Warning: Permanently added '[localhost]:38661' (ECDSA) to the list of known hosts. 2025/09/01 11:04:04 fuzzer started 2025/09/01 11:04:04 dialing manager at localhost:35473 syzkaller login: [ 59.263118] cgroup: Unknown subsys name 'net' [ 59.335912] cgroup: Unknown subsys name 'cpuset' [ 59.362193] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:04:16 syscalls: 2214 2025/09/01 11:04:16 code coverage: enabled 2025/09/01 11:04:16 comparison tracing: enabled 2025/09/01 11:04:16 extra coverage: enabled 2025/09/01 11:04:16 setuid sandbox: enabled 2025/09/01 11:04:16 namespace sandbox: enabled 2025/09/01 11:04:16 Android sandbox: enabled 2025/09/01 11:04:16 fault injection: enabled 2025/09/01 11:04:16 leak checking: enabled 2025/09/01 11:04:16 net packet injection: enabled 2025/09/01 11:04:16 net device setup: enabled 2025/09/01 11:04:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:04:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:04:16 USB emulation: enabled 2025/09/01 11:04:16 hci packet injection: enabled 2025/09/01 11:04:16 wifi device emulation: enabled 2025/09/01 11:04:16 802.15.4 emulation: enabled 2025/09/01 11:04:16 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:04:16 fetching corpus: 50, signal 24886/28359 (executing program) 2025/09/01 11:04:16 fetching corpus: 100, signal 31854/36824 (executing program) 2025/09/01 11:04:16 fetching corpus: 150, signal 39537/45845 (executing program) 2025/09/01 11:04:16 fetching corpus: 200, signal 48311/55743 (executing program) 2025/09/01 11:04:16 fetching corpus: 250, signal 59762/67948 (executing program) 2025/09/01 11:04:17 fetching corpus: 300, signal 63425/72732 (executing program) 2025/09/01 11:04:17 fetching corpus: 350, signal 65944/76359 (executing program) 2025/09/01 11:04:17 fetching corpus: 400, signal 70389/81684 (executing program) 2025/09/01 11:04:17 fetching corpus: 450, signal 73283/85474 (executing program) 2025/09/01 11:04:17 fetching corpus: 500, signal 75253/88439 (executing program) 2025/09/01 11:04:17 fetching corpus: 550, signal 77661/91745 (executing program) 2025/09/01 11:04:17 fetching corpus: 600, signal 79711/94654 (executing program) 2025/09/01 11:04:17 fetching corpus: 650, signal 81520/97387 (executing program) 2025/09/01 11:04:17 fetching corpus: 700, signal 83725/100386 (executing program) 2025/09/01 11:04:17 fetching corpus: 750, signal 85819/103250 (executing program) 2025/09/01 11:04:18 fetching corpus: 799, signal 87904/106002 (executing program) 2025/09/01 11:04:18 fetching corpus: 849, signal 90248/108970 (executing program) 2025/09/01 11:04:18 fetching corpus: 899, signal 92567/111882 (executing program) 2025/09/01 11:04:18 fetching corpus: 949, signal 94852/114684 (executing program) 2025/09/01 11:04:18 fetching corpus: 999, signal 95874/116475 (executing program) 2025/09/01 11:04:18 fetching corpus: 1049, signal 97076/118402 (executing program) 2025/09/01 11:04:18 fetching corpus: 1099, signal 98859/120668 (executing program) 2025/09/01 11:04:18 fetching corpus: 1149, signal 100555/122890 (executing program) 2025/09/01 11:04:18 fetching corpus: 1199, signal 102707/125360 (executing program) 2025/09/01 11:04:19 fetching corpus: 1249, signal 105436/128188 (executing program) 2025/09/01 11:04:19 fetching corpus: 1299, signal 106547/129871 (executing program) 2025/09/01 11:04:19 fetching corpus: 1349, signal 108268/131979 (executing program) 2025/09/01 11:04:19 fetching corpus: 1399, signal 109890/133998 (executing program) 2025/09/01 11:04:19 fetching corpus: 1449, signal 110883/135512 (executing program) 2025/09/01 11:04:19 fetching corpus: 1499, signal 111715/136890 (executing program) 2025/09/01 11:04:19 fetching corpus: 1549, signal 113514/138931 (executing program) 2025/09/01 11:04:19 fetching corpus: 1599, signal 114863/140573 (executing program) 2025/09/01 11:04:19 fetching corpus: 1649, signal 115869/142008 (executing program) 2025/09/01 11:04:19 fetching corpus: 1699, signal 117217/143634 (executing program) 2025/09/01 11:04:19 fetching corpus: 1749, signal 118624/145279 (executing program) 2025/09/01 11:04:19 fetching corpus: 1799, signal 119464/146520 (executing program) 2025/09/01 11:04:20 fetching corpus: 1849, signal 121592/148472 (executing program) 2025/09/01 11:04:20 fetching corpus: 1899, signal 122886/149956 (executing program) 2025/09/01 11:04:20 fetching corpus: 1949, signal 124130/151444 (executing program) 2025/09/01 11:04:20 fetching corpus: 1999, signal 125527/152890 (executing program) 2025/09/01 11:04:20 fetching corpus: 2049, signal 126524/154114 (executing program) 2025/09/01 11:04:20 fetching corpus: 2099, signal 127139/155061 (executing program) 2025/09/01 11:04:20 fetching corpus: 2149, signal 128282/156337 (executing program) 2025/09/01 11:04:20 fetching corpus: 2199, signal 129252/157521 (executing program) 2025/09/01 11:04:20 fetching corpus: 2249, signal 130315/158783 (executing program) 2025/09/01 11:04:20 fetching corpus: 2299, signal 131239/159911 (executing program) 2025/09/01 11:04:20 fetching corpus: 2349, signal 131724/160794 (executing program) 2025/09/01 11:04:20 fetching corpus: 2399, signal 132390/161720 (executing program) 2025/09/01 11:04:21 fetching corpus: 2449, signal 133036/162600 (executing program) 2025/09/01 11:04:21 fetching corpus: 2499, signal 133886/163600 (executing program) 2025/09/01 11:04:21 fetching corpus: 2549, signal 134660/164532 (executing program) 2025/09/01 11:04:21 fetching corpus: 2599, signal 135400/165425 (executing program) 2025/09/01 11:04:21 fetching corpus: 2649, signal 135883/166229 (executing program) 2025/09/01 11:04:21 fetching corpus: 2699, signal 136408/166988 (executing program) 2025/09/01 11:04:21 fetching corpus: 2749, signal 137422/167982 (executing program) 2025/09/01 11:04:21 fetching corpus: 2799, signal 137985/168729 (executing program) 2025/09/01 11:04:21 fetching corpus: 2849, signal 138464/169438 (executing program) 2025/09/01 11:04:21 fetching corpus: 2899, signal 139033/170170 (executing program) 2025/09/01 11:04:21 fetching corpus: 2949, signal 139733/170946 (executing program) 2025/09/01 11:04:22 fetching corpus: 2999, signal 140379/171694 (executing program) 2025/09/01 11:04:22 fetching corpus: 3048, signal 140847/172406 (executing program) 2025/09/01 11:04:22 fetching corpus: 3098, signal 141388/173088 (executing program) 2025/09/01 11:04:22 fetching corpus: 3148, signal 142217/173916 (executing program) 2025/09/01 11:04:22 fetching corpus: 3198, signal 142616/174534 (executing program) 2025/09/01 11:04:22 fetching corpus: 3248, signal 143159/175162 (executing program) 2025/09/01 11:04:22 fetching corpus: 3298, signal 143950/175829 (executing