Warning: Permanently added '[localhost]:26040' (ECDSA) to the list of known hosts.
2025/08/29 09:56:45 fuzzer started
2025/08/29 09:56:45 dialing manager at localhost:43077
syzkaller login: [ 50.622100] cgroup: Unknown subsys name 'net'
[ 50.683133] cgroup: Unknown subsys name 'cpuset'
[ 50.703795] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:56:56 syscalls: 2214
2025/08/29 09:56:56 code coverage: enabled
2025/08/29 09:56:56 comparison tracing: enabled
2025/08/29 09:56:56 extra coverage: enabled
2025/08/29 09:56:56 setuid sandbox: enabled
2025/08/29 09:56:56 namespace sandbox: enabled
2025/08/29 09:56:56 Android sandbox: enabled
2025/08/29 09:56:56 fault injection: enabled
2025/08/29 09:56:56 leak checking: enabled
2025/08/29 09:56:56 net packet injection: enabled
2025/08/29 09:56:56 net device setup: enabled
2025/08/29 09:56:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:56:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:56:56 USB emulation: enabled
2025/08/29 09:56:56 hci packet injection: enabled
2025/08/29 09:56:56 wifi device emulation: enabled
2025/08/29 09:56:56 802.15.4 emulation: enabled
2025/08/29 09:56:56 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:56:56 fetching corpus: 50, signal 18525/22048 (executing program)
2025/08/29 09:56:56 fetching corpus: 100, signal 27239/32226 (executing program)
2025/08/29 09:56:56 fetching corpus: 150, signal 34935/41239 (executing program)
2025/08/29 09:56:56 fetching corpus: 200, signal 41955/49425 (executing program)
2025/08/29 09:56:57 fetching corpus: 250, signal 52744/60975 (executing program)
2025/08/29 09:56:57 fetching corpus: 300, signal 56560/65875 (executing program)
2025/08/29 09:56:57 fetching corpus: 350, signal 59914/70258 (executing program)
2025/08/29 09:56:57 fetching corpus: 400, signal 63783/75012 (executing program)
2025/08/29 09:56:57 fetching corpus: 450, signal 66809/78917 (executing program)
2025/08/29 09:56:57 fetching corpus: 500, signal 71692/84333 (executing program)
2025/08/29 09:56:57 fetching corpus: 550, signal 75572/88863 (executing program)
2025/08/29 09:56:57 fetching corpus: 600, signal 77873/91927 (executing program)
2025/08/29 09:56:57 fetching corpus: 650, signal 80599/95328 (executing program)
2025/08/29 09:56:57 fetching corpus: 700, signal 83099/98537 (executing program)
2025/08/29 09:56:57 fetching corpus: 750, signal 85202/101265 (executing program)
2025/08/29 09:56:58 fetching corpus: 800, signal 87508/104038 (executing program)
2025/08/29 09:56:58 fetching corpus: 850, signal 89830/106842 (executing program)
2025/08/29 09:56:58 fetching corpus: 900, signal 91659/109262 (executing program)
2025/08/29 09:56:58 fetching corpus: 950, signal 93515/111630 (executing program)
2025/08/29 09:56:58 fetching corpus: 1000, signal 94863/113573 (executing program)
2025/08/29 09:56:58 fetching corpus: 1050, signal 95605/114989 (executing program)
2025/08/29 09:56:58 fetching corpus: 1100, signal 96903/116792 (executing program)
2025/08/29 09:56:58 fetching corpus: 1150, signal 99091/119199 (executing program)
2025/08/29 09:56:58 fetching corpus: 1200, signal 100912/121327 (executing program)
2025/08/29 09:56:59 fetching corpus: 1250, signal 103228/123759 (executing program)
2025/08/29 09:56:59 fetching corpus: 1300, signal 105670/126241 (executing program)
2025/08/29 09:56:59 fetching corpus: 1350, signal 107670/128409 (executing program)
2025/08/29 09:56:59 fetching corpus: 1400, signal 109736/130523 (executing program)
2025/08/29 09:56:59 fetching corpus: 1450, signal 110616/131833 (executing program)
2025/08/29 09:56:59 fetching corpus: 1500, signal 112141/133557 (executing program)
2025/08/29 09:56:59 fetching corpus: 1550, signal 113026/134819 (executing program)
2025/08/29 09:56:59 fetching corpus: 1600, signal 114385/136306 (executing program)
2025/08/29 09:56:59 fetching corpus: 1650, signal 116434/138176 (executing program)
2025/08/29 09:56:59 fetching corpus: 1700, signal 117510/139459 (executing program)
2025/08/29 09:57:00 fetching corpus: 1750, signal 118934/140897 (executing program)
2025/08/29 09:57:00 fetching corpus: 1800, signal 120346/142231 (executing program)
2025/08/29 09:57:00 fetching corpus: 1850, signal 122246/143807 (executing program)
2025/08/29 09:57:00 fetching corpus: 1900, signal 123370/144932 (executing program)
2025/08/29 09:57:00 fetching corpus: 1950, signal 124359/146039 (executing program)
2025/08/29 09:57:00 fetching corpus: 2000, signal 125077/146934 (executing program)
2025/08/29 09:57:00 fetching corpus: 2050, signal 125806/147876 (executing program)
2025/08/29 09:57:00 fetching corpus: 2100, signal 127062/149026 (executing program)
2025/08/29 09:57:00 fetching corpus: 2150, signal 127786/149905 (executing program)
2025/08/29 09:57:00 fetching corpus: 2200, signal 128897/150971 (executing program)
2025/08/29 09:57:00 fetching corpus: 2250, signal 129532/151720 (executing program)
2025/08/29 09:57:01 fetching corpus: 2300, signal 130095/152443 (executing program)
2025/08/29 09:57:01 fetching corpus: 2350, signal 130993/153273 (executing program)
2025/08/29 09:57:01 fetching corpus: 2400, signal 132074/154314 (executing program)
2025/08/29 09:57:01 fetching corpus: 2450, signal 132698/154989 (executing program)
2025/08/29 09:57:01 fetching corpus: 2500, signal 133464/155754 (executing program)
2025/08/29 09:57:01 fetching corpus: 2550, signal 134427/156515 (executing program)
2025/08/29 09:57:01 fetching corpus: 2600, signal 135494/157293 (executing program)
2025/08/29 09:57:01 fetching corpus: 2650, signal 136054/157901 (executing program)
2025/08/29 09:57:01 fetching corpus: 2700, signal 136933/158595 (executing program)
2025/08/29 09:57:01 fetching corpus: 2750, signal 137798/159318 (executing program)
2025/08/29 09:57:01 fetching corpus: 2800, signal 138640/160028 (executing program)
2025/08/29 09:57:02 fetching corpus: 2850, signal 139508/160682 (executing program)
