Warning: Permanently added '[localhost]:52273' (ECDSA) to the list of known hosts. 2025/08/29 10:52:48 fuzzer started 2025/08/29 10:52:49 dialing manager at localhost:43077 syzkaller login: [ 50.880412] cgroup: Unknown subsys name 'net' [ 50.946915] cgroup: Unknown subsys name 'cpuset' [ 50.962935] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:52:58 syscalls: 2214 2025/08/29 10:52:58 code coverage: enabled 2025/08/29 10:52:58 comparison tracing: enabled 2025/08/29 10:52:58 extra coverage: enabled 2025/08/29 10:52:58 setuid sandbox: enabled 2025/08/29 10:52:58 namespace sandbox: enabled 2025/08/29 10:52:58 Android sandbox: enabled 2025/08/29 10:52:58 fault injection: enabled 2025/08/29 10:52:58 leak checking: enabled 2025/08/29 10:52:58 net packet injection: enabled 2025/08/29 10:52:58 net device setup: enabled 2025/08/29 10:52:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:52:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:52:58 USB emulation: enabled 2025/08/29 10:52:58 hci packet injection: enabled 2025/08/29 10:52:58 wifi device emulation: enabled 2025/08/29 10:52:58 802.15.4 emulation: enabled 2025/08/29 10:52:58 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:52:58 fetching corpus: 49, signal 24049/27503 (executing program) 2025/08/29 10:52:59 fetching corpus: 99, signal 32358/37251 (executing program) 2025/08/29 10:52:59 fetching corpus: 148, signal 43838/49854 (executing program) 2025/08/29 10:52:59 fetching corpus: 198, signal 51009/58125 (executing program) 2025/08/29 10:52:59 fetching corpus: 248, signal 56562/64750 (executing program) 2025/08/29 10:52:59 fetching corpus: 298, signal 61845/70969 (executing program) 2025/08/29 10:52:59 fetching corpus: 348, signal 65762/75809 (executing program) 2025/08/29 10:52:59 fetching corpus: 398, signal 68858/79840 (executing program) 2025/08/29 10:52:59 fetching corpus: 447, signal 71039/83028 (executing program) 2025/08/29 10:53:01 fetching corpus: 497, signal 74699/87444 (executing program) 2025/08/29 10:53:01 fetching corpus: 544, signal 78142/91603 (executing program) 2025/08/29 10:53:01 fetching corpus: 594, signal 81213/95335 (executing program) 2025/08/29 10:53:01 fetching corpus: 644, signal 83449/98290 (executing program) 2025/08/29 10:53:01 fetching corpus: 694, signal 86093/101553 (executing program) 2025/08/29 10:53:01 fetching corpus: 744, signal 88474/104534 (executing program) 2025/08/29 10:53:01 fetching corpus: 794, signal 91428/107934 (executing program) 2025/08/29 10:53:01 fetching corpus: 844, signal 93856/110889 (executing program) 2025/08/29 10:53:01 fetching corpus: 894, signal 96010/113529 (executing program) 2025/08/29 10:53:02 fetching corpus: 944, signal 97527/115657 (executing program) 2025/08/29 10:53:02 fetching corpus: 994, signal 99250/117919 (executing program) 2025/08/29 10:53:02 fetching corpus: 1044, signal 100741/119964 (executing program) 2025/08/29 10:53:02 fetching corpus: 1094, signal 103055/122631 (executing program) 2025/08/29 10:53:02 fetching corpus: 1144, signal 104474/124532 (executing program) 2025/08/29 10:53:02 fetching corpus: 1194, signal 105596/126155 (executing program) 2025/08/29 10:53:02 fetching corpus: 1244, signal 107049/128051 (executing program) 2025/08/29 10:53:02 fetching corpus: 1294, signal 108585/129944 (executing program) 2025/08/29 10:53:02 fetching corpus: 1344, signal 110362/131978 (executing program) 2025/08/29 10:53:02 fetching corpus: 1394, signal 111330/133434 (executing program) 2025/08/29 10:53:03 fetching corpus: 1444, signal 112353/134828 (executing program) 2025/08/29 10:53:03 fetching corpus: 1494, signal 113531/136299 (executing program) 2025/08/29 10:53:03 fetching corpus: 1544, signal 114543/137670 (executing program) 2025/08/29 10:53:03 fetching corpus: 1594, signal 115864/139235 (executing program) 2025/08/29 10:53:03 fetching corpus: 1644, signal 116936/140670 (executing program) 2025/08/29 10:53:03 fetching corpus: 1694, signal 117736/141862 (executing program) 2025/08/29 10:53:03 fetching corpus: 1744, signal 118800/143152 (executing program) 2025/08/29 10:53:03 fetching corpus: 1794, signal 119608/144309 (executing program) 2025/08/29 10:53:03 fetching corpus: 1844, signal 120418/145446 (executing program) 2025/08/29 10:53:03 fetching corpus: 1894, signal 121414/146713 (executing program) 2025/08/29 10:53:04 fetching corpus: 1944, signal 122089/147728 (executing program) 2025/08/29 10:53:04 fetching corpus: 1994, signal 123271/149031 (executing program) 2025/08/29 10:53:04 fetching corpus: 2044, signal 124224/150267 (executing program) 2025/08/29 10:53:04 fetching corpus: 2094, signal 125111/151363 (executing program) 2025/08/29 10:53:04 fetching corpus: 2144, signal 126019/152383 (executing program) 2025/08/29 10:53:04 fetching corpus: 2194, signal 126673/153287 (executing program) 2025/08/29 10:53:04 fetching corpus: 2244, signal 127297/154183 (executing program) 2025/08/29 10:53:04 fetching corpus: 2294, signal 128119/155125 (executing program) 2025/08/29 10:53:04 fetching corpus: 2344, signal 129339/156265 (executing program) 2025/08/29 10:53:04 fetching corpus: 2394, signal 130284/157241 (executing program) 2025/08/29 10:53:05 fetching corpus: 2444, signal 131040/158121 (executing program) 2025/08/29 10:53:05 fetching corpus: 2494, signal 131747/158975 (executing program) 2025/08/29 10:53:05 fetching corpus: 2544, signal 132714/159968 (executing program) 2025/08/29 10:53:05 fetching corpus: 2594, signal 133265/160690 (executing program) 2025/08/29 10:53:05 fetching corpus: 2644, signal 