Warning: Permanently added '[localhost]:27468' (ECDSA) to the list of known hosts. 2025/09/01 11:22:53 fuzzer started 2025/09/01 11:22:54 dialing manager at localhost:35473 syzkaller login: [ 51.497231] cgroup: Unknown subsys name 'net' [ 51.585477] cgroup: Unknown subsys name 'cpuset' [ 51.602812] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:23:04 syscalls: 2214 2025/09/01 11:23:04 code coverage: enabled 2025/09/01 11:23:04 comparison tracing: enabled 2025/09/01 11:23:04 extra coverage: enabled 2025/09/01 11:23:04 setuid sandbox: enabled 2025/09/01 11:23:04 namespace sandbox: enabled 2025/09/01 11:23:04 Android sandbox: enabled 2025/09/01 11:23:04 fault injection: enabled 2025/09/01 11:23:04 leak checking: enabled 2025/09/01 11:23:04 net packet injection: enabled 2025/09/01 11:23:04 net device setup: enabled 2025/09/01 11:23:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:23:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:23:04 USB emulation: enabled 2025/09/01 11:23:04 hci packet injection: enabled 2025/09/01 11:23:04 wifi device emulation: enabled 2025/09/01 11:23:04 802.15.4 emulation: enabled 2025/09/01 11:23:04 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:23:04 fetching corpus: 50, signal 25715/29220 (executing program) 2025/09/01 11:23:04 fetching corpus: 100, signal 35452/40343 (executing program) 2025/09/01 11:23:05 fetching corpus: 150, signal 43277/49454 (executing program) 2025/09/01 11:23:05 fetching corpus: 200, signal 49143/56501 (executing program) 2025/09/01 11:23:05 fetching corpus: 250, signal 53924/62455 (executing program) 2025/09/01 11:23:05 fetching corpus: 300, signal 59168/68691 (executing program) 2025/09/01 11:23:05 fetching corpus: 350, signal 62846/73450 (executing program) 2025/09/01 11:23:05 fetching corpus: 400, signal 67948/79378 (executing program) 2025/09/01 11:23:05 fetching corpus: 450, signal 69706/82264 (executing program) 2025/09/01 11:23:05 fetching corpus: 500, signal 72352/85845 (executing program) 2025/09/01 11:23:05 fetching corpus: 550, signal 74612/89067 (executing program) 2025/09/01 11:23:05 fetching corpus: 600, signal 76767/92112 (executing program) 2025/09/01 11:23:05 fetching corpus: 650, signal 80089/96158 (executing program) 2025/09/01 11:23:06 fetching corpus: 700, signal 82899/99705 (executing program) 2025/09/01 11:23:06 fetching corpus: 750, signal 86186/103589 (executing program) 2025/09/01 11:23:06 fetching corpus: 800, signal 88563/106696 (executing program) 2025/09/01 11:23:06 fetching corpus: 850, signal 89658/108669 (executing program) 2025/09/01 11:23:06 fetching corpus: 900, signal 91117/110909 (executing program) 2025/09/01 11:23:06 fetching corpus: 950, signal 93966/114162 (executing program) 2025/09/01 11:23:06 fetching corpus: 1000, signal 95724/116577 (executing program) 2025/09/01 11:23:06 fetching corpus: 1050, signal 97100/118588 (executing program) 2025/09/01 11:23:06 fetching corpus: 1100, signal 98379/120565 (executing program) 2025/09/01 11:23:06 fetching corpus: 1150, signal 100473/123033 (executing program) 2025/09/01 11:23:07 fetching corpus: 1200, signal 101680/124848 (executing program) 2025/09/01 11:23:07 fetching corpus: 1250, signal 104368/127740 (executing program) 2025/09/01 11:23:07 fetching corpus: 1300, signal 106198/129943 (executing program) 2025/09/01 11:23:07 fetching corpus: 1350, signal 107363/131632 (executing program) 2025/09/01 11:23:07 fetching corpus: 1400, signal 108994/133626 (executing program) 2025/09/01 11:23:07 fetching corpus: 1450, signal 110357/135422 (executing program) 2025/09/01 11:23:07 fetching corpus: 1500, signal 111472/137081 (executing program) 2025/09/01 11:23:07 fetching corpus: 1550, signal 112548/138588 (executing program) 2025/09/01 11:23:07 fetching corpus: 1600, signal 113504/140020 (executing program) 2025/09/01 11:23:07 fetching corpus: 1650, signal 114577/141523 (executing program) 2025/09/01 11:23:08 fetching corpus: 1700, signal 116187/143319 (executing program) 2025/09/01 11:23:08 fetching corpus: 1750, signal 117069/144618 (executing program) 2025/09/01 11:23:08 fetching corpus: 1800, signal 118149/146000 (executing program) 2025/09/01 11:23:08 fetching corpus: 1850, signal 119114/147370 (executing program) 2025/09/01 11:23:08 fetching corpus: 1900, signal 120442/148882 (executing program) 2025/09/01 11:23:08 fetching corpus: 1950, signal 121791/150372 (executing program) 2025/09/01 11:23:08 fetching corpus: 2000, signal 122659/151571 (executing program) 2025/09/01 11:23:08 fetching corpus: 2050, signal 123515/152707 (executing program) 2025/09/01 11:23:08 fetching corpus: 2100, signal 127392/155546 (executing program) 2025/09/01 11:23:08 fetching corpus: 2150, signal 128296/156671 (executing program) 2025/09/01 11:23:08 fetching corpus: 2200, signal 129419/157883 (executing program) 2025/09/01 11:23:09 fetching corpus: 2250, signal 130421/159079 (executing program) 2025/09/01 11:23:09 fetching corpus: 2300, signal 131742/160384 (executing program) 2025/09/01 11:23:09 fetching corpus: 2350, signal 133279/161722 (executing program) 2025/09/01 11:23:09 fetching corpus: 2400, signal 133976/162678 (executing program) 2025/09/01 11:23:09 fetching corpus: 2450, signal 135108/163822 (executing program) 2025/09/01 11:23:09 fetching corpus: 2500, signal 135756/164654 (executing program) 2025/09/01 11:23:09 fetching corpus: 2550, signal 136269/165447 (executing program) 2025/09/01 11:23:09 fetching corpus: 2600, signal 136848/166289 (executing program) 2025/09/01 11:23:09 fetching corpus: 2650, signal 137514/167161 (executing program) 2025/09/01 11:23:09 fetching corpus: 2700, signal 138135/168036 (executing program) 2025/09/01 11:23:09 fetching corpus: 2750, signal 138756/168821 (executing program) 2025/09/01 11:23:10 fetching corpus: 2800, signal 139618/169729 (executing program) 2025/09/01 11:23:10 fetching corpus: 2850, signal 140348/170621 (executing program) 2025/09/01 11:23:10 fetching corpus: 2900, signal 141035/171387 (executing program) 2025/09/01 11:23:10 fetching corpus: 2950, signal 141849/172176 (executing program) 2025/09/01 11:23:10 fetching corpus: 3000, signal 142692/172933 (executing program) 2025/09/01 11:23:10 fetching corpus: 3050, signal 143254/173682 (executing program) 2025/09/01 11:23:10 fetching corpus: 3100, signal 143788/174347 (executing program) 2025/09/01 11:23:10 fetching corpus: 3150, signal 144342/174983 (executing program) 