2025/08/29 09:57:02 fetching corpus: 2900, signal 140295/161270 (executing program)
2025/08/29 09:57:02 fetching corpus: 2950, signal 140805/161771 (executing program)
2025/08/29 09:57:02 fetching corpus: 3000, signal 141365/162277 (executing program)
2025/08/29 09:57:02 fetching corpus: 3050, signal 142151/162858 (executing program)
2025/08/29 09:57:02 fetching corpus: 3100, signal 142868/163353 (executing program)
2025/08/29 09:57:02 fetching corpus: 3150, signal 143545/163818 (executing program)
2025/08/29 09:57:02 fetching corpus: 3200, signal 144304/164301 (executing program)
2025/08/29 09:57:03 fetching corpus: 3250, signal 145025/164766 (executing program)
2025/08/29 09:57:03 fetching corpus: 3300, signal 145798/165226 (executing program)
2025/08/29 09:57:03 fetching corpus: 3350, signal 146306/165598 (executing program)
2025/08/29 09:57:03 fetching corpus: 3400, signal 146740/165972 (executing program)
2025/08/29 09:57:03 fetching corpus: 3450, signal 147320/166328 (executing program)
2025/08/29 09:57:03 fetching corpus: 3500, signal 147689/166664 (executing program)
2025/08/29 09:57:03 fetching corpus: 3550, signal 148240/167009 (executing program)
2025/08/29 09:57:03 fetching corpus: 3600, signal 148650/167330 (executing program)
2025/08/29 09:57:03 fetching corpus: 3650, signal 149122/167638 (executing program)
2025/08/29 09:57:03 fetching corpus: 3700, signal 149528/167905 (executing program)
2025/08/29 09:57:03 fetching corpus: 3750, signal 150093/168183 (executing program)
2025/08/29 09:57:03 fetching corpus: 3800, signal 150790/168491 (executing program)
2025/08/29 09:57:03 fetching corpus: 3850, signal 151174/168770 (executing program)
2025/08/29 09:57:04 fetching corpus: 3900, signal 151544/169038 (executing program)
2025/08/29 09:57:04 fetching corpus: 3950, signal 152099/169314 (executing program)
2025/08/29 09:57:04 fetching corpus: 4000, signal 152929/169590 (executing program)
2025/08/29 09:57:04 fetching corpus: 4050, signal 153190/169804 (executing program)
2025/08/29 09:57:04 fetching corpus: 4100, signal 153736/169901 (executing program)
2025/08/29 09:57:04 fetching corpus: 4150, signal 154095/169926 (executing program)
2025/08/29 09:57:04 fetching corpus: 4200, signal 154515/169942 (executing program)
2025/08/29 09:57:04 fetching corpus: 4250, signal 155127/169984 (executing program)
2025/08/29 09:57:04 fetching corpus: 4300, signal 155445/169991 (executing program)
2025/08/29 09:57:04 fetching corpus: 4350, signal 155861/170001 (executing program)
2025/08/29 09:57:04 fetching corpus: 4400, signal 156287/170012 (executing program)
2025/08/29 09:57:05 fetching corpus: 4450, signal 156581/170012 (executing program)
2025/08/29 09:57:05 fetching corpus: 4500, signal 157419/170016 (executing program)
2025/08/29 09:57:05 fetching corpus: 4550, signal 158088/170037 (executing program)
2025/08/29 09:57:05 fetching corpus: 4600, signal 158545/170046 (executing program)
2025/08/29 09:57:05 fetching corpus: 4650, signal 159063/170046 (executing program)
2025/08/29 09:57:05 fetching corpus: 4700, signal 159604/170075 (executing program)
2025/08/29 09:57:05 fetching corpus: 4750, signal 160308/170078 (executing program)
2025/08/29 09:57:05 fetching corpus: 4800, signal 160825/170089 (executing program)
2025/08/29 09:57:05 fetching corpus: 4850, signal 161302/170093 (executing program)
2025/08/29 09:57:05 fetching corpus: 4900, signal 161700/170100 (executing program)
2025/08/29 09:57:05 fetching corpus: 4950, signal 161916/170108 (executing program)
2025/08/29 09:57:06 fetching corpus: 5000, signal 162416/170113 (executing program)
2025/08/29 09:57:06 fetching corpus: 5050, signal 162742/170113 (executing program)
2025/08/29 09:57:06 fetching corpus: 5100, signal 163344/170120 (executing program)
2025/08/29 09:57:06 fetching corpus: 5150, signal 163830/170141 (executing program)
2025/08/29 09:57:06 fetching corpus: 5200, signal 164164/170154 (executing program)
2025/08/29 09:57:06 fetching corpus: 5250, signal 164406/170166 (executing program)
2025/08/29 09:57:06 fetching corpus: 5300, signal 164757/170168 (executing program)
2025/08/29 09:57:06 fetching corpus: 5350, signal 165067/170173 (executing program)
2025/08/29 09:57:06 fetching corpus: 5400, signal 165361/170193 (executing program)
2025/08/29 09:57:06 fetching corpus: 5450, signal 166820/170196 (executing program)
2025/08/29 09:57:06 fetching corpus: 5500, signal 167256/170201 (executing program)
2025/08/29 09:57:07 fetching corpus: 5550, signal 167460/170201 (executing program)
2025/08/29 09:57:07 fetching corpus: 5600, signal 167815/170206 (executing program)
2025/08/29 09:57:07 fetching corpus: 5600, signal 167815/170206 (executing program)
2025/08/29 09:57:09 starting 8 fuzzer processes
09:57:09 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x0, 0x1}, 0x20)
09:57:09 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
09:57:09 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019040)='/proc/mdstat\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/102400, 0x19000, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETOWNER(r1, 0x54e3, 0xffffffffffffffff)
09:57:09 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
[ 74.007886] audit: type=1400 audit(1756461429.272:7): avc: denied { execmem } for pid=272 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:57:09 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00')
writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000040)="a5", 0x1}], 0x1)
09:57:09 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0x10}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0)