program) 2025/09/01 11:04:22 fetching corpus: 3348, signal 144496/176463 (executing program) 2025/09/01 11:04:22 fetching corpus: 3398, signal 145039/177049 (executing program) 2025/09/01 11:04:22 fetching corpus: 3448, signal 145816/177706 (executing program) 2025/09/01 11:04:22 fetching corpus: 3498, signal 146698/178400 (executing program) 2025/09/01 11:04:23 fetching corpus: 3548, signal 147753/179101 (executing program) 2025/09/01 11:04:23 fetching corpus: 3598, signal 148339/179662 (executing program) 2025/09/01 11:04:23 fetching corpus: 3648, signal 148756/180183 (executing program) 2025/09/01 11:04:23 fetching corpus: 3698, signal 149133/180684 (executing program) 2025/09/01 11:04:23 fetching corpus: 3748, signal 149573/181147 (executing program) 2025/09/01 11:04:23 fetching corpus: 3798, signal 150218/181682 (executing program) 2025/09/01 11:04:23 fetching corpus: 3848, signal 150810/182187 (executing program) 2025/09/01 11:04:23 fetching corpus: 3898, signal 151501/182698 (executing program) 2025/09/01 11:04:23 fetching corpus: 3948, signal 152155/183185 (executing program) 2025/09/01 11:04:23 fetching corpus: 3998, signal 152486/183596 (executing program) 2025/09/01 11:04:23 fetching corpus: 4048, signal 154428/184229 (executing program) 2025/09/01 11:04:24 fetching corpus: 4098, signal 155047/184671 (executing program) 2025/09/01 11:04:24 fetching corpus: 4148, signal 155663/185099 (executing program) 2025/09/01 11:04:24 fetching corpus: 4198, signal 156039/185467 (executing program) 2025/09/01 11:04:24 fetching corpus: 4248, signal 156551/185832 (executing program) 2025/09/01 11:04:24 fetching corpus: 4298, signal 157118/186232 (executing program) 2025/09/01 11:04:24 fetching corpus: 4348, signal 157708/186691 (executing program) 2025/09/01 11:04:24 fetching corpus: 4398, signal 158151/187040 (executing program) 2025/09/01 11:04:24 fetching corpus: 4448, signal 158589/187338 (executing program) 2025/09/01 11:04:24 fetching corpus: 4498, signal 159039/187675 (executing program) 2025/09/01 11:04:24 fetching corpus: 4548, signal 159448/187999 (executing program) 2025/09/01 11:04:25 fetching corpus: 4598, signal 159952/188177 (executing program) 2025/09/01 11:04:25 fetching corpus: 4648, signal 160345/188182 (executing program) 2025/09/01 11:04:25 fetching corpus: 4698, signal 160857/188183 (executing program) 2025/09/01 11:04:25 fetching corpus: 4748, signal 161305/188186 (executing program) 2025/09/01 11:04:25 fetching corpus: 4798, signal 161767/188189 (executing program) 2025/09/01 11:04:25 fetching corpus: 4848, signal 162170/188194 (executing program) 2025/09/01 11:04:25 fetching corpus: 4898, signal 162604/188263 (executing program) 2025/09/01 11:04:25 fetching corpus: 4948, signal 163048/188274 (executing program) 2025/09/01 11:04:25 fetching corpus: 4998, signal 163525/188287 (executing program) 2025/09/01 11:04:25 fetching corpus: 5048, signal 163909/188304 (executing program) 2025/09/01 11:04:25 fetching corpus: 5098, signal 164697/188334 (executing program) 2025/09/01 11:04:25 fetching corpus: 5148, signal 165158/188340 (executing program) 2025/09/01 11:04:26 fetching corpus: 5198, signal 166274/188359 (executing program) 2025/09/01 11:04:26 fetching corpus: 5248, signal 166622/188374 (executing program) 2025/09/01 11:04:26 fetching corpus: 5298, signal 166868/188376 (executing program) 2025/09/01 11:04:26 fetching corpus: 5348, signal 167289/188380 (executing program) 2025/09/01 11:04:26 fetching corpus: 5398, signal 167713/188381 (executing program) 2025/09/01 11:04:26 fetching corpus: 5448, signal 168166/188384 (executing program) 2025/09/01 11:04:26 fetching corpus: 5498, signal 168539/188390 (executing program) 2025/09/01 11:04:26 fetching corpus: 5548, signal 168766/188397 (executing program) 2025/09/01 11:04:26 fetching corpus: 5598, signal 169144/188402 (executing program) 2025/09/01 11:04:26 fetching corpus: 5648, signal 169495/188415 (executing program) 2025/09/01 11:04:26 fetching corpus: 5698, signal 169794/188426 (executing program) 2025/09/01 11:04:26 fetching corpus: 5748, signal 170168/188426 (executing program) 2025/09/01 11:04:27 fetching corpus: 5798, signal 170401/188444 (executing program) 2025/09/01 11:04:27 fetching corpus: 5848, signal 170659/188451 (executing program) 2025/09/01 11:04:27 fetching corpus: 5898, signal 171017/188482 (executing program) 2025/09/01 11:04:27 fetching corpus: 5948, signal 171322/188483 (executing program) 2025/09/01 11:04:27 fetching corpus: 5998, signal 171694/188495 (executing program) 2025/09/01 11:04:27 fetching corpus: 6048, signal 172119/188496 (executing program) 2025/09/01 11:04:27 fetching corpus: 6098, signal 172341/188501 (executing program) 2025/09/01 11:04:27 fetching corpus: 6148, signal 172766/188502 (executing program) 2025/09/01 11:04:27 fetching corpus: 6198, signal 173193/188505 (executing program) 2025/09/01 11:04:27 fetching corpus: 6248, signal 173384/188513 (executing program) 2025/09/01 11:04:27 fetching corpus: 6298, signal 173698/188513 (executing program) 2025/09/01 11:04:27 fetching corpus: 6348, signal 174111/188557 (executing program) 2025/09/01 11:04:28 fetching corpus: 6398, signal 174612/188560 (executing program) 2025/09/01 11:04:28 fetching corpus: 6448, signal 174975/188561 (executing program) 2025/09/01 11:04:28 fetching corpus: 6498, signal 175382/188567 (executing program) 2025/09/01 11:04:28 fetching corpus: 6548, signal 175789/188569 (executing program) 2025/09/01 11:04:28 fetching corpus: 6598, signal 176095/188574 (executing program) 2025/09/01 11:04:28 fetching corpus: 6648, signal 176371/188576 (executing program) 2025/09/01 11:04:28 fetching corpus: 6698, signal 176733/188578 (executing program) 2025/09/01 11:04:28 fetching corpus: 6748, signal 177059/188585 (executing program) 2025/09/01 11:04:28 fetching corpus: 6798, signal 177381/188599 (executing program) 2025/09/01 11:04:28 fetching corpus: 6848, signal 177822/188604 (executing program) 2025/09/01 11:04:28 fetching corpus: 6898, signal 178339/188605 (executing program) 2025/09/01 11:04:29 fetching corpus: 6948, signal 178757/188613 (executing program) 2025/09/01 11:04:29 fetching corpus: 6998, signal 179166/188625 (executing program) 2025/09/01 11:04:29 fetching corpus: 7048, signal 179426/188633 (executing program) 2025/09/01 11:04:29 fetching corpus: 7098, signal 179737/188637 (executing program) 2025/09/01 11:04:29 fetching corpus: 7148, signal 180029/188640 (executing program) 2025/09/01 11:04:29 fetching corpus: 7198, signal 180350/188641 (executing program) 2025/09/01 11:04:29 fetching corpus: 7248, signal 180640/188643 (executing program) 2025/09/01 11:04:29 fetching