2025/09/01 11:23:10 fetching corpus: 3200, signal 145004/175680 (executing program) 2025/09/01 11:23:11 fetching corpus: 3250, signal 145593/176315 (executing program) 2025/09/01 11:23:11 fetching corpus: 3300, signal 146137/177048 (executing program) 2025/09/01 11:23:11 fetching corpus: 3350, signal 146731/177720 (executing program) 2025/09/01 11:23:11 fetching corpus: 3400, signal 147329/178329 (executing program) 2025/09/01 11:23:11 fetching corpus: 3450, signal 148031/178992 (executing program) 2025/09/01 11:23:11 fetching corpus: 3500, signal 149314/179751 (executing program) 2025/09/01 11:23:11 fetching corpus: 3550, signal 149766/180298 (executing program) 2025/09/01 11:23:11 fetching corpus: 3600, signal 150397/180894 (executing program) 2025/09/01 11:23:11 fetching corpus: 3650, signal 151126/181460 (executing program) 2025/09/01 11:23:11 fetching corpus: 3700, signal 151620/181989 (executing program) 2025/09/01 11:23:11 fetching corpus: 3750, signal 152038/182542 (executing program) 2025/09/01 11:23:12 fetching corpus: 3800, signal 152418/183034 (executing program) 2025/09/01 11:23:12 fetching corpus: 3850, signal 152824/183517 (executing program) 2025/09/01 11:23:12 fetching corpus: 3900, signal 153405/184016 (executing program) 2025/09/01 11:23:12 fetching corpus: 3950, signal 153876/184472 (executing program) 2025/09/01 11:23:12 fetching corpus: 4000, signal 154274/184938 (executing program) 2025/09/01 11:23:12 fetching corpus: 4050, signal 154692/185380 (executing program) 2025/09/01 11:23:12 fetching corpus: 4100, signal 155104/185830 (executing program) 2025/09/01 11:23:12 fetching corpus: 4150, signal 155435/186224 (executing program) 2025/09/01 11:23:12 fetching corpus: 4200, signal 156011/186643 (executing program) 2025/09/01 11:23:12 fetching corpus: 4250, signal 156449/187028 (executing program) 2025/09/01 11:23:12 fetching corpus: 4300, signal 156816/187378 (executing program) 2025/09/01 11:23:13 fetching corpus: 4350, signal 157535/187843 (executing program) 2025/09/01 11:23:13 fetching corpus: 4400, signal 157945/188235 (executing program) 2025/09/01 11:23:13 fetching corpus: 4450, signal 158434/188624 (executing program) 2025/09/01 11:23:13 fetching corpus: 4500, signal 158993/188989 (executing program) 2025/09/01 11:23:13 fetching corpus: 4550, signal 159357/189367 (executing program) 2025/09/01 11:23:13 fetching corpus: 4600, signal 159783/189709 (executing program) 2025/09/01 11:23:13 fetching corpus: 4650, signal 160217/189865 (executing program) 2025/09/01 11:23:13 fetching corpus: 4700, signal 160630/189877 (executing program) 2025/09/01 11:23:13 fetching corpus: 4750, signal 161248/189935 (executing program) 2025/09/01 11:23:13 fetching corpus: 4800, signal 161648/189959 (executing program) 2025/09/01 11:23:13 fetching corpus: 4850, signal 161927/189977 (executing program) 2025/09/01 11:23:13 fetching corpus: 4900, signal 162375/189977 (executing program) 2025/09/01 11:23:13 fetching corpus: 4950, signal 162877/189977 (executing program) 2025/09/01 11:23:14 fetching corpus: 5000, signal 163200/189978 (executing program) 2025/09/01 11:23:14 fetching corpus: 5050, signal 163855/189985 (executing program) 2025/09/01 11:23:14 fetching corpus: 5100, signal 164276/189998 (executing program) 2025/09/01 11:23:14 fetching corpus: 5150, signal 164643/190003 (executing program) 2025/09/01 11:23:14 fetching corpus: 5200, signal 165080/190023 (executing program) 2025/09/01 11:23:14 fetching corpus: 5250, signal 165409/190038 (executing program) 2025/09/01 11:23:14 fetching corpus: 5300, signal 166395/190044 (executing program) 2025/09/01 11:23:14 fetching corpus: 5350, signal 166821/190058 (executing program) 2025/09/01 11:23:14 fetching corpus: 5400, signal 167185/190060 (executing program) 2025/09/01 11:23:14 fetching corpus: 5450, signal 167880/190063 (executing program) 2025/09/01 11:23:14 fetching corpus: 5500, signal 168173/190069 (executing program) 2025/09/01 11:23:15 fetching corpus: 5550, signal 168801/190075 (executing program) 2025/09/01 11:23:15 fetching corpus: 5600, signal 169192/190077 (executing program) 2025/09/01 11:23:15 fetching corpus: 5650, signal 169577/190115 (executing program) 2025/09/01 11:23:15 fetching corpus: 5700, signal 169838/190154 (executing program) 2025/09/01 11:23:15 fetching corpus: 5750, signal 170397/190154 (executing program) 2025/09/01 11:23:15 fetching corpus: 5800, signal 170759/190188 (executing program) 2025/09/01 11:23:15 fetching corpus: 5850, signal 171234/190197 (executing program) 2025/09/01 11:23:15 fetching corpus: 5900, signal 171440/190205 (executing program) 2025/09/01 11:23:15 fetching corpus: 5950, signal 171890/190223 (executing program) 2025/09/01 11:23:15 fetching corpus: 6000, signal 172311/190226 (executing program) 2025/09/01 11:23:15 fetching corpus: 6050, signal 172636/190229 (executing program) 2025/09/01 11:23:16 fetching corpus: 6100, signal 173170/190260 (executing program) 2025/09/01 11:23:16 fetching corpus: 6150, signal 173423/190264 (executing program) 2025/09/01 11:23:16 fetching corpus: 6200, signal 173680/190272 (executing program) 2025/09/01 11:23:16 fetching corpus: 6250, signal 174359/190277 (executing program) 2025/09/01 11:23:16 fetching corpus: 6300, signal 174671/190303 (executing program) 2025/09/01 11:23:16 fetching corpus: 6350, signal 175049/190310 (executing program) 2025/09/01 11:23:16 fetching corpus: 6400, signal 175437/190375 (executing program) 2025/09/01 11:23:16 fetching corpus: 6450, signal 175653/190379 (executing program) 2025/09/01 11:23:16 fetching corpus: 6500, signal 175880/190421 (executing program) 2025/09/01 11:23:16 fetching corpus: 6550, signal 176251/190422 (executing program) 2025/09/01 11:23:16 fetching corpus: 6600, signal 176468/190459 (executing program) 2025/09/01 11:23:17 fetching corpus: 6650, signal 176927/190464 (executing program) 2025/09/01 11:23:17 fetching corpus: 6700, signal 177133/190467 (executing program) 2025/09/01 11:23:17 fetching corpus: 6750, signal 177371/190469 (executing program) 2025/09/01 11:23:17 fetching corpus: 6800, signal 177778/190477 (executing program) 2025/09/01 11:23:17 fetching corpus: 6850, signal 178265/190477 (executing program) 2025/09/01 11:23:17 fetching corpus: 6900, signal 178754/190487 (executing program) 2025/09/01 11:23:17 fetching corpus: 6950, signal 178969/190490 (executing program) 2025/09/01 11:23:17 fetching corpus: 7000, signal 