09:57:09 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000440008000f801002000400003000000000000008000297eb190f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/96, 0x60, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/64, 0x40, 0x400}, {&(0x7f0000010300)="f8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/64, 0x40, 0x600}, {&(0x7f0000010400)="f8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/64, 0x40, 0x800}, {&(0x7f0000010500)="53595a4b414c4c45522020080000ea80325132510000ea80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100087ea70325132510000ea70325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200087ea70325132510000ea70325107000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200087ea70325132510000ea70325108002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200087ea70325132510000ea7032511a0064000000", 0x120, 0xa00}, {&(0x7f0000010700)="2e20202020202020202020100087ea70325132510000ea7032510300000000002e2e202020202020202020100087ea70325132510000ea70325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200087ea70325132510000ea70325104001a040000", 0x80, 0x1400}, {&(0x7f0000010800)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1600}, {&(0x7f0000010d00)='syzkallers\x00'/32, 0x20, 0x1c00}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x4200}], 0x0, &(0x7f0000010f00))
09:57:09 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000000c0))
[ 75.155672] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 75.157734] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 75.159909] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 75.164785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 75.167603] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 75.234788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 75.240176] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 75.241834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 75.244330] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 75.246858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 75.249100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 75.250519] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 75.253735] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 75.258477] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 75.261497] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 75.341967] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 75.347748] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 75.350959] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 75.353369] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 75.356123] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 75.366136] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 75.369300] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 75.372458] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 75.387190] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 75.388471] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 75.391166] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 75.396472] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 75.400211] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 75.402313] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 75.402881] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 75.411358] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 75.420690] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 75.424225] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 75.427448] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 75.429146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 75.434385] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 75.444401] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 75.449037] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 75.488340] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 75.490836] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 77.251281] Bluetooth: hci0: command tx timeout
[ 77.316581] Bluetooth: hci1: command tx timeout
[ 77.317273] Bluetooth: hci2: command tx timeout
[ 77.442172] Bluetooth: hci5: command tx timeout
[ 77.507150] Bluetooth: hci4: command tx timeout
[ 77.507266] Bluetooth: hci6: command tx timeout
[ 77.507866] Bluetooth: hci3: command tx timeout
[ 77.635067] Bluetooth: hci7: command tx timeout
[ 79.301020] Bluetooth: hci0: command tx timeout
[ 79.362016] Bluetooth: hci1: command tx timeout
[ 79.363027] Bluetooth: hci2: command tx timeout
[ 79.492147] Bluetooth: hci5: command tx timeout
[ 79.554029] Bluetooth: hci6: command tx timeout
[ 79.555033] Bluetooth: hci4: command tx timeout
[ 79.555046] Bluetooth: hci3: command tx timeout
[ 79.682212] Bluetooth: hci7: command tx timeout
[ 81.346059] Bluetooth: hci0: command tx timeout
[ 81.412007] Bluetooth: hci2: command tx timeout
[ 81.412442] Bluetooth: hci1: command tx timeout
[ 81.538099] Bluetooth: hci5: command tx timeout
[ 81.602055] Bluetooth: hci3: command tx timeout
[ 81.602179] Bluetooth: hci4: command tx timeout
[ 81.602493] Bluetooth: hci6: command tx timeout
[ 81.730038] Bluetooth: hci7: command tx timeout
[ 83.394019] Bluetooth: hci0: command tx timeout
[ 83.458085] Bluetooth: hci1: command tx timeout
[ 83.458918] Bluetooth: hci2: command tx timeout
[ 83.588080] Bluetooth: hci5: command tx timeout
[ 83.650077] Bluetooth: hci4: command tx timeout
[ 83.650843] Bluetooth: hci3: command tx timeout
[ 83.651645] Bluetooth: hci6: command tx timeout
[ 83.778096] Bluetooth: hci7: command tx timeout
[ 112.082834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.084226] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.300362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.301167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:57:48 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00')
writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000040)="a5", 0x1}], 0x1)
09:57:48 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00')
writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000040)="a5", 0x1}], 0x1)
09:57:48 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00')
writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000040)="a5", 0x1}], 0x1)
09:57:48 executing program 2:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000018c0), 0x101c01, 0x0)
ioctl$CDROM_LAST_WRITTEN(r0, 0x5395, 0x0)
[ 113.390784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.391546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.454802] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
09:57:48 executing program 2:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000018c0), 0x101c01, 0x0)
ioctl$CDROM_LAST_WRITTEN(r0, 0x5395, 0x0)
[ 113.554282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.554884] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.706088] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
[ 113.746263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.746857] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:57:49 executing program 2:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000018c0), 0x101c01, 0x0)
ioctl$CDROM_LAST_WRITTEN(r0, 0x5395, 0x0)
[ 113.927225] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
[ 113.967235] audit: type=1400 audit(1756461469.227:8): avc: denied { open } for pid=3848 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 113.976591] audit: type=1400 audit(1756461469.227:9): avc: denied { kernel } for pid=3848 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
09:57:49 executing program 2:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000018c0), 0x101c01, 0x0)
ioctl$CDROM_LAST_WRITTEN(r0, 0x5395, 0x0)
[ 114.046042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.047292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.087528] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
09:57:49 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0x10}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0)
[ 114.319552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.320881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.471922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.473544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.610212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.611443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.799921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.801082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.898951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.900395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.021110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.022671] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.197629] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.198845] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.294605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.295962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.424923] loop6: detected capacity change from 0 to 128
[ 115.646679] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.647807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.730740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.732010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:57:51 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x0, 0x1}, 0x20)
09:57:51 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019040)='/proc/mdstat\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/102400, 0x19000, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETOWNER(r1, 0x54e3, 0xffffffffffffffff)
09:57:51 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
09:57:51 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local, {[@lsrr={0x83, 0xf, 0x6f, [@broadcast, @broadcast, @remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0)
09:57:51 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @dev}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
09:57:51 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
09:57:51 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0x10}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0)
09:57:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000000c0))
09:57:51 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
09:57:51 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @dev}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
[ 116.209312] kmemleak: Found object by alias at 0x607f1a639564
[ 116.209342] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 116.209374] Tainted: [W]=WARN
[ 116.209381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 116.209393] Call Trace:
[ 116.209400]
[ 116.209408] dump_stack_lvl+0xca/0x120
[ 116.209445] __lookup_object+0x94/0xb0
[ 116.209493] delete_object_full+0x27/0x70
[ 116.209522] free_percpu+0x30/0x1160
[ 116.209549] ? arch_uprobe_clear_state+0x16/0x140
[ 116.209584] futex_hash_free+0x38/0xc0
[ 116.209608] mmput+0x2d3/0x390
[ 116.209641] do_exit+0x79d/0x2970
[ 116.209665] ? lock_release+0xc8/0x290
[ 116.209694] ? __pfx_do_exit+0x10/0x10
[ 116.209719] ? find_held_lock+0x2b/0x80
[ 116.209750] ? get_signal+0x835/0x2340
[ 116.209784] do_group_exit+0xd3/0x2a0
[ 116.209811] get_signal+0x2315/0x2340
[ 116.209842] ? rtc_set_alarm+0x373/0x620
[ 116.209872] ? __pfx_get_signal+0x10/0x10
[ 116.209902] ? do_futex+0x135/0x370
[ 116.209926] ? __pfx_do_futex+0x10/0x10
[ 116.209947] ? __free_zapped_classes+0x17/0x130
[ 116.209989] arch_do_signal_or_restart+0x80/0x790
[ 116.210019] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 116.210049] ? __x64_sys_futex+0x1c9/0x4d0
[ 116.210071] ? __x64_sys_futex+0x1d2/0x4d0
[ 116.210098] ? __pfx___x64_sys_futex+0x10/0x10
[ 116.210120] ? selinux_file_ioctl+0xb9/0x280
[ 116.210146] ? xfd_validate_state+0x55/0x180
[ 116.210183] exit_to_user_mode_loop+0x8b/0x110
[ 116.210205] do_syscall_64+0x2f7/0x360
[ 116.210226] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.210247] RIP: 0033:0x7f2a069beb19
[ 116.210263] Code: Unable to access opcode bytes at 0x7f2a069beaef.
