186535 (executing program) 2025/09/01 10:58:30 fetching corpus: 7930, signal 183681/186538 (executing program) 2025/09/01 10:58:30 fetching corpus: 7930, signal 183681/186538 (executing program) 2025/09/01 10:58:33 starting 8 fuzzer processes 10:58:33 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) write(r0, &(0x7f0000000040)="e1", 0x1) 10:58:33 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SG_IO(r2, 0x2271, &(0x7f00000022c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:58:33 executing program 7: syz_mount_image$nfs(0x0, 0x0, 0x0, 0x5, &(0x7f00000014c0)=[{&(0x7f00000000c0)="121d", 0x2, 0xffff}, {&(0x7f0000000140)="e3", 0x1}, {&(0x7f0000000240)="92", 0x1}, {&(0x7f0000000340)='4', 0x1}, {&(0x7f00000003c0)="bc", 0x1, 0x80000000}], 0x0, 0x0) 10:58:33 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='nfs\x00', 0x0, &(0x7f00000000c0)='\x05') 10:58:33 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) 10:58:33 executing program 5: r0 = getpid() pidfd_open(r0, 0x0) 10:58:33 executing program 3: clock_nanosleep(0x3, 0x0, 0x0, 0x0) 10:58:33 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x18, 0x0, 0x0) [ 78.071891] audit: type=1400 audit(1756724313.611:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 79.291610] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.295947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.300319] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.306659] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.310657] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.347509] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.349774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.353008] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.360596] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.363483] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.420795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.425468] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.427394] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.431881] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.436469] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 79.438523] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.438778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.439750] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 79.446821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.446838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 79.448480] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.448852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.453943] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.455637] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 79.459430] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.463849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.465654] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.472466] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.490433] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.505957] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 79.515585] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 79.517750] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 79.517904] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 79.518987] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.550445] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 79.552447] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 79.552599] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 79.556313] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 79.558579] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.560884] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.383658] Bluetooth: hci0: command tx timeout [ 81.383666] Bluetooth: hci1: command tx timeout [ 81.511477] Bluetooth: hci5: command tx timeout [ 81.576395] Bluetooth: hci3: command tx timeout [ 81.577325] Bluetooth: hci2: command tx timeout [ 81.577566] Bluetooth: hci4: command tx timeout [ 81.640098] Bluetooth: hci6: command tx timeout [ 81.640343] Bluetooth: hci7: command tx timeout [ 83.431361] Bluetooth: hci1: command tx timeout [ 83.432419] Bluetooth: hci0: command tx timeout [ 83.559304] Bluetooth: hci5: command tx timeout [ 83.623322] Bluetooth: hci2: command tx timeout [ 83.623363] Bluetooth: hci4: command tx timeout [ 83.623779] Bluetooth: hci3: command tx timeout [ 83.689245] Bluetooth: hci6: command tx timeout [ 83.689708] Bluetooth: hci7: command tx