179321/190493 (executing program) 2025/09/01 11:23:17 fetching corpus: 7050, signal 179564/190512 (executing program) 2025/09/01 11:23:17 fetching corpus: 7100, signal 179884/190517 (executing program) 2025/09/01 11:23:17 fetching corpus: 7150, signal 180173/190523 (executing program) 2025/09/01 11:23:18 fetching corpus: 7200, signal 180341/190529 (executing program) 2025/09/01 11:23:18 fetching corpus: 7250, signal 180661/190547 (executing program) 2025/09/01 11:23:18 fetching corpus: 7300, signal 180869/190550 (executing program) 2025/09/01 11:23:18 fetching corpus: 7350, signal 181413/190551 (executing program) 2025/09/01 11:23:18 fetching corpus: 7400, signal 181697/190554 (executing program) 2025/09/01 11:23:18 fetching corpus: 7450, signal 181895/190558 (executing program) 2025/09/01 11:23:18 fetching corpus: 7500, signal 182304/190561 (executing program) 2025/09/01 11:23:18 fetching corpus: 7550, signal 182614/190568 (executing program) 2025/09/01 11:23:18 fetching corpus: 7600, signal 182902/190575 (executing program) 2025/09/01 11:23:18 fetching corpus: 7650, signal 183196/190575 (executing program) 2025/09/01 11:23:18 fetching corpus: 7700, signal 183550/190584 (executing program) 2025/09/01 11:23:19 fetching corpus: 7750, signal 183804/190584 (executing program) 2025/09/01 11:23:19 fetching corpus: 7800, signal 184081/190588 (executing program) 2025/09/01 11:23:19 fetching corpus: 7850, signal 184370/190595 (executing program) 2025/09/01 11:23:19 fetching corpus: 7900, signal 184696/190596 (executing program) 2025/09/01 11:23:19 fetching corpus: 7950, signal 184851/190600 (executing program) 2025/09/01 11:23:19 fetching corpus: 8000, signal 185052/190603 (executing program) 2025/09/01 11:23:19 fetching corpus: 8050, signal 185315/190610 (executing program) 2025/09/01 11:23:19 fetching corpus: 8100, signal 185617/190610 (executing program) 2025/09/01 11:23:19 fetching corpus: 8150, signal 185936/190615 (executing program) 2025/09/01 11:23:19 fetching corpus: 8200, signal 186448/190617 (executing program) 2025/09/01 11:23:19 fetching corpus: 8250, signal 186756/190652 (executing program) 2025/09/01 11:23:19 fetching corpus: 8300, signal 186929/190658 (executing program) 2025/09/01 11:23:19 fetching corpus: 8350, signal 187117/190665 (executing program) 2025/09/01 11:23:19 fetching corpus: 8400, signal 187286/190670 (executing program) 2025/09/01 11:23:20 fetching corpus: 8450, signal 187526/190672 (executing program) 2025/09/01 11:23:20 fetching corpus: 8500, signal 187913/190679 (executing program) 2025/09/01 11:23:20 fetching corpus: 8502, signal 187916/190679 (executing program) 2025/09/01 11:23:20 fetching corpus: 8502, signal 187916/190679 (executing program) 2025/09/01 11:23:22 starting 8 fuzzer processes 11:23:22 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) 11:23:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)={0x3704}) 11:23:22 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000470008000f801", 0x17}, {0x0, 0x0, 0xa20}], 0x0, &(0x7f0000000300)=ANY=[]) io_setup(0x572, &(0x7f0000000140)=0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) io_submit(r1, 0x1, &(0x7f00000002c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x0, r2, 0x0}]) unlinkat(r2, &(0x7f0000000200)='./file0\x00', 0x200) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x80, 0x1) openat$incfs(r0, &(0x7f0000000000)='.log\x00', 0xf0, 0x0) 11:23:22 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x2) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000540)="e551acd9be83652599c34fdbc3f075add89d8855f7ca978bd240e36ef8a64a10f13e40aa5709093a2889e1959dcf4b2f769658788234d0a85901ae791c561aadab173be5fc2aaeeac28cb751f898503e56916557d2a99ae9ce845989aed00ab3a5ea392a834ad8d97b9014f0fb3b48c0d57ae194d9d58a32fee4a9fd56bdb09b0c64904d47ad3e59053b79af2a760eb579da126e5a941488df027575a90c4d2c0f2b1d603fd5fae22ba1bf2a13958492d8ffa35b9a881ba893d249aa99b72c67bfee95caa584090906b771f64be556a9fd0f4778cc45ebd06caa773c6ca7ef7920003c015dec3db15189ccca25af7bb513c0cdeca7a13750140f1e811115da8c3b26f1c2e29a7d067b09fc8d", 0xfb}, {&(0x7f0000000000)="460915ce6396b98c9420a762e0af120af24e41ea26c4f2b058ed87782bffd7cc35d55e0d5c21044d72b41341efc1101669d7b5838662c9f2d12a4b9b4dabe2240c82a208e4d0f8ce605667a72e8c74e9e83529dd506715111cbd0000000000000000", 0x62}, {&(0x7f0000000080)="8e8612844497e1175c0a6d2aec665070057debed77f3e3f25e3526ca8a3c606a3a8ba2b2456e28a0a6ab815c3e77d50000000067eb273e5777b52e6404541e30e5b679a2e7baf08cfe2f3caffc8325c5740937981be474f7ba9f301aa1c40aff6933c3f5dca9255fb15cce2d66635b175d96c293eb34ea658434cf1537028b862b5074fe5e6258da15795e534df1f004a25f2971411763a6ddeb1eae70226f9cec3115416e0f5a81bd2da0ef32526c3848b69087209bceeb2d5f9f54a4e76f0d53154045213d7cb5e355e0bbc04f169739cb64668ffbce", 0xd7}], 0x32) 11:23:22 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) [ 79.321845] audit: type=1400 audit(1756725802.248:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:23:22 executing program 5: io_setup(0x400, &(0x7f0000000000)=0x0) r1 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_submit(r0, 0x1, &(0x7f00000001c0)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 11:23:22 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 11:23:22 executing program 6: semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) [ 80.440767] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.444896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.446876] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.450632] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.453727] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.564162] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.570246] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.573013] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.575573] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.578916] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.580775] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.582881] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.588015] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.589982] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.600833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.625919] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.635777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.639131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.649805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