[ 116.210272] RSP: 002b:00007f2a03f34218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 116.210292] RAX: fffffffffffffe00 RBX: 00007f2a06ad1f68 RCX: 00007f2a069beb19
[ 116.210306] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2a06ad1f68
[ 116.210318] RBP: 00007f2a06ad1f60 R08: 0000000000000000 R09: 0000000000000000
[ 116.210330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a06ad1f6c
[ 116.210343] R13: 00007ffe64d56fef R14: 00007f2a03f34300 R15: 0000000000022000
[ 116.210371]
[ 116.210378] kmemleak: Object (percpu) 0x607f1a639560 (size 8):
[ 116.210390] kmemleak: comm "syz-executor.4", pid 3935, jiffies 4294783080
[ 116.210402] kmemleak: min_count = 1
[ 116.210409] kmemleak: count = 0
[ 116.210416] kmemleak: flags = 0x21
[ 116.210422] kmemleak: checksum = 0
[ 116.210429] kmemleak: backtrace:
[ 116.210434] pcpu_alloc_noprof+0x87a/0x1170
[ 116.210461] alloc_vfsmnt+0x135/0x6e0
[ 116.210485] vfs_create_mount.part.0+0x40/0x440
[ 116.210511] __do_sys_fsmount+0x43e/0x950
[ 116.210530] do_syscall_64+0xbf/0x360
[ 116.210545] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.230516] kmemleak: Found object by alias at 0x607f1a638f44
[ 116.230539] CPU: 0 UID: 0 PID: 3934 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 116.230562] Tainted: [W]=WARN
[ 116.230567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 116.230575] Call Trace:
[ 116.230580]
[ 116.230586] dump_stack_lvl+0xca/0x120
[ 116.230615] __lookup_object+0x94/0xb0
[ 116.230635] delete_object_full+0x27/0x70
[ 116.230654] free_percpu+0x30/0x1160
[ 116.230675] ? arch_uprobe_clear_state+0x16/0x140
[ 116.230700] futex_hash_free+0x38/0xc0
[ 116.230717] mmput+0x2d3/0x390
[ 116.230740] do_exit+0x79d/0x2970
[ 116.230756] ? signal_wake_up_state+0x85/0x120
[ 116.230776] ? zap_other_threads+0x2b9/0x3a0
[ 116.230795] ? __pfx_do_exit+0x10/0x10
[ 116.230810] ? do_group_exit+0x1c3/0x2a0
[ 116.230827] ? lock_release+0xc8/0x290
[ 116.230847] do_group_exit+0xd3/0x2a0
[ 116.230865] __x64_sys_exit_group+0x3e/0x50
[ 116.230882] x64_sys_call+0x18c5/0x18d0
[ 116.230901] do_syscall_64+0xbf/0x360
[ 116.230915] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.230928] RIP: 0033:0x7f4fd98ddb19
[ 116.230939] Code: Unable to access opcode bytes at 0x7f4fd98ddaef.
[ 116.230946] RSP: 002b:00007ffebfea5698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 116.230959] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f4fd98ddb19
[ 116.230969] RDX: 00007f4fd989072b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 116.230983] RBP: 0000000000000000 R08: 0000001b2cf21abc R09: 0000000000000000
[ 116.230992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 116.231000] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffebfea5780
[ 116.231019]
[ 116.231024] kmemleak: Object (percpu) 0x607f1a638f40 (size 8):
[ 116.231032] kmemleak: comm "syz-executor.4", pid 3935, jiffies 4294783073
[ 116.231040] kmemleak: min_count = 1
[ 116.231045] kmemleak: count = 0
[ 116.231049] kmemleak: flags = 0x21
[ 116.231054] kmemleak: checksum = 0
[ 116.231058] kmemleak: backtrace:
[ 116.231062] pcpu_alloc_noprof+0x87a/0x1170
[ 116.231081] perf_trace_event_init+0x366/0xa10
[ 116.231097] perf_trace_init+0x1a4/0x2f0
[ 116.231111] perf_tp_event_init+0xa6/0x120
[ 116.231129] perf_try_init_event+0x140/0x9f0
[ 116.231146] perf_event_alloc.part.0+0x118e/0x45f0
[ 116.231166] __do_sys_perf_event_open+0x719/0x2c20
[ 116.231181] do_syscall_64+0xbf/0x360
[ 116.231192] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:57:51 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
09:57:51 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
09:57:51 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019040)='/proc/mdstat\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/102400, 0x19000, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETOWNER(r1, 0x54e3, 0xffffffffffffffff)
09:57:51 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local, {[@lsrr={0x83, 0xf, 0x6f, [@broadcast, @broadcast, @remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0)
09:57:51 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000040), 0x10, 0x0, 0x0, &(0x7f0000000c40)=[@ip_retopts={{0x10}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4}]}}}], 0x28}}], 0x2, 0x0)
09:57:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000000c0))
09:57:51 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x0, 0x1}, 0x20)
09:57:51 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @dev}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
09:57:51 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local, {[@lsrr={0x83, 0xf, 0x6f, [@broadcast, @broadcast, @remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0)
09:57:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000000c0))
09:57:51 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @dev}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
09:57:51 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