timeout [ 85.479335] Bluetooth: hci0: command tx timeout [ 85.480107] Bluetooth: hci1: command tx timeout [ 85.607422] Bluetooth: hci5: command tx timeout [ 85.671346] Bluetooth: hci4: command tx timeout [ 85.672064] Bluetooth: hci2: command tx timeout [ 85.672869] Bluetooth: hci3: command tx timeout [ 85.735494] Bluetooth: hci7: command tx timeout [ 85.736594] Bluetooth: hci6: command tx timeout [ 87.528363] Bluetooth: hci1: command tx timeout [ 87.528660] Bluetooth: hci0: command tx timeout [ 87.655313] Bluetooth: hci5: command tx timeout [ 87.719405] Bluetooth: hci3: command tx timeout [ 87.719515] Bluetooth: hci4: command tx timeout [ 87.719854] Bluetooth: hci2: command tx timeout [ 87.783758] Bluetooth: hci6: command tx timeout [ 87.784509] Bluetooth: hci7: command tx timeout [ 119.210857] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.211522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.550598] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.551953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.117002] syz-executor.4 (3811) used greatest stack depth: 24416 bytes left 10:59:15 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) [ 120.233924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.234567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:59:15 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) [ 120.417426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.418064] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.471758] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.472655] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:59:16 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) [ 120.598261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.598912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.679192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.679853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.779195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.780284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:59:16 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000480)='./file0\x00', 0x0, 0x0) fsync(r0) [ 120.884244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.884842] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.948346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.948939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:59:16 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000480)='./file0\x00', 0x0, 0x0) fsync(r0) 10:59:16 executing program 3: perf_event_open$cgroup(&(0x7f0000000440)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5210, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 121.033303] audit: type=1400 audit(1756724356.572:8): avc: denied { open } for pid=3889 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.036467] audit: type=1400 audit(1756724356.572:9): avc: denied { kernel } for pid=3889 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.039630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.040324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:59:16 executing program 3: openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x600000, 0x2558d82298e0d7c7}, 0x18) 10:59:16 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000480)='./file0\x00', 0x0, 0x0) fsync(r0) [ 121.175153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.175795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.221695] loop7: detected capacity change from 0 to 264192 [ 121.257302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.257928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.268785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.269455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.553089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.554614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.635970] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.636734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:59:17 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000480)='./file0\x00', 0x0, 0x0) fsync(r0) 10:59:17 executing program 3: openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x600000, 0x2558d82298e0d7c7}, 0x18) 10:59:17 executing program 5: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_create(0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:59:17 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="280000002100010000000000000000000200000000fe000020010000000000000000000000000002"], 