.657845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.710804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.714684] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.723615] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.724845] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.728705] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.730603] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.732882] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.746949] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.749183] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.750956] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.757772] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.760518] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.762690] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.767639] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.787641] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.789658] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.791692] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.801975] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.805808] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.810876] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.472711] Bluetooth: hci0: command tx timeout [ 82.666432] Bluetooth: hci2: command tx timeout [ 82.667172] Bluetooth: hci1: command tx timeout [ 82.728486] Bluetooth: hci3: command tx timeout [ 82.792478] Bluetooth: hci5: command tx timeout [ 82.857591] Bluetooth: hci7: command tx timeout [ 82.920915] Bluetooth: hci6: command tx timeout [ 82.920943] Bluetooth: hci4: command tx timeout [ 84.521173] Bluetooth: hci0: command tx timeout [ 84.712499] Bluetooth: hci1: command tx timeout [ 84.713959] Bluetooth: hci2: command tx timeout [ 84.776444] Bluetooth: hci3: command tx timeout [ 84.840485] Bluetooth: hci5: command tx timeout [ 84.904449] Bluetooth: hci7: command tx timeout [ 84.968627] Bluetooth: hci4: command tx timeout [ 84.968643] Bluetooth: hci6: command tx timeout [ 86.568616] Bluetooth: hci0: command tx timeout [ 86.760479] Bluetooth: hci2: command tx timeout [ 86.760609] Bluetooth: hci1: command tx timeout [ 86.824518] Bluetooth: hci3: command tx timeout [ 86.888534] Bluetooth: hci5: command tx timeout [ 86.952473] Bluetooth: hci7: command tx timeout [ 87.018409] Bluetooth: hci4: command tx timeout [ 87.018545] Bluetooth: hci6: command tx timeout [ 88.618403] Bluetooth: hci0: command tx timeout [ 88.808545] Bluetooth: hci1: command tx timeout [ 88.810266] Bluetooth: hci2: command tx timeout [ 88.872440] Bluetooth: hci3: command tx timeout [ 88.936512] Bluetooth: hci5: command tx timeout [ 89.001725] Bluetooth: hci7: command tx timeout [ 89.064486] Bluetooth: hci6: command tx timeout [ 89.064543] Bluetooth: hci4: command tx timeout [ 117.765318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.766035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.894676] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.895300] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.083405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.084055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.292841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.294069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.508311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.509458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.626198] loop2: detected capacity change from 0 to 10 [ 118.674313] FAT-fs (loop2): Directory bread(block 10) failed [ 118.675331] FAT-fs (loop2): Directory bread(block 11) failed [ 118.695475] FAT-fs (loop2): Directory bread(block 10) failed [ 118.696552] FAT-fs (loop2): Directory bread(block 11) failed [ 118.699641] FAT-fs (loop2): Directory bread(block 10) failed [ 118.700564] FAT-fs (loop2): Directory bread(block 11) failed [ 118.707020] FAT-fs (loop2): Directory bread(block 10) failed [ 118.710578] FAT-fs (loop2): Directory bread(block 11) failed [ 118.711771] FAT-fs (loop2): Directory bread(block 10) failed [ 118.718492] FAT-fs (loop2): Directory bread(block 11) failed [ 118.775470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.776562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:24:01 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x36, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) close(r1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) [ 118.910560] audit: type=1400 audit(1756725841.836:8): avc: denied { open } for pid=3860 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.917629] audit: type=1400 audit(1756725841.836:9): avc: denied { kernel } for pid=3860 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.958158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.959196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:24:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x27, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 119.058596] program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO 11:24:02 executing program 2: io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x13, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 11:24:02 executing program 1: syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000001e40)) [ 119.186615] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.187647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.303904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.305169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.426673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.427538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.622869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.624255] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.696650] loop2: detected capacity change from 0 to 32767 [ 119.767169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.768538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.899637] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.900992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.965011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.965929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.092730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.093843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.194121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.194923] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:24:03 