09:57:51 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local, {[@lsrr={0x83, 0xf, 0x6f, [@broadcast, @broadcast, @remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0)
09:57:51 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x0, 0x1}, 0x20)
09:57:51 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019040)='/proc/mdstat\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/102400, 0x19000, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETOWNER(r1, 0x54e3, 0xffffffffffffffff)
09:57:51 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
09:57:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
09:57:52 executing program 5:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0)
[ 116.844298] Oops: general protection fault, probably for non-canonical address 0xebfffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 116.845981] KASAN: maybe wild-memory-access in range [0x6000000000000190-0x6000000000000197]
[ 116.847193] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 116.850064] Tainted: [W]=WARN
[ 116.850911] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 116.852631] RIP: 0010:perf_tp_event+0x175/0xe70
[ 116.853755] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 116.857588] RSP: 0018:ffff888018bff800 EFLAGS: 00010212
[ 116.859276] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc9000dcf8000
[ 116.860784] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 6000000000000190
[ 116.862328] RBP: ffff888018bffa70 R08: ffff88806ce31340 R09: ffffe8ffffc16560
[ 116.863811] kmemleak: Found object by alias at 0x607f1a639564
[ 116.863841] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 116.863875] Tainted: [W]=WARN
[ 116.863882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 116.863894] Call Trace:
[ 116.863901]
[ 116.863909] dump_stack_lvl+0xca/0x120
[ 116.863948] __lookup_object+0x94/0xb0
[ 116.863985] delete_object_full+0x27/0x70
[ 116.864013] free_percpu+0x30/0x1160
[ 116.864042] ? arch_uprobe_clear_state+0x16/0x140
[ 116.864074] futex_hash_free+0x38/0xc0
[ 116.864098] mmput+0x2d3/0x390
[ 116.864130] do_exit+0x79d/0x2970
[ 116.864154] ? signal_wake_up_state+0x85/0x120
[ 116.864182] ? zap_other_threads+0x2b9/0x3a0
[ 116.864209] ? __pfx_do_exit+0x10/0x10
[ 116.864232] ? do_group_exit+0x1c3/0x2a0
[ 116.864255] ? lock_release+0xc8/0x290
[ 116.864283] do_group_exit+0xd3/0x2a0
[ 116.864308] __x64_sys_exit_group+0x3e/0x50
[ 116.864333] x64_sys_call+0x18c5/0x18d0
[ 116.864361] do_syscall_64+0xbf/0x360
[ 116.864380] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.864400] RIP: 0033:0x7f2a069beb19
[ 116.864416] Code: Unable to access opcode bytes at 0x7f2a069beaef.
[ 116.864425] RSP: 002b:00007ffe64d57218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 116.864445] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f2a069beb19
[ 116.864459] RDX: 00007f2a0697172b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 116.864472] RBP: 0000000000000000 R08: 0000001b2d0234ac R09: 0000000000000000
[ 116.864485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 116.864498] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe64d57300
[ 116.864520]
[ 116.864527] kmemleak: Object (percpu) 0x607f1a639560 (size 8):
[ 116.864539] kmemleak: comm "syz-executor.5", pid 3972, jiffies 4294783718
[ 116.864552] kmemleak: min_count = 1
[ 116.864558] kmemleak: count = 0
[ 116.864565] kmemleak: flags = 0x21
[ 116.864572] kmemleak: checksum = 0
[ 116.864578] kmemleak: backtrace:
[ 116.864584] pcpu_alloc_noprof+0x87a/0x1170
[ 116.864611] perf_trace_event_init+0x366/0xa10
[ 116.864635] perf_trace_init+0x1a4/0x2f0
[ 116.864656] perf_tp_event_init+0xa6/0x120
[ 116.864683] perf_try_init_event+0x140/0x9f0
[ 116.864707] perf_event_alloc.part.0+0x118e/0x45f0
[ 116.864736] __do_sys_perf_event_open+0x719/0x2c20
[ 116.864760] do_syscall_64+0xbf/0x360
[ 116.864775] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.898504] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 116.899529] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 116.900564] FS: 00007fb11fb71700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 116.901728] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 116.902575] CR2: 0000001b2cc26000 CR3: 000000000dc92000 CR4: 0000000000350ef0
[ 116.903598] Call Trace:
[ 116.903982]
[ 116.904317] ? perf_swevent_event+0x63/0x3f0
[ 116.904977] ? __pfx_perf_tp_event+0x10/0x10
[ 116.905647] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 116.906392] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 116.907119] ? perf_swevent_event+0x63/0x3f0
[ 116.907778] ? perf_tp_event+0x807/0xe70
[ 116.908393] ? __pfx_perf_tp_event+0x10/0x10
[ 116.909061] ? __perf_install_in_context+0x503/0xb90
[ 116.909822] ? do_raw_spin_unlock+0x53/0x220
[ 116.910484] ? perf_trace_run_bpf_submit+0xef/0x180
[ 116.911233] perf_trace_run_bpf_submit+0xef/0x180
[ 116.911952] perf_trace_lock+0x337/0x5d0
[ 116.912558] ? __pfx_perf_trace_lock+0x10/0x10
[ 116.913235] ? lock_acquire+0x15e/0x2f0
[ 116.913845] ? futex_ref_get+0x48/0x300
[ 116.914429] ? futex_ref_get+0x114/0x300