corpus: 7298, signal 180938/188697 (executing program) 2025/09/01 11:04:29 fetching corpus: 7348, signal 181384/188701 (executing program) 2025/09/01 11:04:29 fetching corpus: 7398, signal 181770/188708 (executing program) 2025/09/01 11:04:29 fetching corpus: 7448, signal 182171/188710 (executing program) 2025/09/01 11:04:29 fetching corpus: 7498, signal 182459/188718 (executing program) 2025/09/01 11:04:30 fetching corpus: 7548, signal 182759/188722 (executing program) 2025/09/01 11:04:30 fetching corpus: 7598, signal 183031/188728 (executing program) 2025/09/01 11:04:30 fetching corpus: 7648, signal 183254/188740 (executing program) 2025/09/01 11:04:30 fetching corpus: 7698, signal 183484/188742 (executing program) 2025/09/01 11:04:30 fetching corpus: 7748, signal 183846/188748 (executing program) 2025/09/01 11:04:30 fetching corpus: 7798, signal 184035/188758 (executing program) 2025/09/01 11:04:30 fetching corpus: 7848, signal 184263/188763 (executing program) 2025/09/01 11:04:30 fetching corpus: 7898, signal 184442/188764 (executing program) 2025/09/01 11:04:30 fetching corpus: 7948, signal 184701/188788 (executing program) 2025/09/01 11:04:30 fetching corpus: 7998, signal 184949/188798 (executing program) 2025/09/01 11:04:30 fetching corpus: 8048, signal 185369/188806 (executing program) 2025/09/01 11:04:30 fetching corpus: 8098, signal 185677/188809 (executing program) 2025/09/01 11:04:31 fetching corpus: 8148, signal 185858/188839 (executing program) 2025/09/01 11:04:31 fetching corpus: 8198, signal 186223/188870 (executing program) 2025/09/01 11:04:31 fetching corpus: 8214, signal 186357/188870 (executing program) 2025/09/01 11:04:31 fetching corpus: 8214, signal 186357/188870 (executing program) 2025/09/01 11:04:33 starting 8 fuzzer processes 11:04:33 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x4}) 11:04:33 executing program 1: mincore(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) 11:04:33 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 11:04:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81000080}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 88.038756] audit: type=1400 audit(1756724673.801:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:04:33 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x18, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x4}]}, 0x18}}, 0x0) 11:04:33 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$VT_ACTIVATE(r0, 0x1267, 0x4000000000000) 11:04:33 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') lseek(r0, 0xfffffffffffffffe, 0x1) 11:04:33 executing program 6: syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000024c0)={[{@dots}, {@fat=@dos1xfloppy}, {@fat=@debug}, {@fat=@umask}, {@fat=@discard}]}) [ 89.178671] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.184597] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.186280] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.192024] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.196191] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.228257] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.236667] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.238142] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.245187] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.249700] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.375173] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.385793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.387892] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.396904] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.404575] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.493415] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.501080] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.505710] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.506619] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.509808] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.513100] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.515922] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.525463] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.547001] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.554175] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.571147] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.572114] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.578758] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.586484] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.588573] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.589811] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.591607] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.595787] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.600456] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 89.617117] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.622882] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.627554] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.648805] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.664959] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.668629] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 91.263989] Bluetooth: hci0: command tx timeout [ 91.327787] Bluetooth: hci1: command tx timeout [ 91.455556] Bluetooth: hci2: command tx timeout [ 91.583545] Bluetooth: hci3: command tx timeout [ 91.647718] Bluetooth: hci7: command tx timeout [ 91.648219] Bluetooth: hci4: command tx timeout [ 91.712578] Bluetooth: hci5: command tx timeout [ 91.713065] Bluetooth: hci6: command tx timeout [ 93.311644] Bluetooth: hci0: command tx timeout [ 93.375710] Bluetooth: hci1: command tx timeout [ 93.505647] Bluetooth: hci2: command tx timeout [ 93.631547] Bluetooth: hci3: command tx timeout [ 93.695596] Bluetooth: hci7: command tx timeout [ 93.696013] Bluetooth: hci4: command tx timeout [ 93.759570] Bluetooth: hci6: command tx timeout [ 93.759978] Bluetooth: hci5: command tx timeout [ 95.360553] Bluetooth: hci0: command tx timeout [ 95.426531] Bluetooth: hci1: command tx timeout [ 95.552040] Bluetooth: hci2: command tx timeout [ 95.680706] Bluetooth: hci3: command tx timeout [ 95.743645] Bluetooth: hci4: command tx timeout [ 95.744062] Bluetooth: hci7: command tx timeout [ 95.808152] Bluetooth: hci5: command tx timeout [ 95.808695] Bluetooth: hci6: command tx timeout [ 97.408561] Bluetooth: hci0: command tx timeout [ 97.473600] Bluetooth: hci1: command tx timeout [ 97.600715] Bluetooth: hci2: command tx timeout [ 97.728654] Bluetooth: hci3: command tx timeout [ 97.792657] Bluetooth: hci7: command tx timeout [ 97.793080] Bluetooth: hci4: command tx timeout [ 