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000340), 0x0, 0x66040) sendfile(r0, r1, 0x0, 0x1f) 11:24:03 executing program 2: io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x13, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 11:24:03 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00') move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00', 0x0) 11:24:03 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x2) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000540)="e551acd9be83652599c34fdbc3f075add89d8855f7ca978bd240e36ef8a64a10f13e40aa5709093a2889e1959dcf4b2f769658788234d0a85901ae791c561aadab173be5fc2aaeeac28cb751f898503e56916557d2a99ae9ce845989aed00ab3a5ea392a834ad8d97b9014f0fb3b48c0d57ae194d9d58a32fee4a9fd56bdb09b0c64904d47ad3e59053b79af2a760eb579da126e5a941488df027575a90c4d2c0f2b1d603fd5fae22ba1bf2a13958492d8ffa35b9a881ba893d249aa99b72c67bfee95caa584090906b771f64be556a9fd0f4778cc45ebd06caa773c6ca7ef7920003c015dec3db15189ccca25af7bb513c0cdeca7a13750140f1e811115da8c3b26f1c2e29a7d067b09fc8d", 0xfb}, {&(0x7f0000000000)="460915ce6396b98c9420a762e0af120af24e41ea26c4f2b058ed87782bffd7cc35d55e0d5c21044d72b41341efc1101669d7b5838662c9f2d12a4b9b4dabe2240c82a208e4d0f8ce605667a72e8c74e9e83529dd506715111cbd0000000000000000", 0x62}, {&(0x7f0000000080)="8e8612844497e1175c0a6d2aec665070057debed77f3e3f25e3526ca8a3c606a3a8ba2b2456e28a0a6ab815c3e77d50000000067eb273e5777b52e6404541e30e5b679a2e7baf08cfe2f3caffc8325c5740937981be474f7ba9f301aa1c40aff6933c3f5dca9255fb15cce2d66635b175d96c293eb34ea658434cf1537028b862b5074fe5e6258da15795e534df1f004a25f2971411763a6ddeb1eae70226f9cec3115416e0f5a81bd2da0ef32526c3848b69087209bceeb2d5f9f54a4e76f0d53154045213d7cb5e355e0bbc04f169739cb64668ffbce", 0xd7}], 0x32) 11:24:03 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)={0x20, 0x15, 0x1, 0x0, 0x0, "", [@generic="02", @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid}]}]}, 0x20}], 0x1}, 0x0) 11:24:03 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 11:24:03 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x403, 0x0) r2 = dup3(r1, r0, 0x0) flock(r2, 0x2) 11:24:03 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) [ 120.495167] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. 11:24:03 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x2) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000540)="e551acd9be83652599c34fdbc3f075add89d8855f7ca978bd240e36ef8a64a10f13e40aa5709093a2889e1959dcf4b2f769658788234d0a85901ae791c561aadab173be5fc2aaeeac28cb751f898503e56916557d2a99ae9ce845989aed00ab3a5ea392a834ad8d97b9014f0fb3b48c0d57ae194d9d58a32fee4a9fd56bdb09b0c64904d47ad3e59053b79af2a760eb579da126e5a941488df027575a90c4d2c0f2b1d603fd5fae22ba1bf2a13958492d8ffa35b9a881ba893d249aa99b72c67bfee95caa584090906b771f64be556a9fd0f4778cc45ebd06caa773c6ca7ef7920003c015dec3db15189ccca25af7bb513c0cdeca7a13750140f1e811115da8c3b26f1c2e29a7d067b09fc8d", 0xfb}, {&(0x7f0000000000)="460915ce6396b98c9420a762e0af120af24e41ea26c4f2b058ed87782bffd7cc35d55e0d5c21044d72b41341efc1101669d7b5838662c9f2d12a4b9b4dabe2240c82a208e4d0f8ce605667a72e8c74e9e83529dd506715111cbd0000000000000000", 0x62}, {&(0x7f0000000080)="8e8612844497e1175c0a6d2aec665070057debed77f3e3f25e3526ca8a3c606a3a8ba2b2456e28a0a6ab815c3e77d50000000067eb273e5777b52e6404541e30e5b679a2e7baf08cfe2f3caffc8325c5740937981be474f7ba9f301aa1c40aff6933c3f5dca9255fb15cce2d66635b175d96c293eb34ea658434cf1537028b862b5074fe5e6258da15795e534df1f004a25f2971411763a6ddeb1eae70226f9cec3115416e0f5a81bd2da0ef32526c3848b69087209bceeb2d5f9f54a4e76f0d53154045213d7cb5e355e0bbc04f169739cb64668ffbce", 0xd7}], 0x32) 11:24:03 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) [ 120.583900] kmemleak: Found object by alias at 0x607f1a63ec14 [ 120.583935] CPU: 1 UID: 0 PID: 3923 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 120.583972] Tainted: [W]=WARN [ 120.583979] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.583993] Call Trace: [ 120.584001] [ 120.584010] dump_stack_lvl+0xca/0x120 [ 120.584055] __lookup_object+0x94/0xb0 [ 120.584088] delete_object_full+0x27/0x70 [ 120.584127] free_percpu+0x30/0x1160 [ 120.584160] ? arch_uprobe_clear_state+0x16/0x140 [ 120.584199] futex_hash_free+0x38/0xc0 [ 120.584225] mmput+0x2d3/0x390 [ 120.584260] do_exit+0x79d/0x2970 [ 120.584290] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.584316] ? __pfx_do_exit+0x10/0x10 [ 120.584342] ? find_held_lock+0x2b/0x80 [ 120.584383] ? get_signal+0x835/0x2340 [ 120.584420] do_group_exit+0xd3/0x2a0 [ 120.584448] get_signal+0x2315/0x2340 [ 120.584481] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 120.584511] ? __pfx_get_signal+0x10/0x10 [ 120.584542] ? __schedule+0xe91/0x3590 [ 120.584581] arch_do_signal_or_restart+0x80/0x790 [ 120.584613] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 120.584645] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.584669] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.584693] ? __pfx___x64_sys_futex+0x10/0x10 [ 120.584719] ? xfd_validate_state+0x55/0x180 [ 120.584757] exit_to_user_mode_loop+0x8b/0x110 [ 120.584781] do_syscall_64+0x2f7/0x360 [ 120.584804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.584826] RIP: 0033:0x7f0edeeb7b19 [ 120.584842] Code: Unable to access opcode bytes at 0x7f0edeeb7aef. [ 120.584852] RSP: 002b:00007f0edc42d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.584874] RAX: 0000000000000001 RBX: 00007f0edefcaf68 RCX: 00007f0edeeb7b19 [ 120.584888] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0edefcaf6c [ 120.584901] RBP: 00007f0edefcaf60 R08: 000000000000000e R09: 0000000000000000 [ 120.584914] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f0edefcaf6c [ 120.584927] R13: 00007fff850a692f R14: 00007f0edc42d300 R15: 0000000000022000 [ 120.584956] [ 120.584963] kmemleak: Object (percpu) 0x607f1a63ec10 (size 8): [ 120.584976] kmemleak: comm "syz-executor.3", pid 3912, jiffies 4294787380 [ 120.584989] kmemleak: min_count = 1 [ 120.584996] kmemleak: count = 0 [ 120.585003] kmemleak: flags = 0x21 [ 120.585010] kmemleak: checksum = 0 [ 120.585017] kmemleak: backtrace: [ 120.585023] pcpu_alloc_noprof+0x87a/0x1170 [ 120.585052] percpu_ref_init+0x37/0x400 [ 120.585071] blkg_alloc+0xe9/0x7d0 [ 120.585093] blkg_create+0xe08/0x1420 [ 120.585117] bio_associate_blkg_from_css+0xe06/0x1380 [ 120.585147] bio_associate_blkg+0x10e/0x2a0 [ 120.585175] bio_init+0x2dd/0x570 [ 120.585201] bio_alloc_bioset+0x2cf/0x8c0 [ 120.585231] submit_bh_wbc+0x286/0x720 [ 120.585263] ext4_read_bh_nowait+0x156/0x240 [ 120.585288] __ext4_get_inode_loc+0x813/0x1390 [ 120.585308] ext4_get_inode_loc+0xbd/0x160 [ 120.585330] ext4_reserve_inode_write+0x155/0x350 [ 120.585355] ext4_xattr_set_handle+0x403/0x14c0 [ 120.585378] ext4_initxattrs+0xb9/0x120 [ 120.585406] security_inode_init_security+0x26d/0x390 11:24:03 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x81}, {0x6}]}) 11:24:03 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, 0x0, 0x4, 0x2, &(0x7f0000000300)=[{&(0x7f0000000240)="1a8c57bfe691548752351dd7091ec6202287", 0x12}, {&(0x7f0000000180)="80", 0x1, 0xffffffffffffffff}], 0x0, 0x0) 11:24:03 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000340), 0x0, 0x66040) sendfile(r0, r1, 0x0, 0x1f) [ 120.775990] audit: type=1326 audit(1756725843.701:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3934 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4935e51b19 code=0x0 11:24:03 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) [ 120.823828] loop5: detected capacity change from 0 to 16383 [ 121.080674] loop2: detected capacity change from 0 to 32767 11:24:04 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)={0x20, 0x15, 0x1, 0x0, 0x0, "", [@generic="02", @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid}]}]}, 0x20}], 0x1}, 0x0) 11:24:04 executing program 5: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000340), 0x0, 0x66040) sendfile(r0, r1, 0x0, 0x1f) 11:24:04 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x2) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000540)="e551acd9be83652599c34fdbc3f075add89d8855f7ca978bd240e36ef8a64a10f13e40aa5709093a2889e1959dcf4b2f769658788234d0a85901ae791c561aadab173be5fc2aaeeac28cb751f898503e56916557d2a99ae9ce845989aed00ab3a5ea392a834ad8d97b9014f0fb3b48c0d57ae194d9d58a32fee4a9fd56bdb09b0c64904d47ad3e59053b79af2a760eb579da126e5a941488df027575a90c4d2c0f2b1d603fd5fae22ba1bf2a13958492d8ffa35b9a881ba893d249aa99b72c67bfee95caa584090906b771f64be556a9fd0f4778cc45ebd06caa773c6ca7ef7920003c015dec3db15189ccca25af7bb513c0cdeca7a13750140f1e811115da8c3b26f1c2e29a7d067b09fc8d", 0xfb}, {&(0x7f0000000000)="460915ce6396b98c9420a762e0af120af24e41ea26c4f2b058ed87782bffd7cc35d55e0d5c21044d72b41341efc1101669d7b5838662c9f2d12a4b9b4dabe2240c82a208e4d0f8ce605667a72e8c74e9e83529dd506715111cbd0000000000000000", 0x62}, {&(0x7f0000000080)="8e8612844497e1175c0a6d2aec665070057debed77f3e3f25e3526ca8a3c606a3a8ba2b2456e28a0a6ab815c3e77d50000000067eb273e5777b52e6404541e30e5b679a2e7baf08cfe2f3caffc8325c5740937981be474f7ba9f301aa1c40aff6933c3f5dca9255fb15cce2d66635b175d96c293eb34ea658434cf1537028b862b5074fe5e6258da15795e534df1f004a25f2971411763a6ddeb1eae70226f9cec3115416e0f5a81bd2da0ef32526c3848b69087209bceeb2d5f9f54a4e76f0d53154045213d7cb5e355e0bbc04f169739cb64668ffbce", 0xd7}], 0x32) 11:24:04 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) 11:24:04 executing program 2: io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x13, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 11:24:04 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) 11:24:04 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@empty}, 0x14) 11:24:04 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000340), 0x0, 0x66040) sendfile(r0, r1, 0x0, 0x1f) [ 121.253160] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 121.262056] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 121.263557] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 121.264720] CPU: 1 UID: 0 PID: 3949 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.268177] Tainted: [W]=WARN [ 121.269330] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.272717] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.273973] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.276969] RSP: 0018:ffff888049317800 EFLAGS: 00010212 [ 121.277702] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ad7000 [ 121.278700] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 121.279657] RBP: ffff888049317a70 R08: ffff88806cf31340 R09: ffffe8ffffd16c10 [ 121.280615] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.281562] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.282516] FS: 00007f0edc42d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.283591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.284370] CR2: 00007fcd52fae018 CR3: 000000000c979000 CR4: 0000000000350ef0 [ 121.285316] Call Trace: [ 121.285674] [ 121.285999] ? __virt_addr_valid+0x100/0x5d0 [ 121.286622] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.287335] ? __pfx_perf_tp_event+0x10/0x10 [ 121.287944] ? skb_release_data+0x6a2/0xa40 [ 121.288536] ? kfree_skbmem+0x18a/0x1f0 [ 121.289083] ? kfree_skbmem+0x18a/0x1f0 [ 121.289622] ? consume_skb+0xdd/0x160 [ 121.290148] ? netlink_unicast+0x387/0x870 [ 121.290737] ? __pfx_netlink_unicast+0x10/0x10 [ 121.291392] ? put_pid.part.0+0xa6/0x140 [ 121.291943] ? put_pid+0x1f/0x30 [ 121.292407] ? netlink_sendmsg+0x4df/0xd80 [ 121.292986] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.293672] perf_trace_run_bpf_submit+0xef/0x180 [ 121.294354] perf_trace_lock+0x337/0x5d0 [ 121.294923] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.295550] ? lock_acquire+0x15e/0x2f0 [ 121.296097] ? futex_ref_get+0x48/0x300 [ 121.296639] ? futex_ref_get+0x114/0x300 [ 121.297187] ? futex_hash+0x15c/0x390 [ 121.297710] lock_release+0x1ab/0x290 [ 121.298239] ? futex_hash+0x15c/0x390 [ 121.298759] futex_ref_get+0x119/0x300 [ 121.299290] ? futex_hash+0x15c/0x390 [ 121.299807] futex_hash+0x70/0x390 [ 121.300291] futex_wake+0x143/0x540 [ 121.300799] ? __pfx_futex_wake+0x10/0x10 [ 121.301374] ? __fget_files+0x34/0x3b0 [ 121.301906] ? __fget_files+0x203/0x3b0 [ 121.302443] ? lock_release+0xc8/0x290 [ 121.302980] do_futex+0x26d/0x370 [ 121.303457] ? __pfx_do_futex+0x10/0x10 [ 121.303999] ? fput+0x6a/0x100 [ 121.304456] __x64_sys_futex+0x1c9/0x4d0 [ 121.305008] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.305626] ? xfd_validate_state+0x55/0x180 [ 121.306242] do_syscall_64+0xbf/0x360 [ 121.306770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.307456] RIP: 0033:0x7f0edeeb7b19 [ 121.307961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.310366] RSP: 002b:00007f0edc42d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.311370] RAX: ffffffffffffffda RBX: 00007f0edefcaf68 RCX: 00007f0edeeb7b19 [ 