[ 116.915024] ? futex_hash+0x15c/0x390
[ 116.915588] lock_release+0x1ab/0x290
[ 116.916160] ? futex_hash+0x15c/0x390
[ 116.916736] futex_ref_get+0x119/0x300
[ 116.917309] ? futex_hash+0x15c/0x390
[ 116.917879] futex_hash+0x70/0x390
[ 116.918412] futex_wake+0x143/0x540
[ 116.918961] ? __pfx_perf_trace_lock+0x10/0x10
[ 116.919644] ? __pfx_futex_wake+0x10/0x10
[ 116.920262] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 116.921000] ? lock_release+0xc8/0x290
[ 116.921596] do_futex+0x26d/0x370
[ 116.922121] ? __pfx_do_futex+0x10/0x10
[ 116.922710] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 116.923481] ? find_held_lock+0x2b/0x80
[ 116.924091] __x64_sys_futex+0x1c9/0x4d0
[ 116.924703] ? __pfx___x64_sys_futex+0x10/0x10
[ 116.925373] ? xfd_validate_state+0x55/0x180
[ 116.926054] do_syscall_64+0xbf/0x360
[ 116.926616] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.927368] RIP: 0033:0x7fb1225fbb19
[ 116.927922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 116.930561] RSP: 002b:00007fb11fb71218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 116.931663] RAX: ffffffffffffffda RBX: 00007fb12270ef68 RCX: 00007fb1225fbb19
[ 116.932692] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb12270ef6c
[ 116.933731] RBP: 00007fb12270ef60 R08: 000000000000000e R09: 0000000000000000
[ 116.934755] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb12270ef6c
[ 116.935783] R13: 00007ffd52fe893f R14: 00007fb11fb71300 R15: 0000000000022000
[ 116.936827]
[ 116.937172] Modules linked in:
[ 116.937706] Oops: general protection fault, probably for non-canonical address 0xebfffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 116.939292] KASAN: maybe wild-memory-access in range [0x6000000000000190-0x6000000000000197]
[ 116.940504] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 116.942220] Tainted: [D]=DIE, [W]=WARN
[ 116.942776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 116.943957] RIP: 0010:perf_tp_event+0x175/0xe70
[ 116.944654] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 116.947243] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 116.948004] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffffff81898973
[ 116.949043] RDX: ffff888043a01b80 RSI: ffffffff818995b7 RDI: 6000000000000190
[ 116.950074] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16560
[ 116.951097] R10: 0000000000000000 R11: ffff88801f55a098 R12: dffffc0000000000
[ 116.952112] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000
[ 116.953130] FS: 00007fb11fb71700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 116.954294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 116.955130] CR2: 0000001b2cc26000 CR3: 000000000dc92000 CR4: 0000000000350ef0
[ 116.956169] Call Trace:
[ 116.956560]
[ 116.956902] ? __pfx_perf_tp_event+0x10/0x10
[ 116.957594] ? trace_pelt_se_tp+0xdf/0x130
[ 116.958234] ? __update_load_avg_se+0x428/0xa40
[ 116.958949] ? lock_is_held_type+0x9e/0x120
[ 116.959610] ? update_load_avg+0x17d/0x1ef0
[ 116.960259] ? perf_trace_lock+0xb5/0x5d0
[ 116.960884] ? perf_trace_lock+0xb5/0x5d0
[ 116.961517] ? update_cfs_group+0x11d/0x260
[ 116.962168] ? kvm_sched_clock_read+0x16/0x30
[ 116.962857] ? kvm_sched_clock_read+0x16/0x30
[ 116.963540] ? sched_clock+0x37/0x60
[ 116.964118] ? sched_clock_cpu+0x6c/0x4e0
[ 116.964757] ? perf_trace_run_bpf_submit+0xef/0x180
[ 116.965517] perf_trace_run_bpf_submit+0xef/0x180
[ 116.966254] perf_trace_lock+0x337/0x5d0
[ 116.966870] ? place_entity+0x1c/0x410
[ 116.967458] ? kvm_sched_clock_read+0x16/0x30
[ 116.968145] ? __pfx_perf_trace_lock+0x10/0x10
[ 116.968839] ? check_preempt_wakeup_fair+0x6e/0x950
[ 116.969603] ? sched_ttwu_pending+0x2e0/0x4a0
[ 116.970293] lock_release+0x1ab/0x290
[ 116.970871] ? ttwu_do_activate+0x1a4/0x8a0
[ 116.971530] _raw_spin_unlock+0x16/0x40
[ 116.972143] sched_ttwu_pending+0x2e0/0x4a0
[ 116.972809] ? __pfx_sched_ttwu_pending+0x10/0x10
[ 116.973550] ? flush_tlb_func+0x24d/0x560
[ 116.974181] __flush_smp_call_function_queue+0x434/0x740
[ 116.975058] __sysvec_call_function_single+0x6d/0x370
[ 116.975964] sysvec_call_function_single+0xa1/0xc0
[ 116.976710]
[ 116.977054]
[ 116.977398] asm_sysvec_call_function_single+0x1a/0x20
[ 116.978195] RIP: 0010:oops_exit+0x0/0x50
[ 116.978810] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[ 116.981481] RSP: 0018:ffff888018bff690 EFLAGS: 00000202
[ 116.982271] RAX: 00000000000341da RBX: 0000000000000212 RCX: ffffc9000dcf8000
[ 116.983322] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 116.984368] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[ 116.985413] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888018bff758
[ 116.986480] R13: 0000000000000000 R14: ebfffc0000000032 R15: 0000000000000000
[ 116.987542] ? oops_end+0x4a/0xe0
[ 116.988090] oops_end+0x65/0xe0
[ 116.988607] exc_general_protection+0x1a2/0x330
[ 116.989335] asm_exc_general_protection+0x26/0x30
[ 116.990065] RIP: 0010:perf_tp_event+0x175/0xe70
[ 116.990775] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 116.993453] RSP: 0018:ffff888018bff800 EFLAGS: 00010212