0x28}], 0x1}, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f0000000080)={0x8, 0x100, 0x7}) 10:59:17 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000001480)=0x1, 0x4) 10:59:17 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x18, 0x0, 0x0) 10:59:17 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000009740)=[{{&(0x7f0000000ec0)={0xa, 0x4e22, 0x0, @empty}, 0x1c, &(0x7f0000004e40)=[{0x0, 0x4000}], 0x1, &(0x7f0000004e80)=[@hopopts_2292={{0x28, 0x29, 0x36, {0x0, 0x2, '\x00', [@calipso={0x7, 0x8}, @jumbo]}}}], 0x28}}], 0x1, 0x0) 10:59:17 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pipe(0x0) r1 = getpid() r2 = pidfd_open(r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 121.918894] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:59:17 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000009740)=[{{&(0x7f0000000ec0)={0xa, 0x4e22, 0x0, @empty}, 0x1c, &(0x7f0000004e40)=[{0x0, 0x4000}], 0x1, &(0x7f0000004e80)=[@hopopts_2292={{0x28, 0x29, 0x36, {0x0, 0x2, '\x00', [@calipso={0x7, 0x8}, @jumbo]}}}], 0x28}}], 0x1, 0x0) 10:59:17 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x18, 0x0, 0x0) 10:59:17 executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x121802, 0x0) write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='c '], 0x8) 10:59:17 executing program 3: openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x600000, 0x2558d82298e0d7c7}, 0x18) 10:59:18 executing program 7: pselect6(0x69, &(0x7f0000001fc0), &(0x7f0000002000)={0x0, 0x5}, 0x0, 0x0, 0x0) 10:59:18 executing program 5: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_create(0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:59:18 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000009740)=[{{&(0x7f0000000ec0)={0xa, 0x4e22, 0x0, @empty}, 0x1c, &(0x7f0000004e40)=[{0x0, 0x4000}], 0x1, &(0x7f0000004e80)=[@hopopts_2292={{0x28, 0x29, 0x36, {0x0, 0x2, '\x00', [@calipso={0x7, 0x8}, @jumbo]}}}], 0x28}}], 0x1, 0x0) 10:59:18 executing program 3: openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x600000, 0x2558d82298e0d7c7}, 0x18) 10:59:18 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) 10:59:18 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="280000002100010000000000000000000200000000fe000020010000000000000000000000000002"], 0x28}], 0x1}, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f0000000080)={0x8, 0x100, 0x7}) 10:59:18 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x18, 0x0, 0x0) 10:59:18 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x23, &(0x7f00000000c0)="ad87cf5ea909a7e9bee7180d28ca29c2c959c7156a0ee64ea5b4a5b273289e684fbefaa14925fc65fcd33d52e8b2e499deb52b5b06528ffd7e14f5902cd78d84a04b7c20767be5036c5e1474894b07b7c5af031b5a73c425dc38e089f3ce586012193dc5ef27785d70943b7aad9cf2d3feef2a3391bb9614e32b33932acd9efaaab343ff8b5f0ffe2d803eb415d81e8063667543e3c38ee8425102d357c971aa71ef597bb4f78443", 0xa8) 10:59:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSIG(r0, 0x40045436, 0x0) [ 122.867466] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 122.890956] kmemleak: Found object by alias at 0x607f1a63e65c [ 122.890974] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.890993] Tainted: [W]=WARN [ 122.890997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.891005] Call Trace: [ 122.891010] [ 122.891015] dump_stack_lvl+0xca/0x120 [ 122.891047] __lookup_object+0x94/0xb0 [ 122.891065] delete_object_full+0x27/0x70 [ 122.891082] free_percpu+0x30/0x1160 [ 122.891100] ? arch_uprobe_clear_state+0x16/0x140 [ 122.891121] futex_hash_free+0x38/0xc0 [ 122.891136] mmput+0x2d3/0x390 [ 122.891155] do_exit+0x79d/0x2970 [ 122.891169] ? signal_wake_up_state+0x85/0x120 [ 122.891186] ? zap_other_threads+0x2b9/0x3a0 [ 122.891208] ? __pfx_do_exit+0x10/0x10 [ 122.891221] ? do_group_exit+0x1c3/0x2a0 [ 122.891235] ? lock_release+0xc8/0x290 [ 122.891253] do_group_exit+0xd3/0x2a0 [ 122.891268] __x64_sys_exit_group+0x3e/0x50 [ 122.891282] x64_sys_call+0x18c5/0x18d0 [ 122.891299] do_syscall_64+0xbf/0x360 [ 122.891312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.891324] RIP: 0033:0x7f0f93beeb19 [ 122.891333] Code: Unable to access opcode bytes at 0x7f0f93beeaef. [ 122.891339] RSP: 002b:00007ffd54fa8f38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.891350] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0f93beeb19 [ 122.891358] RDX: 00007f0f93ba172b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.891366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 