121.312315] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0edefcaf6c [ 121.313265] RBP: 00007f0edefcaf60 R08: 000000000000000e R09: 0000000000000000 [ 121.314227] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f0edefcaf6c [ 121.315168] R13: 00007fff850a692f R14: 00007f0edc42d300 R15: 0000000000022000 [ 121.316134] [ 121.316458] Modules linked in: [ 121.316906] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 121.318498] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.319572] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.321236] Tainted: [D]=DIE, [W]=WARN [ 121.321780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.322933] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.323615] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.326140] RSP: 0018:ffff8880492d7800 EFLAGS: 00010212 [ 121.326893] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.327892] RDX: ffff88801429d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 121.328887] RBP: ffff8880492d7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16c10 [ 121.329894] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.330902] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.331905] FS: 0000555581e48400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.333035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.333859] CR2: 0000555581e49c18 CR3: 0000000047276000 CR4: 0000000000350ef0 [ 121.334871] Call Trace: [ 121.335247] [ 121.335583] ? arch_scale_cpu_capacity+0x17/0xa0 [ 121.336280] ? __pfx_perf_tp_event+0x10/0x10 [ 121.336920] ? __asan_memset+0x24/0x50 [ 121.337506] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.338183] ? __pfx___mutex_lock+0x10/0x10 [ 121.338817] ? perf_trace_lock+0xb5/0x5d0 [ 121.339417] ? kvm_sched_clock_read+0x16/0x30 [ 121.340072] ? sched_clock+0x37/0x60 [ 121.340625] ? sched_clock_cpu+0x6c/0x4e0 [ 121.341233] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.341950] perf_trace_run_bpf_submit+0xef/0x180 [ 121.342663] perf_trace_lock+0x337/0x5d0 [ 121.343251] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.343912] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.344584] ? get_futex_key+0x592/0x14a0 [ 121.345183] ? futex_ref_get+0x114/0x300 [ 121.345762] ? futex_hash+0x15c/0x390 [ 121.346327] lock_release+0x1ab/0x290 [ 121.346879] ? futex_hash+0x15c/0x390 [ 121.347428] futex_ref_get+0x119/0x300 [ 121.347984] ? futex_hash+0x15c/0x390 [ 121.348530] futex_hash+0x70/0x390 [ 121.349051] futex_wake+0x143/0x540 [ 121.349583] ? put_pid+0x1f/0x30 [ 121.350089] ? kernel_clone+0x204/0x7f0 [ 121.350661] ? __pfx_futex_wake+0x10/0x10 [ 121.351258] ? __pfx_kernel_clone+0x10/0x10 [ 121.351882] ? perf_trace_lock+0xb5/0x5d0 [ 121.352480] ? __pfx___handle_mm_fault+0x10/0x10 [ 121.353168] do_futex+0x26d/0x370 [ 121.353676] ? __pfx_do_futex+0x10/0x10 [ 121.354262] ? __pfx___do_sys_clone+0x10/0x10 [ 121.354906] ? handle_mm_fault+0x590/0x9b0 [ 121.355521] __x64_sys_futex+0x1c9/0x4d0 [ 121.356116] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.356777] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.357523] do_syscall_64+0xbf/0x360 [ 121.358081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.358807] RIP: 0033:0x7f320119eb19 [ 121.359342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.361870] RSP: 002b:00007fff2f997448 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.362938] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f320119eb19 [ 121.363936] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f32012b1f68 [ 121.364937] RBP: 00007f32012b1f60 R08: 00007f31fe714700 R09: 0000000000000000 [ 121.365928] R10: 00007f31fe714700 R11: 0000000000000246 R12: 00007f32012b6070 [ 121.366933] R13: 00007fff2f997550 R14: 00007f32012b1f60 R15: 000000000001d94a [ 121.367946] [ 121.368284] Modules linked in: [ 121.368759] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 121.370078] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 121.370942] CPU: 1 UID: 0 PID: 3949 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.371986] Tainted: [D]=DIE, [W]=WARN [ 121.372322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.373033] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.373451] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.375025] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 121.375486] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 121.376109] RDX: ffff888017c35280 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 121.376737] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16c10 [ 121.377353] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 121.377975] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 121.378585] FS: 00007f0edc42d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.379282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.379805] CR2: 00007fcd52fae018 CR3: 000000000c979000 CR4: 0000000000350ef0 [ 121.380427] Call Trace: [ 121.380663] [ 121.380864] ? __pfx_perf_tp_event+0x10/0x10 [ 121.381254] ? sched_clock_cpu+0x6c/0x4e0 [ 121.381619] ? trace_pelt_se_tp+0xdf/0x130 [ 121.381990] ? __update_load_avg_se+0x428/0xa40 [ 121.382405] ? lock_is_held_type+0x9e/0x120 [ 121.382794] ? perf_trace_lock+0xb5/0x5d0 [ 121.383167] ? perf_trace_lock+0xb5/0x5d0 [ 121.383527] ? __resched_curr+0x2a2/0x330 [ 121.383916] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.384317] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.384716] ? lock_is_held_type+0x9e/0x120 [ 121.385098] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.385534] perf_trace_run_bpf_submit+0xef/0x180 [ 121.385966] perf_trace_lock+0x337/0x5d0 [ 121.386328] ? place_entity+0x1c/0x410 [ 121.386672] ? kvm_sched_clock_read+0x16/0x30 [ 121.387073] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.387475] ? check_preempt_wakeup_fair+0x6e/0x950 [ 121.387926] ? sched_ttwu_pending+0x2e0/0x4a0 [ 121.388330] lock_release+0x1ab/0x290 [ 121.388666] ? ttwu_do_activate+0x1a4/0x8a0 [ 121.389045] _raw_spin_unlock+0x16/0x40 [ 121.389400] sched_ttwu_pending+0x2e0/0x4a0 [ 121.389787] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 121.390218] ? hrtimer_interrupt+0x652/0x830 [ 121.390625] __flush_smp_call_function_queue+0x434/0x740 [ 121.391110] __sysvec_call_function_single+0x6d/0x370 [ 121.391564] sysvec_call_function_single+0xa1/0xc0 [ 121.392002] [ 121.392199] [ 121.392400] asm_sysvec_call_function_single+0x1a/0x20 [ 121.392858] RIP: 0010:oops_exit+0x0/0x50 [ 121.393218] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 