97.857651] Bluetooth: hci5: command tx timeout [ 97.858057] Bluetooth: hci6: command tx timeout [ 126.962710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.964178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.230824] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.231459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.474673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.475796] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.674289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.674936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:05:13 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, r0, r0) [ 128.251570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.252158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.294730] audit: type=1400 audit(1756724714.057:8): avc: denied { open } for pid=3766 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.304425] audit: type=1400 audit(1756724714.058:9): avc: denied { kernel } for pid=3766 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.404546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.405144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.351741] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.352343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.395012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.395664] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.445819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.446417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.518068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.518732] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.576602] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.577226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.660184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.661097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.697885] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.699212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.713389] No source specified [ 129.717006] No source specified [ 129.782990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.783813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.005316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.006103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.037463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.038079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:05:15 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x4}) 11:05:15 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, r0, r0) 11:05:15 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 11:05:15 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x4) 11:05:15 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) write$nbd(0xffffffffffffffff, 0x0, 0x0) 11:05:15 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() 11:05:15 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$VT_ACTIVATE(r0, 0x1267, 0x4000000000000) 11:05:15 executing program 3: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000140)=""/30, 0x1e) ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, 0x0) [ 130.192863] audit: type=1400 audit(1756724715.956:10): avc: denied { read } for pid=3899 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:05:15 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x4}) 11:05:15 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x31, 0x0, &(0x7f0000007dc0)) 11:05:16 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$VT_ACTIVATE(r0, 0x1267, 0x4000000000000) 11:05:16 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 11:05:16 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x4}) [ 130.327842] kmemleak: Found object by alias at 0x607f1a63942c [ 130.327861] CPU: 0 UID: 0 PID: 3921 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 130.327880] Tainted: [W]=WARN [ 130.327884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.327891] Call Trace: [ 130.327895] [ 130.327900] dump_stack_lvl+0xca/0x120 [ 130.327931] __lookup_object+0x94/0xb0 [ 130.327950] delete_object_full+0x27/0x70 [ 130.327967] free_percpu+0x30/0x1160 [ 130.327984] ? arch_uprobe_clear_state+0x16/0x140 [ 130.328005] futex_hash_free+0x38/0xc0 [ 130.328020] mmput+0x2d3/0x390 [ 130.328040] do_exit+0x79d/0x2970 [ 130.328054] ? lock_release+0xc8/0x290 [ 130.328070] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 130.328085] ? __pfx_do_exit+0x10/0x10 [ 130.328099] ? find_held_lock+0x2b/0x80 [ 130.328117] ? get_signal+0x835/0x2340 [ 130.328137] do_group_exit+0xd3/0x2a0 [ 130.328153] get_signal+0x2315/0x2340 [ 130.328176] ? __pfx_get_signal+0x10/0x10 [ 130.328193] ? do_futex+0x135/0x370 [ 130.328207] ? __pfx_do_futex+0x10/0x10 [ 130.328223] arch_do_signal_or_restart+0x80/0x790 [ 130.328241] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 130.328259] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 130.328272] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 130.328285] ? __pfx___x64_sys_futex+0x10/0x10 [ 130.328299] ? xfd_validate_state+0x55/0x180 [ 130.328321] exit_to_user_mode_loop+0x8b/0x110 [ 130.328334] do_syscall_64+0x2f7/0x360 [ 130.328348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.328361] RIP: 0033:0x7fb97ad44b19 [ 130.328370] Code: Unable to access opcode bytes at 0x7fb97ad44aef. [ 130.328375] RSP: 002b:00007fb9782ba218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.328387] RAX: 0000000000000000 RBX: 00007fb97ae57f68 RCX: 00007fb97ad44b19 [ 130.328395] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb97ae57f68 [ 130.328413] RBP: 00007fb97ae57f60 R08: 0000000000000000 R09: 0000000000000000 [ 130.328421] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb97ae57f6c [ 130.328428] R13: 00007ffdc151474f R14: 00007fb9782ba300 R15: 0000000000022000 [ 130.328444] [ 130.328448] kmemleak: Object (percpu) 0x607f1a639428 (size 8): [ 130.328455] kmemleak: comm "syz-executor.3", pid 3901, jiffies 4294797199 [ 130.328462] kmemleak: min_count = 1 [ 130.328466] kmemleak: count = 0 [ 130.328470] kmemleak: flags = 0x21 [ 130.328474] kmemleak: checksum = 0 [ 130.328478] kmemleak: backtrace: [ 130.328481] pcpu_alloc_noprof+0x87a/0x1170 [ 130.328501] perf_trace_event_init+0x366/0xa10 [ 130.328515] perf_trace_init+0x1a4/0x2f0 [ 130.328527] perf_tp_event_init+0xa6/0x120 [ 130.328544] perf_try_init_event+0x140/0x9f0 [ 130.328558] perf_event_alloc.part.0+0x118e/0x45f0 [ 130.328575] __do_sys_perf_event_open+0x719/0x2c20 [ 130.328589] do_syscall_64+0xbf/0x360 [ 130.328598] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:05:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, r0, r0) 11:05:16 executing program 3: futex(&(0x7f0000000040), 