122.891373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.891381] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffd54fa9020 [ 122.891396] [ 122.891400] kmemleak: Object (percpu) 0x607f1a63e650 (size 16): [ 122.891407] kmemleak: comm "syz-executor.3", pid 282, jiffies 4294789509 [ 122.891415] kmemleak: min_count = 1 [ 122.891419] kmemleak: count = 0 [ 122.891422] kmemleak: flags = 0x21 [ 122.891427] kmemleak: checksum = 0 [ 122.891430] kmemleak: backtrace: [ 122.891434] pcpu_alloc_noprof+0x87a/0x1170 [ 122.891450] mm_init+0x99b/0x1170 [ 122.891458] copy_process+0x3ab7/0x73c0 [ 122.891468] kernel_clone+0xea/0x7f0 [ 122.891479] __do_sys_clone+0xce/0x120 [ 122.891489] do_syscall_64+0xbf/0x360 [ 122.891499] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:59:18 executing program 5: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_create(0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:59:18 executing program 6: clock_adjtime(0x0, &(0x7f0000000000)={0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) 10:59:18 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000) fcntl$setstatus(r0, 0x4, 0x6800) truncate(&(0x7f0000000100)='./file0\x00', 0xe) preadv2(r0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/70, 0x46}], 0x1, 0x0, 0x0, 0x1a) 10:59:18 executing program 7: r0 = getpgrp(0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000001640), 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000400), 0x8, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)) tgkill(r0, r1, 0xb) 10:59:18 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) setuid(0x0) ioprio_get$uid(0x3, 0x0) 10:59:18 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000009740)=[{{&(0x7f0000000ec0)={0xa, 0x4e22, 0x0, @empty}, 0x1c, &(0x7f0000004e40)=[{0x0, 0x4000}], 0x1, &(0x7f0000004e80)=[@hopopts_2292={{0x28, 0x29, 0x36, {0x0, 0x2, '\x00', [@calipso={0x7, 0x8}, @jumbo]}}}], 0x28}}], 0x1, 0x0) 10:59:18 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="280000002100010000000000000000000200000000fe000020010000000000000000000000000002"], 0x28}], 0x1}, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f0000000080)={0x8, 0x100, 0x7}) 10:59:18 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x4b31, &(0x7f0000000280)) [ 123.050305] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 123.082897] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.083905] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.084575] CPU: 1 UID: 0 PID: 3978 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.085919] Tainted: [W]=WARN [ 123.086704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.088456] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.089523] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.093907] RSP: 0018:ffff888046a37800 EFLAGS: 00010212 [ 123.094338] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008e24000 [ 123.094915] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 123.095476] RBP: ffff888046a37a70 R08: ffff88806cf31340 R09: ffffe8ffffd16b68 [ 123.096041] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.096600] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.097167] FS: 00007f02b1485700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 123.097807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.098281] CR2: 0000001b2d121000 CR3: 0000000046a0c000 CR4: 0000000000350ef0 [ 123.098843] Call Trace: [ 123.099053] [ 123.099244] ? __pfx_perf_tp_event+0x10/0x10 [ 123.099605] ? lock_is_held_type+0x9e/0x120 [ 123.099960] ? lock_is_held_type+0x9e/0x120 [ 123.100307] ? perf_trace_lock+0xb5/0x5d0 [ 123.100647] ? perf_trace_lock+0xb5/0x5d0 [ 123.100981] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.101352] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.101723] ? find_held_lock+0x2b/0x80 [ 123.102059] ? find_held_lock+0x2b/0x80 [ 123.102384] ? __perf_install_in_context+0x503/0xb90 [ 123.102790] ? lock_release+0xc8/0x290 [ 123.103107] ? do_raw_spin_unlock+0x53/0x220 [ 123.103468] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.103870] perf_trace_run_bpf_submit+0xef/0x180 [ 123.104264] perf_trace_lock+0x337/0x5d0 [ 123.104595] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.104969] ? lock_acquire+0x15e/0x2f0 [ 123.105292] ? futex_ref_get+0x48/0x300 [ 123.105613] ? futex_ref_get+0x114/0x300 [ 123.105940] ? futex_hash+0x15c/0x390 [ 123.106258] lock_release+0x1ab/0x290 [ 123.106569] ? futex_hash+0x15c/0x390 [ 123.106876] futex_ref_get+0x119/0x300 [ 