133931/161490 (executing program) 2025/08/29 10:53:05 fetching corpus: 2694, signal 134742/162298 (executing program) 2025/08/29 10:53:05 fetching corpus: 2744, signal 135414/163075 (executing program) 2025/08/29 10:53:05 fetching corpus: 2794, signal 136357/163856 (executing program) 2025/08/29 10:53:05 fetching corpus: 2844, signal 137034/164603 (executing program) 2025/08/29 10:53:05 fetching corpus: 2894, signal 138094/165398 (executing program) 2025/08/29 10:53:05 fetching corpus: 2944, signal 138738/166098 (executing program) 2025/08/29 10:53:05 fetching corpus: 2994, signal 139285/166735 (executing program) 2025/08/29 10:53:06 fetching corpus: 3044, signal 140087/167451 (executing program) 2025/08/29 10:53:06 fetching corpus: 3094, signal 141080/168196 (executing program) 2025/08/29 10:53:06 fetching corpus: 3144, signal 141602/168796 (executing program) 2025/08/29 10:53:06 fetching corpus: 3194, signal 142226/169386 (executing program) 2025/08/29 10:53:06 fetching corpus: 3244, signal 143122/170072 (executing program) 2025/08/29 10:53:06 fetching corpus: 3294, signal 143501/170611 (executing program) 2025/08/29 10:53:06 fetching corpus: 3344, signal 144290/171186 (executing program) 2025/08/29 10:53:06 fetching corpus: 3394, signal 145082/171733 (executing program) 2025/08/29 10:53:06 fetching corpus: 3444, signal 145733/172245 (executing program) 2025/08/29 10:53:07 fetching corpus: 3494, signal 146170/172731 (executing program) 2025/08/29 10:53:07 fetching corpus: 3544, signal 147153/173383 (executing program) 2025/08/29 10:53:07 fetching corpus: 3594, signal 147900/173849 (executing program) 2025/08/29 10:53:07 fetching corpus: 3644, signal 148476/174272 (executing program) 2025/08/29 10:53:07 fetching corpus: 3694, signal 148879/174684 (executing program) 2025/08/29 10:53:07 fetching corpus: 3744, signal 149300/175114 (executing program) 2025/08/29 10:53:07 fetching corpus: 3794, signal 149699/175510 (executing program) 2025/08/29 10:53:07 fetching corpus: 3844, signal 150186/175956 (executing program) 2025/08/29 10:53:07 fetching corpus: 3894, signal 150637/176340 (executing program) 2025/08/29 10:53:07 fetching corpus: 3944, signal 151123/176690 (executing program) 2025/08/29 10:53:07 fetching corpus: 3994, signal 151646/177068 (executing program) 2025/08/29 10:53:08 fetching corpus: 4044, signal 152160/177454 (executing program) 2025/08/29 10:53:08 fetching corpus: 4094, signal 152653/177782 (executing program) 2025/08/29 10:53:08 fetching corpus: 4144, signal 153150/178126 (executing program) 2025/08/29 10:53:08 fetching corpus: 4194, signal 153580/178446 (executing program) 2025/08/29 10:53:08 fetching corpus: 4244, signal 154245/178960 (executing program) 2025/08/29 10:53:08 fetching corpus: 4294, signal 154855/179259 (executing program) 2025/08/29 10:53:08 fetching corpus: 4344, signal 155687/179413 (executing program) 2025/08/29 10:53:08 fetching corpus: 4394, signal 156234/179445 (executing program) 2025/08/29 10:53:08 fetching corpus: 4444, signal 156584/179464 (executing program) 2025/08/29 10:53:08 fetching corpus: 4494, signal 156986/179506 (executing program) 2025/08/29 10:53:09 fetching corpus: 4544, signal 157567/179510 (executing program) 2025/08/29 10:53:09 fetching corpus: 4594, signal 158234/179521 (executing program) 2025/08/29 10:53:09 fetching corpus: 4644, signal 158652/179532 (executing program) 2025/08/29 10:53:09 fetching corpus: 4694, signal 159164/179554 (executing program) 2025/08/29 10:53:09 fetching corpus: 4744, signal 159496/179565 (executing program) 2025/08/29 10:53:09 fetching corpus: 4794, signal 159940/179566 (executing program) 2025/08/29 10:53:09 fetching corpus: 4844, signal 160383/179593 (executing program) 2025/08/29 10:53:09 fetching corpus: 4894, signal 160707/179610 (executing program) 2025/08/29 10:53:09 fetching corpus: 4944, signal 161099/179619 (executing program) 2025/08/29 10:53:09 fetching corpus: 4994, signal 161420/179628 (executing program) 2025/08/29 10:53:09 fetching corpus: 5044, signal 161814/179632 (executing program) 2025/08/29 10:53:09 fetching corpus: 5094, signal 162243/179636 (executing program) 2025/08/29 10:53:09 fetching corpus: 5144, signal 162553/179644 (executing program) 2025/08/29 10:53:10 fetching corpus: 5194, signal 163091/179658 (executing program) 2025/08/29 10:53:10 fetching corpus: 5244, signal 163630/179665 (executing program) 2025/08/29 10:53:10 fetching corpus: 5294, signal 163984/179672 (executing program) 2025/08/29 10:53:10 fetching corpus: 5344, signal 164517/179674 (executing program) 2025/08/29 10:53:10 fetching corpus: 5394, signal 164873/179694 (executing program) 2025/08/29 10:53:10 fetching corpus: 5444, signal 165134/179695 (executing program) 2025/08/29 10:53:10 fetching corpus: 5494, signal 165694/179706 (executing program) 2025/08/29 10:53:10 fetching corpus: 5544, signal 166043/179727 (executing program) 2025/08/29 10:53:10 fetching corpus: 5594, signal 166453/179743 (executing program) 2025/08/29 10:53:10 fetching corpus: 5644, signal 166875/179767 (executing program) 2025/08/29 10:53:10 fetching corpus: 5694, signal 167242/179799 (executing program) 2025/08/29 10:53:10 fetching corpus: 5744, signal 167599/179818 (executing program) 2025/08/29 10:53:11 fetching corpus: 5794, signal 167875/179818 (executing program) 2025/08/29 10:53:11 fetching corpus: 5844, signal 168234/179831 (executing program) 2025/08/29 10:53:11 fetching corpus: 5894, signal 168776/179832 (executing program) 2025/08/29 10:53:11 fetching corpus: 5944, signal 169031/179837 (executing program) 2025/08/29 10:53:11 fetching corpus: 5994, signal 169579/179841 (executing program) 2025/08/29 10:53:11 fetching corpus: 6044, signal 170005/179877 (executing program) 2025/08/29 10:53:11 fetching corpus: 6094, signal 170334/179971 (executing program) 2025/08/29 10:53:11 fetching corpus: 6144, signal 170585/179984 (executing program) 2025/08/29 10:53:11 fetching corpus: 6194, signal 170981/179987 (executing program) 2025/08/29 10:53:11 fetching corpus: 6244, signal 171418/179999 (executing program) 2025/08/29 10:53:11 fetching corpus: 6294, signal 172077/180054 (executing program) 2025/08/29 10:53:11 fetching corpus: 6344, signal 172262/180062 (executing program) 2025/08/29 10:53:12 fetching corpus: 6394, signal 172522/180072 (executing program) 2025/08/29 10:53:12 fetching corpus: 6444, signal 172987/180100 (executing program) 2025/08/29 10:53:12 fetching corpus: 6494, signal 173381/180102 (executing program) 2025/08/29 10:53:12 fetching corpus: 6544, signal 174901/180154 (executing program) 2025/08/29 10:53:12 fetching corpus: 6594, signal 175233/180168 (executing program) 2025/08/29 10:53:12 fetching corpus: 6644, signal 175540/180197 (executing program) 2025/08/29 10:53:12 fetching corpus: 6694, signal 175841/180197 (executing program) 2025/08/29 10:53:12 fetching corpus: 6744, signal 176088/180204 (executing program) 2025/08/29 10:53:12 fetching corpus: 6794, signal 176342/180224 (executing program) 2025/08/29 10:53:12 fetching corpus: 6844, signal 176822/180232 (executing program) 2025/08/29 10:53:12 fetching corpus: 6867, signal 176954/180233 (executing program) 2025/08/29 10:53:12 fetching corpus: 6867, signal 176954/180233 (executing program) 2025/08/29 10:53:14 starting 8 fuzzer processes 10:53:14 executing program 0: get_mempolicy(0x0, &(0x7f0000000040), 0x1, &(0x7f0000ffb000/0x2000)=nil, 0x3) 10:53:14 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:14 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) 10:53:14 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x0, 0x4025, 0x0, "74d2c1714e46f87073f6160aeb102858fae08ebd698d5d1bfa09a7dcb713b8e39994c7d34c4a70df560012a46421bf973148f35ca0f69ede6daa2cdd17bbde32b5d90d89fa3e3389136378b96b37e135"}, 0xd8) [ 76.611229] audit: type=1400 audit(1756464794.905:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:53:14 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x54, &(0x7f0000000040)=0x4db, 0x4) 10:53:14 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8943, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_dump}) r1 = accept4(0xffffffffffffffff, &(0x7f0000000440)=@ieee802154={0x24, @short}, 0x0, 0x80800) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000040}, 0x4000) dup3(0xffffffffffffffff, r0, 0x80000) 10:53:14 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) [ 77.781160] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.785540] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.789103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.797998] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.808186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.853331] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.863105] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.870838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.879519] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.892292] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.927698] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.930879] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.936351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.938098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.942804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.946270] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.946302] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.961946] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.961984] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.973730] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.999741] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.007916] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.011440] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.033336] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.036855] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.046337] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.051756] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.052205] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.052852] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.055863] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.059152] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.059220] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.062571] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.064783] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.066070] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.070048] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.071884] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.075336] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.077046] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.084637] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.878156] Bluetooth: hci0: command tx timeout [ 80.007628] Bluetooth: hci2: command tx timeout [ 80.008279] Bluetooth: hci3: command tx timeout [ 80.008815] Bluetooth: hci1: command tx timeout [ 80.133684] Bluetooth: hci5: command tx timeout [ 80.134330] Bluetooth: hci6: command tx timeout [ 