0x7, 0x0, 0x0, 0x0, 0x0) 11:05:16 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 11:05:16 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x4) 11:05:16 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$VT_ACTIVATE(r0, 0x1267, 0x4000000000000) 11:05:16 executing program 5: openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x6880, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x200100, 0x0) 11:05:16 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x31, 0x0, &(0x7f0000007dc0)) 11:05:16 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000000)="bc7e", 0x2) 11:05:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, r0, r0) [ 130.633122] kmemleak: Found object by alias at 0x607f1a63942c [ 130.633143] CPU: 0 UID: 0 PID: 3940 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 130.633161] Tainted: [W]=WARN [ 130.633165] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.633172] Call Trace: [ 130.633177] [ 130.633182] dump_stack_lvl+0xca/0x120 [ 130.633207] __lookup_object+0x94/0xb0 [ 130.633224] delete_object_full+0x27/0x70 [ 130.633241] free_percpu+0x30/0x1160 [ 130.633258] ? arch_uprobe_clear_state+0x16/0x140 [ 130.633279] futex_hash_free+0x38/0xc0 [ 130.633293] mmput+0x2d3/0x390 [ 130.633312] do_exit+0x79d/0x2970 [ 130.633326] ? signal_wake_up_state+0x85/0x120 [ 130.633342] ? zap_other_threads+0x2b9/0x3a0 [ 130.633359] ? __pfx_do_exit+0x10/0x10 [ 130.633372] ? do_group_exit+0x1c3/0x2a0 [ 130.633386] ? lock_release+0xc8/0x290 [ 130.633403] do_group_exit+0xd3/0x2a0 [ 130.633418] __x64_sys_exit_group+0x3e/0x50 [ 130.633433] x64_sys_call+0x18c5/0x18d0 [ 130.633449] do_syscall_64+0xbf/0x360 [ 130.633462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.633474] RIP: 0033:0x7fb97ad44b19 [ 130.633483] Code: Unable to access opcode bytes at 0x7fb97ad44aef. [ 130.633488] RSP: 002b:00007ffdc1514978 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 130.633499] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fb97ad44b19 [ 130.633507] RDX: 00007fb97acf772b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 130.633514] RBP: 0000000000000000 R08: 0000001b2d7211e8 R09: 0000000000000000 [ 130.633521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.633528] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffdc1514a60 [ 130.633544] [ 130.633548] kmemleak: Object (percpu) 0x607f1a639428 (size 8): [ 130.633554] kmemleak: comm "syz-executor.2", pid 3943, jiffies 4294797501 [ 130.633561] kmemleak: min_count = 1 [ 130.633565] kmemleak: count = 0 [ 130.633569] kmemleak: flags = 0x21 [ 130.633573] kmemleak: checksum = 0 [ 130.633576] kmemleak: backtrace: [ 130.633580] pcpu_alloc_noprof+0x87a/0x1170 [ 130.633595] perf_trace_event_init+0x366/0xa10 [ 130.633610] perf_uprobe_init+0x177/0x220 [ 130.633622] perf_uprobe_event_init+0x103/0x190 [ 130.633639] perf_try_init_event+0x140/0x9f0 [ 130.633653] perf_event_alloc.part.0+0x118e/0x45f0 [ 130.633670] __do_sys_perf_event_open+0x719/0x2c20 [ 130.633683] do_syscall_64+0xbf/0x360 [ 130.633693] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:05:16 executing program 1: ptrace(0xffffffffffffffff, 0x0) 11:05:16 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) creat(&(0x7f0000000140)='./file0\x00', 0x0) unlink(&(0x7f00000000c0)='./file0\x00') 11:05:16 executing program 3: futex(&(0x7f0000000040), 0x7, 0x0, 0x0, 0x0, 0x0) 11:05:16 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) acct(0x0) 11:05:16 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x31, 0x0, &(0x7f0000007dc0)) 11:05:16 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x4) 11:05:16 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f00000000c0)="d3", 0x1}]) 11:05:16 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x31, 0x0, &(0x7f0000007dc0)) 11:05:16 executing program 1: clone3(&(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000001a80)=""/188, 0xbc, 0x0, 0x0}, 0x58) 11:05:16 executing program 5: openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x6880, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x200100, 0x0) [ 130.825177] kmemleak: Found object by alias at 0x607f1a63942c [ 130.825197] CPU: 1 UID: 0 PID: 3968 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 130.825216] Tainted: [W]=WARN [ 130.825220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.825227] Call Trace: [ 130.825231] [ 130.825236] dump_stack_lvl+0xca/0x120 [ 130.825267] __lookup_object+0x94/0xb0 [ 130.825285] delete_object_full+0x27/0x70 [ 130.825302] free_percpu+0x30/0x1160 [ 130.825320] ? arch_uprobe_clear_state+0x16/0x140 [ 130.825340] futex_hash_free+0x38/0xc0 [ 130.825356] mmput+0x2d3/0x390 [ 130.825375] do_exit+0x79d/0x2970 [ 130.825389] ? signal_wake_up_state+0x85/0x120 [ 130.825406] ? zap_other_threads+0x2b9/0x3a0 [ 130.825426] ? __pfx_do_exit+0x10/0x10 [ 130.825439] ? do_group_exit+0x1c3/0x2a0 [ 130.825453] ? lock_release+0xc8/0x290 [ 130.825471] do_group_exit+0xd3/0x2a0 [ 130.825486] __x64_sys_exit_group+0x3e/0x50 [ 130.825500] x64_sys_call+0x18c5/0x18d0 [ 130.825516] do_syscall_64+0xbf/0x360 [ 130.825530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.825541] RIP: 0033:0x7fb97ad44b19 [ 130.825550] Code: Unable to access opcode bytes at 0x7fb97ad44aef. [ 130.825556] RSP: 002b:00007ffdc1514978 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 130.825568] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fb97ad44b19 [ 130.825575] RDX: 00007fb97acf772b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 130.825583] RBP: 0000000000000000 R08: 0000001b2d7211e8 R09: 0000000000000000 [ 130.825590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.825597] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffdc1514a60 [ 130.825613] [ 130.825617] kmemleak: Object (percpu) 0x607f1a639428 (size 8): [ 130.825624] kmemleak: comm "syz-executor.4", pid 3971, jiffies 4294797705 [ 130.825631] kmemleak: min_count = 1 [ 130.825635] kmemleak: count = 0 [ 130.825639] kmemleak: flags = 0x21 [ 130.825643] kmemleak: checksum = 0 [ 130.825646] kmemleak: backtrace: [ 130.825650] pcpu_alloc_noprof+0x87a/0x1170 [ 130.825666] percpu_ref_init+0x37/0x400 [ 130.825677] ioctx_alloc+0x27f/0x1e10 [ 130.825691] __x64_sys_io_setup+0xc8/0x1f0 [ 130.825704] do_syscall_64+0xbf/0x360 [ 130.825713] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:05:16 executing program 3: futex(&(0x7f0000000040), 0x7, 0x0, 0x0, 0x0, 0x0) 11:05:16 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) 11:05:16 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000000020000b0ba0000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="030000000400000000000019", 0xc, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}], 