Warning: Permanently added '[localhost]:29278' (ECDSA) to the list of known hosts. 2025/08/29 11:06:08 fuzzer started 2025/08/29 11:06:08 dialing manager at localhost:43077 syzkaller login: [ 52.025155] cgroup: Unknown subsys name 'net' [ 52.076773] cgroup: Unknown subsys name 'cpuset' [ 52.095384] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:06:19 syscalls: 2214 2025/08/29 11:06:19 code coverage: enabled 2025/08/29 11:06:19 comparison tracing: enabled 2025/08/29 11:06:19 extra coverage: enabled 2025/08/29 11:06:19 setuid sandbox: enabled 2025/08/29 11:06:19 namespace sandbox: enabled 2025/08/29 11:06:19 Android sandbox: enabled 2025/08/29 11:06:19 fault injection: enabled 2025/08/29 11:06:19 leak checking: enabled 2025/08/29 11:06:19 net packet injection: enabled 2025/08/29 11:06:19 net device setup: enabled 2025/08/29 11:06:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:06:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:06:19 USB emulation: enabled 2025/08/29 11:06:19 hci packet injection: enabled 2025/08/29 11:06:19 wifi device emulation: enabled 2025/08/29 11:06:19 802.15.4 emulation: enabled 2025/08/29 11:06:19 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:06:20 fetching corpus: 50, signal 23021/26531 (executing program) 2025/08/29 11:06:20 fetching corpus: 100, signal 31004/36018 (executing program) 2025/08/29 11:06:20 fetching corpus: 150, signal 41135/47372 (executing program) 2025/08/29 11:06:20 fetching corpus: 200, signal 47973/55422 (executing program) 2025/08/29 11:06:20 fetching corpus: 250, signal 53429/62001 (executing program) 2025/08/29 11:06:20 fetching corpus: 300, signal 56684/66427 (executing program) 2025/08/29 11:06:20 fetching corpus: 350, signal 62840/73461 (executing program) 2025/08/29 11:06:20 fetching corpus: 400, signal 68088/79570 (executing program) 2025/08/29 11:06:20 fetching corpus: 450, signal 70533/83037 (executing program) 2025/08/29 11:06:20 fetching corpus: 500, signal 71976/85535 (executing program) 2025/08/29 11:06:21 fetching corpus: 550, signal 76333/90547 (executing program) 2025/08/29 11:06:21 fetching corpus: 600, signal 78115/93272 (executing program) 2025/08/29 11:06:21 fetching corpus: 650, signal 80453/96396 (executing program) 2025/08/29 11:06:21 fetching corpus: 700, signal 82024/98815 (executing program) 2025/08/29 11:06:21 fetching corpus: 750, signal 85039/102414 (executing program) 2025/08/29 11:06:21 fetching corpus: 800, signal 87174/105291 (executing program) 2025/08/29 11:06:21 fetching corpus: 850, signal 89071/107900 (executing program) 2025/08/29 11:06:21 fetching corpus: 900, signal 92370/111551 (executing program) 2025/08/29 11:06:21 fetching corpus: 950, signal 94035/113864 (executing program) 2025/08/29 11:06:21 fetching corpus: 1000, signal 95794/116268 (executing program) 2025/08/29 11:06:22 fetching corpus: 1050, signal 97182/118251 (executing program) 2025/08/29 11:06:22 fetching corpus: 1100, signal 98638/120317 (executing program) 2025/08/29 11:06:22 fetching corpus: 1150, signal 100595/122713 (executing program) 2025/08/29 11:06:22 fetching corpus: 1200, signal 101634/124453 (executing program) 2025/08/29 11:06:22 fetching corpus: 1250, signal 103170/126512 (executing program) 2025/08/29 11:06:22 fetching corpus: 1300, signal 105256/128895 (executing program) 2025/08/29 11:06:22 fetching corpus: 1350, signal 106437/130578 (executing program) 2025/08/29 11:06:22 fetching corpus: 1400, signal 107657/132270 (executing program) 2025/08/29 11:06:22 fetching corpus: 1450, signal 108829/133958 (executing program) 2025/08/29 11:06:22 fetching corpus: 1500, signal 109830/135527 (executing program) 2025/08/29 11:06:22 fetching corpus: 1550, signal 110789/136965 (executing program) 2025/08/29 11:06:23 fetching corpus: 1600, signal 112323/138756 (executing program) 2025/08/29 11:06:23 fetching corpus: 1650, signal 113881/140564 (executing program) 2025/08/29 11:06:23 fetching corpus: 1700, signal 115071/142107 (executing program) 2025/08/29 11:06:23 fetching corpus: 1750, signal 116514/143768 (executing program) 2025/08/29 11:06:23 fetching corpus: 1800, signal 117567/145164 (executing program) 2025/08/29 11:06:23 fetching corpus: 1850, signal 