80.135002] Bluetooth: hci4: command tx timeout [ 80.198776] Bluetooth: hci7: command tx timeout [ 81.925927] Bluetooth: hci0: command tx timeout [ 82.053862] Bluetooth: hci1: command tx timeout [ 82.054995] Bluetooth: hci3: command tx timeout [ 82.055829] Bluetooth: hci2: command tx timeout [ 82.181791] Bluetooth: hci4: command tx timeout [ 82.182664] Bluetooth: hci6: command tx timeout [ 82.182691] Bluetooth: hci5: command tx timeout [ 82.245753] Bluetooth: hci7: command tx timeout [ 83.975177] Bluetooth: hci0: command tx timeout [ 84.101739] Bluetooth: hci1: command tx timeout [ 84.102670] Bluetooth: hci3: command tx timeout [ 84.102801] Bluetooth: hci2: command tx timeout [ 84.229754] Bluetooth: hci5: command tx timeout [ 84.230709] Bluetooth: hci4: command tx timeout [ 84.231097] Bluetooth: hci6: command tx timeout [ 84.293873] Bluetooth: hci7: command tx timeout [ 86.021711] Bluetooth: hci0: command tx timeout [ 86.149691] Bluetooth: hci3: command tx timeout [ 86.150153] Bluetooth: hci1: command tx timeout [ 86.150534] Bluetooth: hci2: command tx timeout [ 86.279512] Bluetooth: hci6: command tx timeout [ 86.279994] Bluetooth: hci4: command tx timeout [ 86.280372] Bluetooth: hci5: command tx timeout [ 86.342637] Bluetooth: hci7: command tx timeout [ 115.253132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.253905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.427043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.428197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.563219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.564389] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.715665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.716290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.059234] audit: type=1400 audit(1756464834.352:8): avc: denied { open } for pid=3796 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.068747] audit: type=1400 audit(1756464834.352:9): avc: denied { kernel } for pid=3796 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.090890] syz_tun: refused to change device tx_queue_len [ 116.106099] syz_tun: refused to change device tx_queue_len 10:53:54 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8943, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_dump}) r1 = accept4(0xffffffffffffffff, &(0x7f0000000440)=@ieee802154={0x24, @short}, 0x0, 0x80800) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000040}, 0x4000) dup3(0xffffffffffffffff, r0, 0x80000) [ 116.217899] syz_tun: refused to change device tx_queue_len 10:53:54 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8943, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_dump}) r1 = accept4(0xffffffffffffffff, &(0x7f0000000440)=@ieee802154={0x24, @short}, 0x0, 0x80800) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000040}, 0x4000) dup3(0xffffffffffffffff, r0, 0x80000) [ 116.354045] syz_tun: refused to change device tx_queue_len 10:53:54 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:54 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8943, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_dump}) r1 = accept4(0xffffffffffffffff, &(0x7f0000000440)=@ieee802154={0x24, @short}, 0x0, 0x80800) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000040}, 0x4000) dup3(0xffffffffffffffff, r0, 0x80000) [ 116.474296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.474951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.538367] syz_tun: refused to change device tx_queue_len [ 116.647636] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.648290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:53:55 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:55 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) [ 116.827142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.827802] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.985360] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.986215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.055207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.055869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.172649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.173277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.241884] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.242525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.325136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.325783] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.370430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.371188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.440052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.440731] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.474984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.475565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.526495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.527090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:53:55 executing program 0: get_mempolicy(0x0, &(0x7f0000000040), 0x1, &(0x7f0000ffb000/0x2000)=nil, 0x3) 10:53:55 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:55 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:55 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x0, 0x4025, 0x0, "74d2c1714e46f87073f6160aeb102858fae08ebd698d5d1bfa09a7dcb713b8e39994c7d34c4a70df560012a46421bf973148f35ca0f69ede6daa2cdd17bbde32b5d90d89fa3e3389136378b96b37e135"}, 0xd8) 10:53:55 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 10:53:55 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) 10:53:55 