0x0, &(0x7f0000000880)=ANY=[]) [ 130.904157] loop7: detected capacity change from 0 to 4096 [ 130.912402] EXT4-fs error (device loop7): __ext4_fill_super:5510: inode #2: comm syz-executor.7: iget: special inode unallocated [ 130.914646] EXT4-fs (loop7): get root inode failed [ 130.915064] EXT4-fs (loop7): mount failed [ 130.924720] loop7: detected capacity change from 0 to 4096 [ 130.926741] audit: type=1326 audit(1756724716.688:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3977 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b85ffeb19 code=0x0 [ 130.932064] EXT4-fs error (device loop7): __ext4_fill_super:5510: inode #2: comm syz-executor.7: iget: special inode unallocated [ 130.935620] EXT4-fs (loop7): get root inode failed [ 130.936033] EXT4-fs (loop7): mount failed [ 131.026610] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 131.032768] journal-offline (3981) used greatest stack depth: 24624 bytes left [ 131.757577] audit: type=1326 audit(1756724717.520:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3977 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b85ffeb19 code=0x0 11:05:17 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) creat(&(0x7f0000000140)='./file0\x00', 0x0) unlink(&(0x7f00000000c0)='./file0\x00') 11:05:17 executing program 5: openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x6880, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x200100, 0x0) 11:05:17 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000080)='./file1\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000020002000b"], 0x0) 11:05:17 executing program 4: mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10031, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1) 11:05:17 executing program 7: request_key(&(0x7f0000000100)='id_resolver\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0) 11:05:17 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x4) 11:05:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') fcntl$setlease(r1, 0x400, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) pread64(r2, &(0x7f0000000140)=""/187, 0xbb, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:05:17 executing program 3: futex(&(0x7f0000000040), 0x7, 0x0, 0x0, 0x0, 0x0) 11:05:17 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)=ANY=[@ANYBLOB='\x00']) r1 = socket$netlink(0x10, 0x3, 0xa) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x1) r2 = fork() ptrace(0x10, r2) ptrace$setsig(0x4203, r2, 0xffffffffffffffe0, &(0x7f0000000340)={0x15, 0x9, 0xfffffffc}) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x0, 0x200, 0x70bd2d, 0x10000, {}, [""]}, 0x1c}}, 0x0) 11:05:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') fcntl$setlease(r1, 0x400, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) pread64(r2, &(0x7f0000000140)=""/187, 0xbb, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:05:17 executing program 5: openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x6880, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x200100, 0x0) 11:05:17 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) creat(&(0x7f0000000140)='./file0\x00', 0x0) unlink(&(0x7f00000000c0)='./file0\x00') 11:05:17 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14}, 0x14}}, 0x0) 11:05:17 executing program 3: futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000080), 0x2) 11:05:17 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) 11:05:17 executing program 2: setgid(0x0) [ 132.013465] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#1] SMP KASAN NOPTI [ 132.014403] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 132.015037] CPU: 1 UID: 0 PID: 4020 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 132.016233] Tainted: [W]=WARN [ 132.016959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.019151] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 132.020778] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 132.023822] RSP: 0018:ffff888047cbf780 EFLAGS: 00010012 [ 132.024218] RAX: 00200000000000b0 RBX: ffff88804403abc1 RCX: ffffc90004c33000 [ 132.024756] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 132.025280] RBP: ffff888047cbf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd11428 [ 132.025805] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 132.026328] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.026855] FS: 00007f596c63d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.027444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.027876] CR2: 00007f596f1db018 CR3: 00000000453ee000 CR4: 0000000000350ef0 [ 132.028287] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 132.028400] Call Trace: [ 132.028406] [ 132.029626] ? merge_sched_in+0xcb/0x1810 [ 132.029945] ? __pfx_perf_tp_event+0x10/0x10 [ 132.030279] ? __asan_memcpy+0x3d/0x60 [ 132.030578] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 132.031040] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 132.031525] ? lock_is_held_type+0x9e/0x120 [ 132.031860] ? ctx_sched_in+0x134/0x9b0 [ 132.032158] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 132.032548] ? perf_swevent_event+0x63/0x3f0 [ 132.032885] ? perf_tp_event+0x807/0xe70 [ 132.033194] ? perf_trace_run_bpf_submit+0xef/0x180 [ 132.033571] perf_trace_run_bpf_submit+0xef/0x180 [ 132.033942] perf_trace_preemptirq_template+0x259/0x430 [ 132.034338] ? mark_held_locks+0x49/0x80 [ 132.034647] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.035084] ? _raw_spin_lock_irqsave+0x53/0x60 [ 132.035437] trace_irq_disable.constprop.0+0xa6/0x100 [ 132.035824] _raw_spin_lock_irqsave+0x53/0x60 [ 132.036164] try_to_wake_up+0xa0/0x11d0 [ 132.036482] ? __pfx_try_to_wake_up+0x10/0x10 [ 132.036827] ? plist_del+0x122/0x270 [ 132.037113] ? find_held_lock+0x2b/0x80 [ 132.037418] ? futex_wake+0x474/0x540 [ 132.037712] wake_up_q+0xa1/0x130 [ 132.037986] futex_wake+0x47e/0x540 [ 132.038269] ? __pfx_futex_wake+0x10/0x10 [ 132.038585] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 132.038966] ? lock_release+0xc8/0x290 [ 132.039262] do_futex+0x26d/0x370 [ 132.039529] ? __pfx_do_futex+0x10/0x10 [ 132.039832] ? perf_trace_run_bpf_submit+0xef/0x180 [ 132.040207] __x64_sys_futex+0x1c9/0x4d0 [ 132.040522] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.040955] ? __pfx___x64_sys_futex+0x10/0x10 [ 132.041301] do_syscall_64+0xbf/0x360 [ 132.041587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.041971] RIP: 0033:0x7f596f0c7b19 [ 132.042249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.043569] RSP: 002b:00007f596c63d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.044126] RAX: ffffffffffffffda RBX: 00007f596f1daf68 RCX: 00007f596f0c7b19 [ 