[ 116.994252] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc9000dcf8000
[ 116.995302] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 6000000000000190
[ 116.996347] RBP: ffff888018bffa70 R08: ffff88806ce31340 R09: ffffe8ffffc16560
[ 116.997396] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 116.998450] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 116.999504] ? perf_tp_event+0x167/0xe70
[ 117.000124] ? perf_swevent_event+0x63/0x3f0
[ 117.000800] ? __pfx_perf_tp_event+0x10/0x10
[ 117.001478] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 117.002230] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 117.002979] ? perf_swevent_event+0x63/0x3f0
[ 117.003652] ? perf_tp_event+0x807/0xe70
[ 117.004280] ? __pfx_perf_tp_event+0x10/0x10
[ 117.004953] ? __perf_install_in_context+0x503/0xb90
[ 117.005721] ? do_raw_spin_unlock+0x53/0x220
[ 117.006398] ? perf_trace_run_bpf_submit+0xef/0x180
[ 117.007152] perf_trace_run_bpf_submit+0xef/0x180
[ 117.007885] perf_trace_lock+0x337/0x5d0
[ 117.008503] ? __pfx_perf_trace_lock+0x10/0x10
[ 117.009195] ? lock_acquire+0x15e/0x2f0
[ 117.009802] ? futex_ref_get+0x48/0x300
[ 117.010400] ? futex_ref_get+0x114/0x300
[ 117.011006] ? futex_hash+0x15c/0x390
[ 117.011581] lock_release+0x1ab/0x290
[ 117.012163] ? futex_hash+0x15c/0x390
[ 117.012736] futex_ref_get+0x119/0x300
[ 117.013324] ? futex_hash+0x15c/0x390
[ 117.013904] futex_hash+0x70/0x390
[ 117.014445] futex_wake+0x143/0x540
[ 117.015003] ? __pfx_perf_trace_lock+0x10/0x10
[ 117.015697] ? __pfx_futex_wake+0x10/0x10
[ 117.016328] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 117.017088] ? lock_release+0xc8/0x290
[ 117.017689] do_futex+0x26d/0x370
[ 117.018220] ? __pfx_do_futex+0x10/0x10
[ 117.018819] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 117.019611] ? find_held_lock+0x2b/0x80
[ 117.020223] __x64_sys_futex+0x1c9/0x4d0
[ 117.020839] ? __pfx___x64_sys_futex+0x10/0x10
[ 117.021535] ? xfd_validate_state+0x55/0x180
[ 117.022214] do_syscall_64+0xbf/0x360
[ 117.022787] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.023534] RIP: 0033:0x7fb1225fbb19
[ 117.024074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 117.026654] RSP: 002b:00007fb11fb71218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 117.027746] RAX: ffffffffffffffda RBX: 00007fb12270ef68 RCX: 00007fb1225fbb19
[ 117.028764] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb12270ef6c
[ 117.029795] RBP: 00007fb12270ef60 R08: 000000000000000e R09: 0000000000000000
[ 117.030806] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb12270ef6c
[ 117.031828] R13: 00007ffd52fe893f R14: 00007fb11fb71300 R15: 0000000000022000
[ 117.032852]
[ 117.033194] Modules linked in:
[ 117.033675] ---[ end trace 0000000000000000 ]---
[ 117.034345] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.035029] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.037615] RSP: 0018:ffff888018bff800 EFLAGS: 00010212
[ 117.038375] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc9000dcf8000
[ 117.039395] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 6000000000000190
[ 117.040408] RBP: ffff888018bffa70 R08: ffff88806ce31340 R09: ffffe8ffffc16560
[ 117.041420] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.042437] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 117.043451] FS: 00007fb11fb71700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 117.044592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.045429] CR2: 0000001b2cc26000 CR3: 000000000dc92000 CR4: 0000000000350ef0
[ 117.046459] Kernel panic - not syncing: Fatal exception in interrupt
[ 118.139525] Shutting down cpus with NMI
[ 118.140468] Kernel Offset: disabled
[ 118.141039] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:57:52 Registers:
info registers vcpu 0
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888018bff170
R8 =0000000000000000 R9 =ffffed100148f046 R10=000000000000005b R11=313030203a505352
R12=000000000000005b R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fb11fb71700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2800000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cc26000 CR3=000000000dc92000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fb1226e27c000007fb1226e27c8
XMM02=00007fb1226e27e000007fb1226e27c0 XMM03=00007fb1226e27c800007fb1226e27c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=ffffffff8650d2d0 RCX=ffffffff81afc163 RDX=0000000000000003
RSI=ffffffff868960fe RDI=ffffffff8650d2bc RBP=ffffffff8650d2cc RSP=ffff88801bcaf840
R8 =ffffffff868960fe R9 =0000000000000000 R10=000000000003be53 R11=0000000000024ac7
R12=ffffffff8650d2d8 R13=ffffffff8650d2bc R14=ffffffff8650d2c8 R15=dffffc0000000000
RIP=ffffffff81357a03 RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055556e47f400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5800000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffe9a38bc28 CR3=000000004128e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000