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x54, &(0x7f0000000040)=0x4db, 0x4) 10:53:56 executing program 0: get_mempolicy(0x0, &(0x7f0000000040), 0x1, &(0x7f0000ffb000/0x2000)=nil, 0x3) 10:53:56 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x54, &(0x7f0000000040)=0x4db, 0x4) 10:53:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) 10:53:56 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x0, 0x4025, 0x0, "74d2c1714e46f87073f6160aeb102858fae08ebd698d5d1bfa09a7dcb713b8e39994c7d34c4a70df560012a46421bf973148f35ca0f69ede6daa2cdd17bbde32b5d90d89fa3e3389136378b96b37e135"}, 0xd8) 10:53:56 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:56 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 10:53:56 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x54, &(0x7f0000000040)=0x4db, 0x4) 10:53:56 executing program 0: get_mempolicy(0x0, &(0x7f0000000040), 0x1, &(0x7f0000ffb000/0x2000)=nil, 0x3) 10:53:56 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x0, 0x4025, 0x0, "74d2c1714e46f87073f6160aeb102858fae08ebd698d5d1bfa09a7dcb713b8e39994c7d34c4a70df560012a46421bf973148f35ca0f69ede6daa2cdd17bbde32b5d90d89fa3e3389136378b96b37e135"}, 0xd8) 10:53:56 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:56 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) 10:53:56 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 10:53:56 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:56 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) 10:53:56 executing program 4: rt_sigaction(0xe, 0x0, 0x0, 0x8, &(0x7f0000000380)) 10:53:56 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:56 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f00000001c0)="7f1fd5758b1b944a6950aee1", 0xc, 0xfffffffffffffffc) 10:53:56 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local, @local}, 0xc) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88) 10:53:56 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000040)) 10:53:56 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f00000001c0)="7f1fd5758b1b944a6950aee1", 0xc, 0xfffffffffffffffc) 10:53:57 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000040)) 10:53:57 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3a, 0x0, 0x0) 10:53:57 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f00000001c0)="7f1fd5758b1b944a6950aee1", 0xc, 0xfffffffffffffffc) 10:53:57 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:57 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:57 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) 10:53:57 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) [ 119.162376] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 119.163282] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 119.163979] CPU: 0 UID: 0 PID: 4050 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.165259] Tainted: [W]=WARN [ 119.165779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.166999] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.167771] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.170274] RSP: 0018:ffff88801bcbf600 EFLAGS: 00010212 [ 119.171034] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ed9000 [ 119.172084] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 119.173170] RBP: ffff88801bcbf870 R08: ffff88806ce31340 R09: ffffe8ffffc07cb8 [ 119.174576] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 119.175569] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.176562] FS: 00007f04df065700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 119.177708] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.178555] CR2: 0000555580616708 CR3: 00000000468be000 CR4: 0000000000350ef0 [ 119.179544] Call Trace: [ 119.179990] [ 119.180406] ? __lock_acquire+0x694/0x1b70 [ 119.181094] ? __pfx_perf_tp_event+0x10/0x10 [ 119.181521] ? lock_acquire+0x15e/0x2f0 [ 119.181898] ? __is_insn_slot_addr+0x2e/0x290 [ 119.182309] ? find_held_lock+0x2b/0x80 [ 119.182671] ? __is_insn_slot_addr+0x136/0x290 [ 119.183072] ? lock_release+0xc8/0x290 [ 119.183429] ? __is_insn_slot_addr+0x140/0x290 [ 119.183858] ? kernel_text_address+0x5b/0xc0 [ 119.184263] ? __kernel_text_address+0xd/0x40 [ 119.184666] ? unwind_get_return_address+0x59/0xa0 [ 119.185110] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 119.185544] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.185945] ? __lock_acquire+0x694/0x1b70 [ 119.186284] perf_trace_run_bpf_submit+0xef/0x180 [ 119.186674] perf_trace_lock_acquire+0x3c2/0x700 [ 119.187060] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 119.187477] ? futex_ref_get+0x48/0x300 [ 119.187796] ? find_held_lock+0x2b/0x80 [ 119.188122] lock_acquire+0xc5/0x2f0 [ 119.188422] ? futex_wait_setup+0xbe/0x550 [ 119.188769] _raw_spin_lock+0x2b/0x40 [ 119.189088] ? futex_wait_setup+0xbe/0x550 [ 119.189428] futex_wait_setup+0xbe/0x550 [ 119.189764] __futex_wait+0x151/0x300 [ 119.190075] ? __pfx___futex_wait+0x10/0x10 [ 119.190423] ? __pfx_futex_wake_mark+0x10/0x10 [ 119.190798] ? __lock_acquire+0xc65/0x1b70 [ 119.191142] futex_wait+0xde/0x380 [ 119.191439] ? __pfx_futex_wait+0x10/0x10 [ 119.191771] ? find_held_lock+0x2b/0x80 [ 119.192094] ? finish_task_switch.isra.0+0x201/0x840 [ 119.192502] ? lock_release+0xc8/0x290 [ 119.192818] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 119.193239] ? finish_task_switch.isra.0+0x206/0x840 [ 119.193650] do_futex+0x2ee/0x370 [ 119.193932] ? __pfx_do_futex+0x10/0x10 [ 119.194254] ? __pfx___schedule+0x10/0x10 [ 119.194595] __x64_sys_futex+0x1c9/0x4d0 [ 119.194922] ? __sys_socket+0x9f/0x260 [ 