123.107187] ? futex_hash+0x15c/0x390 [ 123.107494] futex_hash+0x70/0x390 [ 123.107785] futex_wake+0x143/0x540 [ 123.108081] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.108455] ? __pfx_futex_wake+0x10/0x10 [ 123.108794] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 123.109201] ? lock_release+0xc8/0x290 [ 123.109517] do_futex+0x26d/0x370 [ 123.109799] ? __pfx_do_futex+0x10/0x10 [ 123.110133] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 123.110558] ? find_held_lock+0x2b/0x80 [ 123.110885] __x64_sys_futex+0x1c9/0x4d0 [ 123.111219] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.111588] ? selinux_file_ioctl+0xb9/0x280 [ 123.111945] ? xfd_validate_state+0x55/0x180 [ 123.112316] do_syscall_64+0xbf/0x360 [ 123.112629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.113041] RIP: 0033:0x7f02b3f0fb19 [ 123.113337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.114778] RSP: 002b:00007f02b1485218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.115381] RAX: ffffffffffffffda RBX: 00007f02b4022f68 RCX: 00007f02b3f0fb19 [ 123.115945] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f02b4022f6c [ 123.116511] RBP: 00007f02b4022f60 R08: 000000000000000e R09: 0000000000000000 [ 123.117074] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f02b4022f6c [ 123.117637] R13: 00007fffc5bc51ef R14: 00007f02b1485300 R15: 0000000000022000 [ 123.118212] [ 123.118404] Modules linked in: [ 123.118670] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 123.120244] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.121452] CPU: 0 UID: 0 PID: 3981 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.123113] Tainted: [D]=DIE, [W]=WARN [ 123.123650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.124783] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.125452] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.127935] RSP: 0018:ffff88801ba47800 EFLAGS: 00010212 [ 123.128667] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.129651] RDX: ffff888016c88000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 123.130637] RBP: ffff88801ba47a70 R08: ffff88806ce31340 R09: ffffe8ffffc16b68 [ 123.131627] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 123.132607] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.133587] FS: 000055555ba11400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.134709] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.135526] CR2: 000055555ba12c18 CR3: 000000000fa92000 CR4: 0000000000350ef0 [ 123.136504] Call Trace: [ 123.136878] [ 123.137212] ? arch_scale_cpu_capacity+0x17/0xa0 [ 123.137892] ? __pfx_perf_tp_event+0x10/0x10 [ 123.138529] ? __asan_memset+0x24/0x50 [ 123.139104] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.139748] ? __pfx___mutex_lock+0x10/0x10 [ 123.140379] ? perf_trace_lock+0xb5/0x5d0 [ 123.140964] ? kvm_sched_clock_read+0x16/0x30 [ 123.141616] ? sched_clock+0x37/0x60 [ 123.142158] ? sched_clock_cpu+0x6c/0x4e0 [ 123.142758] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.143468] perf_trace_run_bpf_submit+0xef/0x180 [ 123.144156] perf_trace_lock+0x337/0x5d0 [ 123.144734] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.145380] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.146036] ? get_futex_key+0x592/0x14a0 [ 123.146633] ? futex_ref_get+0x114/0x300 [ 123.147202] ? futex_hash+0x15c/0x390 [ 123.147747] lock_release+0x1ab/0x290 [ 123.148290] ? futex_hash+0x15c/0x390 [ 123.148838] futex_ref_get+0x119/0x300 [ 123.149392] ? futex_hash+0x15c/0x390 [ 123.149925] futex_hash+0x70/0x390 [ 123.150440] futex_wake+0x143/0x540 [ 123.150965] ? put_pid+0x1f/0x30 [ 123.151447] ? kernel_clone+0x204/0x7f0 [ 123.152014] ? __pfx_futex_wake+0x10/0x10 [ 123.152606] ? __pfx_kernel_clone+0x10/0x10 [ 123.153226] ? perf_trace_lock+0xb5/0x5d0 [ 123.153813] ? __pfx___handle_mm_fault+0x10/0x10 [ 123.154501] do_futex+0x26d/0x370 [ 123.155003] ? __pfx_do_futex+0x10/0x10 [ 123.155569] ? __pfx___do_sys_clone+0x10/0x10 [ 123.156198] ? handle_mm_fault+0x590/0x9b0 [ 123.156807] __x64_sys_futex+0x1c9/0x4d0 [ 123.157383] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.158034] ? xfd_validate_state+0x55/0x180 [ 123.158676] do_syscall_64+0xbf/0x360 [ 123.159219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.159935] RIP: 0033:0x7f0df0ed2b19 [ 123.160453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.162940] RSP: 002b:00007fffce34a748 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.163992] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0df0ed2b19 [ 123.164974] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0df0fe5f68 [ 123.165960] RBP: 00007f0df0fe5f60 R08: 00007f0dee448700 R09: 0000000000000000 [ 123.166934] R10: 00007f0dee448700 R11: 0000000000000246 R12: 00007f0df0fea060 [ 123.167921] R13: 00007fffce34a850 R14: 00007f0df0fe5f60 R15: 000000000001e03a [ 123.168912] [ 123.169249] Modules linked in: [ 123.169720] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 123.170609] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.171207] CPU: 1 UID: 0 PID: 3978 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.172144] Tainted: [D]=DIE, [W]=WARN [ 123.172450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.173097] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.173477] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.174916] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 123.175341] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.175901] RDX: ffff888013b31b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 123.176460] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16b68 [ 123.177022] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 123.177585] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 123.178158] FS: 00007f02b1485700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 123.178789] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.179246] CR2: 0000001b2d121000 CR3: 0000000046a0c000 CR4: 0000000000350ef0 [ 123.179812] Call Trace: [ 123.180019] [ 123.180202] ? __pfx_perf_tp_event+0x10/0x10 [ 123.180567] ? trace_pelt_se_tp+0xdf/0x130 [ 123.180909] ? __update_load_avg_se+0x428/0xa40 [ 123.181291] ? lock_is_held_type+0x9e/0x120 [ 123.181643] ? __pick_eevdf+0x326/0x570 [ 123.181974] ? update_curr+0x1b9/0x500 [ 123.182289] ? check_preempt_wakeup_fair+0x406/0x950 [ 123.182702] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.183102] perf_trace_run_bpf_submit+0xef/0x180 [ 123.183495] perf_trace_lock+0x337/0x5d0 [ 123.183826] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.184202] ? find_held_lock+0x2b/0x80 [ 123.184531] ? hrtimer_interrupt+0x114/0x830 [ 123.184887] lock_release+0x1ab/0x290 [ 123.185198] ktime_get_update_offsets_now+0xab/0x3c0 [ 123.185608] ? hrtimer_interrupt+0x114/0x830 [ 123.185966] ? __pfx_lapic_next_deadline+0x10/0x10 [ 123.186366] hrtimer_interrupt+0x114/0x830 [ 123.186708] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 123.187124] sysvec_apic_timer_interrupt+0x6b/0x80 [ 123.187521] [ 123.187707] [ 123.187893] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.188316] RIP: 0010:oops_exit+0x0/0x50 [ 123.188647] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 123.190079] RSP: 0018:ffff888046a37690 EFLAGS: 00000202 [ 123.190498] RAX: 000000000002e058 RBX: 0000000000000212 RCX: ffffc90008e24000 [ 123.191057] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 123.191612] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 123.192173] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046a37758 [ 123.192733] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 123.193300] ? oops_end+0x4a/0xe0 [ 123.193594] oops_end+0x65/0xe0 [ 123.193876] exc_general_protection+0x1a2/0x330 [ 123.194280] asm_exc_general_protection+0x26/0x30 [ 123.194687] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.195080] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.196566] RSP: 0018:ffff888046a37800 EFLAGS: 00010212 [ 123.197005] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008e24000 [ 123.197585] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 123.198176] RBP: ffff888046a37a70 R08: ffff88806cf31340 R09: ffffe8ffffd16b68 [ 123.198758] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.199337] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.199927] ? perf_tp_event+0x167/0xe70 [ 123.200275] ? __pfx_perf_tp_event+0x10/0x10 [ 123.200646] ? lock_is_held_type+0x9e/0x120 [ 123.201012] ? lock_is_held_type+0x9e/0x120 [ 123.201372] ? perf_trace_lock+0xb5/0x5d0 [ 123.201716] ? perf_trace_lock+0xb5/0x5d0 [ 123.202079] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.202458] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.202840] ? find_held_lock+0x2b/0x80 [ 123.203177] ? find_held_lock+0x2b/0x80 [ 123.203512] ? __perf_install_in_context+0x503/0xb90 [ 123.203935] ? lock_release+0xc8/0x290 [ 123.204261] ? do_raw_spin_unlock+0x53/0x220 [ 123.204635] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.205049] perf_trace_run_bpf_submit+0xef/0x180 [ 