132.044659] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f596f1daf6c [ 132.045182] RBP: 00007f596f1daf60 R08: 000000000000000e R09: 0000000000000000 [ 132.045703] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f596f1daf6c [ 132.046225] R13: 00007ffe3f175b1f R14: 00007f596c63d300 R15: 0000000000022000 [ 132.046751] [ 132.046928] Modules linked in: [ 132.047174] ---[ end trace 0000000000000000 ]--- [ 132.047175] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 132.047520] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 132.048364] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 132.048713] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 132.049378] CPU: 0 UID: 0 PID: 4025 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 132.050697] RSP: 0018:ffff888047cbf780 EFLAGS: 00010012 [ 132.051599] Tainted: [D]=DIE, [W]=WARN [ 132.051985] RAX: 00200000000000b0 RBX: ffff88804403abc1 RCX: ffffc90004c33000 [ 132.052283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.052806] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 132.053439] RIP: 0010:perf_tp_event+0x175/0xe70 [ 132.053961] RBP: ffff888047cbf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd11428 [ 132.054316] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 132.054835] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 132.056220] RSP: 0018:ffff888047d4f780 EFLAGS: 00010012 [ 132.056808] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.057239] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a05d000 [ 132.057809] FS: 00007f596c63d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.058368] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 132.059013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.059572] RBP: ffff888047d4f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc11428 [ 132.060039] CR2: 00007f596f1db018 CR3: 00000000453ee000 CR4: 0000000000350ef0 [ 132.060610] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 132.061184] note: syz-executor.7[4020] exited with irqs disabled [ 132.061747] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 132.062809] FS: 00007fb9782ba700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 132.063453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.063918] CR2: 00007fb97ae58018 CR3: 000000001e294000 CR4: 0000000000350ef0 [ 132.064496] Call Trace: [ 132.064710] [ 132.064897] ? lock_release+0x1c7/0x290 [ 132.065230] ? __pfx_perf_tp_event+0x10/0x10 [ 132.065593] ? unwind_get_return_address+0x59/0xa0 [ 132.066001] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 132.066440] ? arch_stack_walk+0x9c/0xf0 [ 132.066774] ? stack_trace_save+0x8e/0xc0 [ 132.067114] ? stack_depot_save_flags+0x2c/0xa20 [ 132.067501] ? lock_acquire+0x18c/0x2f0 [ 132.067831] ? lock_release+0x1c7/0x290 [ 132.068159] ? lock_acquire+0x18c/0x2f0 [ 132.068484] ? lock_acquire+0x18c/0x2f0 [ 132.068806] ? perf_trace_run_bpf_submit+0xef/0x180 [ 132.069214] ? __is_insn_slot_addr+0x140/0x290 [ 132.069594] perf_trace_run_bpf_submit+0xef/0x180 [ 132.069988] perf_trace_preemptirq_template+0x259/0x430 [ 132.070415] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.070889] ? stack_trace_save+0x8e/0xc0 [ 132.071229] ? _raw_spin_lock_irqsave+0x53/0x60 [ 132.071620] trace_irq_disable.constprop.0+0xa6/0x100 [ 132.072040] _raw_spin_lock_irqsave+0x53/0x60 [ 132.072410] try_to_wake_up+0xa0/0x11d0 [ 132.072748] ? lock_acquire+0x18c/0x2f0 [ 132.073075] ? __pfx_try_to_wake_up+0x10/0x10 [ 132.073453] ? plist_del+0x122/0x270 [ 132.073763] ? __futex_unqueue+0xda/0x1c0 [ 132.074097] wake_up_q+0xa1/0x130 [ 132.074387] futex_wake+0x47e/0x540 [ 132.074688] ? __pfx_futex_wake+0x10/0x10 [ 132.075029] ? errseq_sample+0x5a/0x70 [ 132.075350] ? file_init_path+0x506/0x770 [ 132.075693] do_futex+0x26d/0x370 [ 132.075980] ? __pfx_do_futex+0x10/0x10 [ 132.076304] ? lock_release+0x1c7/0x290 [ 132.076640] __x64_sys_futex+0x1c9/0x4d0 [ 132.076974] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.077447] ? __pfx___x64_sys_futex+0x10/0x10 [ 132.077817] ? xfd_validate_state+0x55/0x180 [ 132.078181] do_syscall_64+0xbf/0x360 [ 132.078496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.078918] RIP: 0033:0x7fb97ad44b19 [ 132.079222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.080670] RSP: 002b:00007fb9782ba218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.081281] RAX: ffffffffffffffda RBX: 00007fb97ae57f68 RCX: 00007fb97ad44b19 [ 132.081852] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb97ae57f6c [ 132.082416] RBP: 00007fb97ae57f60 R08: 000000000000000e R09: 0000000000000000 [ 132.082988] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb97ae57f6c [ 132.083555] R13: 00007ffdc151474f R14: 00007fb9782ba300 R15: 0000000000022000 [ 132.084123] [ 132.084314] Modules linked in: [ 132.084583] ---[ end trace 0000000000000000 ]--- [ 132.084585] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#3] SMP KASAN NOPTI [ 132.084959] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 132.085845] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 132.086217] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 132.086890] CPU: 1 UID: 0 PID: 4020 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 132.088270] RSP: 0018:ffff888047cbf780 EFLAGS: 00010012 [ 132.089142] Tainted: [D]=DIE, [W]=WARN [ 132.089544] RAX: 00200000000000b0 RBX: ffff88804403abc1 RCX: ffffc90004c33000 [ 132.089829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.090370] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 132.090970] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 132.091535] RBP: ffff888047cbf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd11428 [ 132.091883] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 132.092441] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 132.093761] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012 [ 132.094329] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.094757] RAX: 00200000000000b0 RBX: ffff88804403abc1 RCX: ffffffff8189a55c [ 132.095318] FS: 00007fb9782ba700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 132.095880] RDX: ffff8880456b0000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 132.096518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.097087] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd11428 [ 132.097546] CR2: 00007fb97ae58018 CR3: 000000001e294000 CR4: 0000000000350ef0 [ 132.098125] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 132.098695] note: syz-executor.6[4025] exited with irqs disabled [ 132.099259] R13: 0100000000000000 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 132.100303] FS: 