119.195238] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.195602] ? xfd_validate_state+0x55/0x180 [ 119.195984] do_syscall_64+0xbf/0x360 [ 119.196298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.196731] RIP: 0033:0x7f04e1aefb19 [ 119.197054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.198689] RSP: 002b:00007f04df065218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.199292] RAX: ffffffffffffffda RBX: 00007f04e1c02f68 RCX: 00007f04e1aefb19 [ 119.199852] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f04e1c02f68 [ 119.200416] RBP: 00007f04e1c02f60 R08: 0000000000000000 R09: 0000000000000000 [ 119.200976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04e1c02f6c [ 119.201544] R13: 00007ffe3382e05f R14: 00007f04df065300 R15: 0000000000022000 [ 119.202115] [ 119.202303] Modules linked in: [ 119.202665] ---[ end trace 0000000000000000 ]--- [ 119.203043] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.203426] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.204855] RSP: 0018:ffff88801bcbf600 EFLAGS: 00010212 [ 119.205282] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ed9000 [ 119.205855] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 119.206415] RBP: ffff88801bcbf870 R08: ffff88806ce31340 R09: ffffe8ffffc07cb8 [ 119.206985] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 119.207541] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.208112] FS: 00007f04df065700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 119.208751] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.209217] CR2: 0000555580616708 CR3: 00000000468be000 CR4: 0000000000350ef0 [ 119.209794] note: syz-executor.4[4050] exited with preempt_count 2 10:53:57 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3a, 0x0, 0x0) 10:53:57 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3a, 0x0, 0x0) 10:53:57 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f00000001c0)="7f1fd5758b1b944a6950aee1", 0xc, 0xfffffffffffffffc) [ 119.312163] cgroup: fork rejected by pids controller in /syz5 10:53:57 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3a, 0x0, 0x0) 10:53:57 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x11, r0, 0x10000000) [ 119.407308] audit: type=1400 audit(1756464837.701:10): avc: denied { map } for pid=4080 comm="syz-executor.3" path="pipe:[4826]" dev="pipefs" ino=4826 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 [ 119.411474] audit: type=1400 audit(1756464837.701:11): avc: denied { execute } for pid=4080 comm="syz-executor.3" path="pipe:[4826]" dev="pipefs" ino=4826 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 10:53:57 executing program 6: ptrace(0xffffffffffffffff, 0x0) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 10:53:57 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9205, 0x0) 10:53:57 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 10:53:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) 10:53:58 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9205, 0x0) 10:53:58 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0) 10:53:58 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x200480c0) close_range(r0, 0xffffffffffffffff, 0x0) 10:53:58 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x11, r0, 0x10000000) 10:53:58 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 10:53:58 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x4, 0xe1, 0x1, 0x6, 0x0, 0x81, 0x9000, 0x4fcc6c6c320417fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8f, 0x1, @perf_config_ext={0x9, 0x4}, 0x80, 0xa70f, 0x8, 0x2, 0x8000, 0xf43, 0x2, 0x0, 0x361a, 0x0, 0x5}, 0x0, 0x7, r0, 0x9) openat$snapshot(0xffffffffffffff9c, 0x0, 0x6c000, 0x0) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x11, r1) ptrace(0x10, r2) kcmp(r1, r2, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) r3 = fork() ptrace(0x10, r3) wait4(r3, 0x0, 0x80000000, &(0x7f0000000240)) r4 = fork() ptrace(0x10, r4) kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) 10:53:58 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000040)) 10:53:58 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x11, r0, 0x10000000) 10:53:58 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9205, 0x0) 10:53:58 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x200480c0) close_range(r0, 0xffffffffffffffff, 0x0) 10:53:58 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 10:53:58 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0) 10:53:58 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000040)) 10:53:58 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9205, 0x0) 10:53:58 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 10:53:59 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x200480c0) close_range(r0, 0xffffffffffffffff, 0x0) 10:53:59 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x11, r0, 0x10000000) 10:53:59 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0) 10:53:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) 10:53:59 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) listxattr(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 10:53:59 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x200480c0) close_range(r0, 0xffffffffffffffff, 0x0) 10:53:59 executing program 7: r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r2) 10:53:59 executing program 5: timer_create(0x1, &(0x7f00000001c0)={0x0, 0xb, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x77359400}, {0x0, 0x989680}}, 0x0) 10:53:59 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) fdatasync(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x0) 