123.205462] perf_trace_lock+0x337/0x5d0 [ 123.205808] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.206201] ? lock_acquire+0x15e/0x2f0 [ 123.206537] ? futex_ref_get+0x48/0x300 [ 123.206870] ? futex_ref_get+0x114/0x300 [ 123.207206] ? futex_hash+0x15c/0x390 [ 123.207528] lock_release+0x1ab/0x290 [ 123.207852] ? futex_hash+0x15c/0x390 [ 123.208171] futex_ref_get+0x119/0x300 [ 123.208499] ? futex_hash+0x15c/0x390 [ 123.208814] futex_hash+0x70/0x390 [ 123.209116] futex_wake+0x143/0x540 [ 123.209424] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.209811] ? __pfx_futex_wake+0x10/0x10 [ 123.210181] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 123.210605] ? lock_release+0xc8/0x290 [ 123.210935] do_futex+0x26d/0x370 [ 123.211233] ? __pfx_do_futex+0x10/0x10 [ 123.211566] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 123.212008] ? find_held_lock+0x2b/0x80 [ 123.212353] __x64_sys_futex+0x1c9/0x4d0 [ 123.212692] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.213079] ? selinux_file_ioctl+0xb9/0x280 [ 123.213450] ? xfd_validate_state+0x55/0x180 [ 123.213829] do_syscall_64+0xbf/0x360 [ 123.214155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.214584] RIP: 0033:0x7f02b3f0fb19 [ 123.214890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.216360] RSP: 002b:00007f02b1485218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.216973] RAX: ffffffffffffffda RBX: 00007f02b4022f68 RCX: 00007f02b3f0fb19 [ 123.217558] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f02b4022f6c [ 123.218149] RBP: 00007f02b4022f60 R08: 000000000000000e R09: 0000000000000000 [ 123.218728] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f02b4022f6c [ 123.219309] R13: 00007fffc5bc51ef R14: 00007f02b1485300 R15: 0000000000022000 [ 123.219898] [ 123.220094] Modules linked in: [ 123.220360] ---[ end trace 0000000000000000 ]--- [ 123.220364] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 123.220747] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.222333] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.222694] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.223930] CPU: 0 UID: 0 PID: 3981 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.225327] RSP: 0018:ffff888046a37800 EFLAGS: 00010212 [ 123.227007] Tainted: [D]=DIE, [W]=WARN [ 123.227416] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008e24000 [ 123.227963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.228513] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 123.229675] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.230233] RBP: ffff888046a37a70 R08: ffff88806cf31340 R09: ffffe8ffffd16b68 [ 123.230898] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.231447] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.234033] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 123.234587] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.234592] [ 123.234600] FS: 00007f02b1485700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 123.235344] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.235896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.236141] RDX: ffff888016c88000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 123.236758] CR2: 0000001b2d121000 CR3: 0000000046a0c000 CR4: 0000000000350ef0 [ 123.237758] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16b68 [ 123.238218] Kernel panic - not syncing: Fatal exception in interrupt [ 124.283054] Shutting down cpus with NMI [ 124.285237] Kernel Offset: disabled [ 124.285528] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:59:18 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff88801ba475b0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff11003748eb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88801ba475e8 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555ba11400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe0b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555ba12c18 CR3=000000000fa92000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f0df0fb97c000007f0df0fb97c8 XMM02=00007f0df0fb97e000007f0df0fb97c0 XMM03=00007f0df0fb97c800007f0df0fb97c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888046a370f0 R8 =0000000000000000 R9 =ffffed10013bd046 R10=0000000000000063 R11=0000000065646f43 R12=0000000000000063 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f02b1485700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d121000 CR3=0000000046a0c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000