00007f596c63d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.100959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.101429] CR2: 00007f596f1db018 CR3: 00000000453ee000 CR4: 0000000000350ef0 [ 132.102004] Call Trace: [ 132.102216] [ 132.102402] ? __pfx_perf_tp_event+0x10/0x10 [ 132.102767] ? timerqueue_add+0x1c2/0x330 [ 132.103110] ? kvm_sched_clock_read+0x16/0x30 [ 132.103484] ? sched_clock+0x37/0x60 [ 132.103799] ? sched_clock_cpu+0x6c/0x4e0 [ 132.104141] ? trace_pelt_se_tp+0xdf/0x130 [ 132.104493] ? do_raw_spin_lock+0x123/0x260 [ 132.104854] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 132.105236] ? lock_acquire+0x18c/0x2f0 [ 132.105558] ? update_cfs_group+0x11d/0x260 [ 132.105912] ? lock_release+0x1c7/0x290 [ 132.106236] ? perf_trace_run_bpf_submit+0xef/0x180 [ 132.106653] perf_trace_run_bpf_submit+0xef/0x180 [ 132.107051] perf_trace_preemptirq_template+0x259/0x430 [ 132.107484] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 132.107960] ? lock_acquire+0x18c/0x2f0 [ 132.108285] ? irqentry_enter+0x2a/0x60 [ 132.108621] trace_irq_disable.constprop.0+0xa6/0x100 [ 132.109039] irqentry_enter+0x2a/0x60 [ 132.109359] common_interrupt+0x1d/0xd0 [ 132.109680] asm_common_interrupt+0x26/0x40 [ 132.110031] RIP: 0010:handle_softirqs+0x174/0x770 [ 132.110429] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f d4 48 06 00 00 e8 72 8f 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d [ 132.111883] RSP: 0018:ffff88806cf08f78 EFLAGS: 00000246 [ 132.112309] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c3ab6 [ 132.112889] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e [ 132.113459] RBP: ffff888047cbfe78 R08: 0000000000000000 R09: 0000000000000000 [ 132.114029] R10: ffffffff8643b457 R11: ffff8880192e8098 R12: 0000000000000000 [ 132.114600] R13: 0000000000000000 R14: 0000000000000280 R15: 0000000000000000 [ 132.115169] ? trace_irq_enable.constprop.0+0x26/0x100 [ 132.115592] ? handle_softirqs+0x16e/0x770 [ 132.115944] ? handle_softirqs+0x16e/0x770 [ 132.116294] __irq_exit_rcu+0xc4/0x100 [ 132.116632] irq_exit_rcu+0x9/0x20 [ 132.116926] sysvec_apic_timer_interrupt+0x70/0x80 [ 132.117326] [ 132.117514] [ 132.117698] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.118126] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 132.118505] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 132.119968] RSP: 0018:ffff888047cbff28 EFLAGS: 00000246 [ 132.120399] RAX: 0000000000000001 RBX: ffff8880456b0000 RCX: ffffffff817c3ab6 [ 132.120981] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 132.121550] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 132.122121] R10: ffffffff8643b457 R11: 7973203a65746f6e R12: ffff8880456b0000 [ 132.122699] R13: 0000000000000000 R14: e01ffc00000000b0 R15: 0000000000000000 [ 132.123269] ? trace_irq_enable.constprop.0+0x26/0x100 [ 132.123693] ? make_task_dead+0x214/0x3b0 [ 132.124036] ? make_task_dead+0x214/0x3b0 [ 132.124376] ? do_syscall_64+0xbf/0x360 [ 132.124707] rewind_stack_and_make_dead+0x16/0x20 [ 132.125107] RIP: 0033:0x7f596f0c7b19 [ 132.125412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.126862] RSP: 002b:00007f596c63d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.127468] RAX: ffffffffffffffda RBX: 00007f596f1daf68 RCX: 00007f596f0c7b19 [ 132.128037] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f596f1daf6c [ 132.128619] RBP: 00007f596f1daf60 R08: 000000000000000e R09: 0000000000000000 [ 132.129190] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f596f1daf6c [ 132.129754] R13: 00007ffe3f175b1f R14: 00007f596c63d300 R15: 0000000000022000 [ 132.130327] [ 132.130519] Modules linked in: [ 132.130786] ---[ end trace 0000000000000000 ]--- [ 132.130787] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 132.131163] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 132.132048] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 132.132415] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 132.133115] CPU: 0 UID: 0 PID: 4025 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 132.134563] RSP: 0018:ffff888047cbf780 EFLAGS: 00010012 [ 132.135515] Tainted: [D]=DIE, [W]=WARN [ 132.135941] RAX: 00200000000000b0 RBX: ffff88804403abc1 RCX: ffffc90004c33000 [ 132.136243] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.136819] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580 [ 132.137479] RIP: 0010:perf_tp_event+0x175/0xe70 [ 132.138044] RBP: ffff888047cbf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd11428 [ 132.138413] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 132.138986] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 132.140444] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010012 [ 132.141018] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 132.141444] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 132.142006] FS: 00007f596c63d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 132.142571] RDX: ffff888016a3b700 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 132.143208] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.143765] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc11428 [ 132.144224] CR2: 00007f596f1db018 CR3: 00000000453ee000 CR4: 0000000000350ef0 [ 132.144790] R10: 0000000000000000 R11: ffff88801903b098 R12: dffffc0000000000 [ 132.145353] Kernel panic - not syncing: Fatal exception in interrupt [ 133.191685] Shutting down cpus with NMI [ 133.192735] Kernel Offset: disabled [ 133.193024] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:05:17 Registers: info registers vcpu 0 RAX=00000000000000a0 RBX=00000000000000a0 RCX=ffffc90005e3c000 RDX=0000000000010176 RSI=ffffffff8254b348 RDI=0000000000000007 RBP=ffff888009d58000 RSP=ffff888047cc6f40 R8 =0000000000000000 R9 =0000000000006d2c R10=0000000000010176 R11=0000000000000000 R12=0000000000010176 R13=ffffed10013ab001 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff8254b34e RFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd558156700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd55acf4018 CR3=0000000017080000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fd55acc77c000007fd55acc77c8 XMM02=00007fd55acc77e000007fd55acc77c0 XMM03=00007fd55acc77c800007fd55acc77c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047cbf018 R8 =0000000000000000 R9 =ffffed10016e6046 R10=00000000000fe503 R11=0000000065646f43 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f596c63d700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f596f1db018 CR3=00000000453ee000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f596f1ae7c000007f596f1ae7c8 XMM02=00007f596f1ae7e000007f596f1ae7c0 XMM03=00007f596f1ae7c800007f596f1ae7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000