10:53:59 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x200480c0) close_range(r0, 0xffffffffffffffff, 0x0) 10:53:59 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x200480c0) close_range(r0, 0xffffffffffffffff, 0x0) 10:53:59 executing program 5: timer_create(0x1, &(0x7f00000001c0)={0x0, 0xb, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x77359400}, {0x0, 0x989680}}, 0x0) 10:53:59 executing program 7: r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r2) 10:53:59 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) listxattr(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 10:53:59 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0) [ 121.061285] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 121.062350] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 121.063060] CPU: 0 UID: 0 PID: 4158 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.064029] Tainted: [D]=DIE, [W]=WARN [ 121.064348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.065014] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.065415] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.066890] RSP: 0018:ffff88804691f780 EFLAGS: 00010012 [ 121.067326] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ed9000 [ 121.067904] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 121.068484] RBP: ffff88804691f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc07cb8 [ 121.069062] R10: 0000000000000000 R11: ffff888018a25498 R12: dffffc0000000000 [ 121.069648] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.070231] FS: 00007f04df065700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.070886] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.071359] CR2: 00007f04e1c03018 CR3: 0000000047199000 CR4: 0000000000350ef0 [ 121.071941] Call Trace: [ 121.072155] [ 121.072347] ? lock_release+0x1c7/0x290 [ 121.072683] ? __pfx_perf_tp_event+0x10/0x10 [ 121.073051] ? unwind_get_return_address+0x59/0xa0 [ 121.073477] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.073925] ? arch_stack_walk+0x9c/0xf0 [ 121.074272] ? stack_trace_save+0x8e/0xc0 [ 121.074620] ? stack_depot_save_flags+0x2c/0xa20 [ 121.075014] ? lock_acquire+0x18c/0x2f0 [ 121.075349] ? lock_release+0x1c7/0x290 [ 121.075680] ? lock_acquire+0x18c/0x2f0 [ 121.076013] ? lock_acquire+0x18c/0x2f0 [ 121.076346] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.076759] ? __is_insn_slot_addr+0x140/0x290 [ 121.077178] perf_trace_run_bpf_submit+0xef/0x180 [ 121.077585] perf_trace_preemptirq_template+0x259/0x430 [ 121.078030] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 121.078490] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.078980] ? __pfx___resched_curr+0x10/0x10 [ 121.079355] ? check_preempt_wakeup_fair+0x406/0x950 [ 121.079777] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 121.080199] trace_irq_enable.constprop.0+0xa6/0x100 [ 121.080614] trace_hardirqs_on+0x26/0x40 [ 121.080950] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 121.081366] try_to_wake_up+0x8ae/0x11d0 [ 121.081708] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.082082] ? plist_del+0x122/0x270 [ 121.082396] ? __futex_unqueue+0xda/0x1c0 [ 121.082744] wake_up_q+0xa1/0x130 [ 121.083043] futex_wake+0x47e/0x540 [ 121.083359] ? __pfx_futex_wake+0x10/0x10 [ 121.083708] ? errseq_sample+0x5a/0x70 [ 121.084033] ? file_init_path+0x506/0x770 [ 121.084379] do_futex+0x26d/0x370 [ 121.084675] ? __pfx_do_futex+0x10/0x10 [ 121.085003] ? lock_release+0x1c7/0x290 [ 121.085351] __x64_sys_futex+0x1c9/0x4d0 [ 121.085693] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.086181] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.086573] do_syscall_64+0xbf/0x360 [ 121.086888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.087317] RIP: 0033:0x7f04e1aefb19 [ 121.087623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.089083] RSP: 002b:00007f04df065218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.089709] RAX: ffffffffffffffda RBX: 00007f04e1c02f68 RCX: 00007f04e1aefb19 [ 121.090292] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f04e1c02f6c [ 121.090867] RBP: 00007f04e1c02f60 R08: 000000000000000e R09: 0000000000000000 [ 121.091446] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f04e1c02f6c [ 121.092025] R13: 00007ffe3382e05f R14: 00007f04df065300 R15: 0000000000022000 [ 121.092607] [ 121.092804] Modules linked in: [ 121.093071] ---[ end trace 0000000000000000 ]--- [ 121.093462] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.093855] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.095318] RSP: 0018:ffff88801bcbf600 EFLAGS: 00010212 [ 121.095756] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ed9000 [ 121.096333] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 121.096913] RBP: ffff88801bcbf870 R08: ffff88806ce31340 R09: ffffe8ffffc07cb8 [ 121.097508] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 121.098090] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.098672] FS: 00007f04df065700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.099327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.099804] CR2: 00007f04e1c03018 CR3: 0000000047199000 CR4: 0000000000350ef0 [ 121.100383] note: syz-executor.4[4158] exited with irqs disabled [ 121.100955] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 121.101859] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 121.102558] CPU: 0 UID: 0 PID: 4158 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.103514] Tainted: [D]=DIE, [W]=WARN [ 