121.394800] RSP: 0018:ffff888049317690 EFLAGS: 00000202 [ 121.395263] RAX: 000000000002a446 RBX: 0000000000000212 RCX: ffffc90009ad7000 [ 121.395877] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 121.396494] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 121.397107] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888049317758 [ 121.397719] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 121.398343] ? oops_end+0x4a/0xe0 [ 121.398673] oops_end+0x65/0xe0 [ 121.398973] exc_general_protection+0x1a2/0x330 [ 121.399374] asm_exc_general_protection+0x26/0x30 [ 121.399783] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.400180] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.401690] RSP: 0018:ffff888049317800 EFLAGS: 00010212 [ 121.402141] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ad7000 [ 121.402760] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 121.403350] RBP: ffff888049317a70 R08: ffff88806cf31340 R09: ffffe8ffffd16c10 [ 121.403942] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.404528] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.405122] ? perf_tp_event+0x167/0xe70 [ 121.405473] ? __virt_addr_valid+0x100/0x5d0 [ 121.405858] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.406304] ? __pfx_perf_tp_event+0x10/0x10 [ 121.406703] ? skb_release_data+0x6a2/0xa40 [ 121.407075] ? kfree_skbmem+0x18a/0x1f0 [ 121.407415] ? kfree_skbmem+0x18a/0x1f0 [ 121.407752] ? consume_skb+0xdd/0x160 [ 121.408074] ? netlink_unicast+0x387/0x870 [ 121.408443] ? __pfx_netlink_unicast+0x10/0x10 [ 121.408840] ? put_pid.part.0+0xa6/0x140 [ 121.409184] ? put_pid+0x1f/0x30 [ 121.409475] ? netlink_sendmsg+0x4df/0xd80 [ 121.409842] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.410268] perf_trace_run_bpf_submit+0xef/0x180 [ 121.410694] perf_trace_lock+0x337/0x5d0 [ 121.411043] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.411428] ? lock_acquire+0x15e/0x2f0 [ 121.411763] ? futex_ref_get+0x48/0x300 [ 121.412098] ? futex_ref_get+0x114/0x300 [ 121.412438] ? futex_hash+0x15c/0x390 [ 121.412760] lock_release+0x1ab/0x290 [ 121.413084] ? futex_hash+0x15c/0x390 [ 121.413409] futex_ref_get+0x119/0x300 [ 121.413736] ? futex_hash+0x15c/0x390 [ 121.414062] futex_hash+0x70/0x390 [ 121.414365] futex_wake+0x143/0x540 [ 121.414696] ? __pfx_futex_wake+0x10/0x10 [ 121.415047] ? __fget_files+0x34/0x3b0 [ 121.415379] ? __fget_files+0x203/0x3b0 [ 121.415713] ? lock_release+0xc8/0x290 [ 121.416040] do_futex+0x26d/0x370 [ 121.416337] ? __pfx_do_futex+0x10/0x10 [ 121.416675] ? fput+0x6a/0x100 [ 121.416956] __x64_sys_futex+0x1c9/0x4d0 [ 121.417303] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.417685] ? xfd_validate_state+0x55/0x180 [ 121.418067] do_syscall_64+0xbf/0x360 [ 121.418391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.418832] RIP: 0033:0x7f0edeeb7b19 [ 121.419150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.420636] RSP: 002b:00007f0edc42d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.421268] RAX: ffffffffffffffda RBX: 00007f0edefcaf68 RCX: 00007f0edeeb7b19 [ 121.421856] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0edefcaf6c [ 121.422456] RBP: 00007f0edefcaf60 R08: 000000000000000e R09: 0000000000000000 [ 121.423056] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f0edefcaf6c [ 121.423646] R13: 00007fff850a692f R14: 00007f0edc42d300 R15: 0000000000022000 [ 121.424240] [ 121.424440] Modules linked in: [ 121.424717] ---[ end trace 0000000000000000 ]--- [ 121.424718] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 121.425108] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.426691] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.427065] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.428122] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.429556] RSP: 0018:ffff888049317800 EFLAGS: 00010212 [ 121.431223] Tainted: [D]=DIE, [W]=WARN [ 121.431655] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ad7000 [ 121.432196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.432759] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 121.433912] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.434476] RBP: ffff888049317a70 R08: ffff88806cf31340 R09: ffffe8ffffd16c10 [ 121.435129] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.435717] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.438284] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 121.438851] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.438856] [ 121.438866] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.439278] FS: 00007f0edc42d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.440283] RDX: ffff88801429d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 121.440432] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.441437] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16c10 [ 121.442082] CR2: 00007fcd52fae018 CR3: 000000000c979000 CR4: 0000000000350ef0 [ 121.443082] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 121.443541] Kernel panic - not syncing: Fatal exception in interrupt [ 122.486079] Shutting down cpus with NMI [ 122.488230] Kernel Offset: disabled [ 122.488517] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:24:04 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=0000000000000000 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff8880492d75a8 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff1100925aeb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff8880492d75e8 RIP=ffffffff81b0173c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555581e48400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555581e49c18 CR3=0000000047276000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f32012857c000007f32012857c8 XMM02=00007f32012857e000007f32012857c0 XMM03=00007f32012857c800007f32012857c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880493170f8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000065646f43 R12=00000000000000d7 R13=ffffffff88729290 R14=ffffffff88729240 R15=ffffffff88729500 RIP=ffffffff828e50c5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0edc42d700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fcd52fae018 CR3=000000000c979000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f0edef9e7c000007f0edef9e7c8 XMM02=00007f0edef9e7e000007f0edef9e7c0 XMM03=00007f0edef9e7c800007f0edef9e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000