121.103829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.104485] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.104881] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.106339] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 121.106773] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 121.107347] RDX: ffff888044c40000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 121.107919] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc07cb8 [ 121.108491] R10: 0000000000000000 R11: ffff88801582ac98 R12: dffffc0000000000 [ 121.109071] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 121.109654] FS: 00007f04df065700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.110304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.110783] CR2: 00007f04e1c03018 CR3: 0000000047199000 CR4: 0000000000350ef0 [ 121.111363] Call Trace: [ 121.111578] [ 121.111770] ? __pfx_perf_tp_event+0x10/0x10 [ 121.112140] ? enqueue_task_fair+0xded/0x1e00 [ 121.112514] ? check_preempt_wakeup_fair+0x6e/0x950 [ 121.112925] ? wakeup_preempt+0x140/0x2a0 [ 121.113333] ? lock_release+0x1c7/0x290 [ 121.113660] ? lock_release+0x1c7/0x290 [ 121.113984] ? do_raw_spin_unlock+0x53/0x220 [ 121.114343] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.114759] ? try_to_wake_up+0x8ae/0x11d0 [ 121.115102] ? do_raw_spin_lock+0x123/0x260 [ 121.115453] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 121.115833] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.116237] perf_trace_run_bpf_submit+0xef/0x180 [ 121.116632] perf_trace_preemptirq_template+0x259/0x430 [ 121.117067] ? read_tsc+0x9/0x20 [ 121.117361] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.117836] ? clockevents_program_event+0x135/0x360 [ 121.118247] ? tick_program_event+0xac/0x140 [ 121.118603] ? handle_softirqs+0x16e/0x770 [ 121.118954] trace_irq_enable.constprop.0+0xa6/0x100 [ 121.119356] trace_hardirqs_on+0x26/0x40 [ 121.119680] handle_softirqs+0x16e/0x770 [ 121.120018] __irq_exit_rcu+0xc4/0x100 [ 121.120341] irq_exit_rcu+0x9/0x20 [ 121.120632] sysvec_apic_timer_interrupt+0x70/0x80 [ 121.121031] [ 121.121227] [ 121.121415] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 121.121835] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 121.122215] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 121.123632] RSP: 0018:ffff88804691ff28 EFLAGS: 00000246 [ 121.124053] RAX: 0000000000000001 RBX: ffff888044c40000 RCX: ffffffff817c2b86 [ 121.124612] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 121.125182] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 121.125745] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888044c40000 [ 121.126304] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 121.126868] ? trace_irq_enable.constprop.0+0x26/0x100 [ 121.127280] ? make_task_dead+0x214/0x3b0 [ 121.127619] ? make_task_dead+0x214/0x3b0 [ 121.127953] ? do_syscall_64+0xbf/0x360 [ 121.128272] rewind_stack_and_make_dead+0x16/0x20 [ 121.128665] RIP: 0033:0x7f04e1aefb19 [ 121.128965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.130389] RSP: 002b:00007f04df065218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.130989] RAX: ffffffffffffffda RBX: 00007f04e1c02f68 RCX: 00007f04e1aefb19 [ 121.131548] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f04e1c02f6c [ 121.132107] RBP: 00007f04e1c02f60 R08: 000000000000000e R09: 0000000000000000 [ 121.132669] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f04e1c02f6c [ 121.133233] R13: 00007ffe3382e05f R14: 00007f04df065300 R15: 0000000000022000 [ 121.133797] [ 121.133990] Modules linked in: [ 121.134254] ---[ end trace 0000000000000000 ]--- [ 121.134630] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.135007] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.136423] RSP: 0018:ffff88801bcbf600 EFLAGS: 00010212 [ 121.136842] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90009ed9000 [ 121.137409] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 121.137970] RBP: ffff88801bcbf870 R08: ffff88806ce31340 R09: ffffe8ffffc07cb8 [ 121.138535] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 121.139096] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.139656] FS: 00007f04df065700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.140287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.140749] CR2: 00007f04e1c03018 CR3: 0000000047199000 CR4: 0000000000350ef0 [ 121.141317] Kernel panic - not syncing: Fatal exception in interrupt [ 121.142019] Kernel Offset: disabled [ 121.142311] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:53:57 Registers: info registers vcpu 0 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801bcbef70 R8 =0000000000000000 R9 =ffffed100134b046 R10=0000000000000066 R11=3838666666662052 R12=0000000000000066 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f04df065700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555580616708 CR3=00000000468be000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f04e1bd67c000007f04e1bd67c8 XMM02=00007f04e1bd67e000007f04e1bd67c0 XMM03=00007f04e1bd67c800007f04e1bd67c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff88801b728000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888015f8f988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558277a400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d423000 CR3=000000000b6f4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff00000000000000 XMM01=0000ff000000000001000000ff000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f754572a7c800007f754572a7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000