119103/146805 (executing program) 2025/08/29 11:06:23 fetching corpus: 1900, signal 120406/148339 (executing program) 2025/08/29 11:06:23 fetching corpus: 1950, signal 121247/149527 (executing program) 2025/08/29 11:06:23 fetching corpus: 2000, signal 122473/150928 (executing program) 2025/08/29 11:06:23 fetching corpus: 2050, signal 123473/152176 (executing program) 2025/08/29 11:06:24 fetching corpus: 2100, signal 124662/153504 (executing program) 2025/08/29 11:06:24 fetching corpus: 2150, signal 125564/154648 (executing program) 2025/08/29 11:06:24 fetching corpus: 2200, signal 126634/155878 (executing program) 2025/08/29 11:06:24 fetching corpus: 2250, signal 127475/156997 (executing program) 2025/08/29 11:06:24 fetching corpus: 2300, signal 128286/158007 (executing program) 2025/08/29 11:06:24 fetching corpus: 2350, signal 129254/159059 (executing program) 2025/08/29 11:06:24 fetching corpus: 2400, signal 130244/160188 (executing program) 2025/08/29 11:06:24 fetching corpus: 2450, signal 130651/161036 (executing program) 2025/08/29 11:06:24 fetching corpus: 2500, signal 131543/162053 (executing program) 2025/08/29 11:06:24 fetching corpus: 2550, signal 132324/162984 (executing program) 2025/08/29 11:06:25 fetching corpus: 2600, signal 133454/164081 (executing program) 2025/08/29 11:06:25 fetching corpus: 2650, signal 134240/165024 (executing program) 2025/08/29 11:06:25 fetching corpus: 2700, signal 137242/166723 (executing program) 2025/08/29 11:06:25 fetching corpus: 2750, signal 138145/167645 (executing program) 2025/08/29 11:06:25 fetching corpus: 2800, signal 139204/168602 (executing program) 2025/08/29 11:06:25 fetching corpus: 2850, signal 139804/169310 (executing program) 2025/08/29 11:06:25 fetching corpus: 2900, signal 140459/170082 (executing program) 2025/08/29 11:06:25 fetching corpus: 2950, signal 141233/170900 (executing program) 2025/08/29 11:06:25 fetching corpus: 3000, signal 141879/171664 (executing program) 2025/08/29 11:06:25 fetching corpus: 3050, signal 142608/172372 (executing program) 2025/08/29 11:06:25 fetching corpus: 3100, signal 143735/173205 (executing program) 2025/08/29 11:06:26 fetching corpus: 3150, signal 144279/173819 (executing program) 2025/08/29 11:06:26 fetching corpus: 3200, signal 144994/174482 (executing program) 2025/08/29 11:06:26 fetching corpus: 3250, signal 145598/175155 (executing program) 2025/08/29 11:06:26 fetching corpus: 3300, signal 146042/175695 (executing program) 2025/08/29 11:06:26 fetching corpus: 3350, signal 146732/176350 (executing program) 2025/08/29 11:06:26 fetching corpus: 3400, signal 147206/176888 (executing program) 2025/08/29 11:06:26 fetching corpus: 3450, signal 147750/177459 (executing program) 2025/08/29 11:06:26 fetching corpus: 3500, signal 148131/178003 (executing program) 2025/08/29 11:06:26 fetching corpus: 3550, signal 148699/178539 (executing program) 2025/08/29 11:06:26 fetching corpus: 3600, signal 149458/179136 (executing program) 2025/08/29 11:06:26 fetching corpus: 3650, signal 150092/179661 (executing program) 2025/08/29 11:06:27 fetching corpus: 3700, signal 150426/180156 (executing program) 2025/08/29 11:06:27 fetching corpus: 3750, signal 151054/180661 (executing program) 2025/08/29 11:06:27 fetching corpus: 3800, signal 151646/181174 (executing program) 2025/08/29 11:06:27 fetching corpus: 3850, signal 152084/181617 (executing program) 2025/08/29 11:06:27 fetching corpus: 3900, signal 152693/182049 (executing program) 2025/08/29 11:06:27 fetching corpus: 3950, signal 153413/182543 (executing program) 2025/08/29 11:06:27 fetching corpus: 4000, signal 153948/183005 (executing program) 2025/08/29 11:06:27 fetching corpus: 4050, signal 154425/183396 (executing program) 2025/08/29 11:06:27 fetching corpus: 4100, signal 155247/183822 (executing program) 2025/08/29 11:06:27 fetching corpus: 4150, signal 155795/184236 (executing program) 2025/08/29 11:06:27 fetching corpus: 4200, signal 156240/184618 (executing program) 2025/08/29 11:06:28 fetching corpus: 4250, signal 156674/185005 (executing program) 2025/08/29 11:06:28 fetching corpus: 4300, signal 157250/185390 (executing program) 2025/08/29 11:06:28 fetching corpus: 4350, signal 157713/185745 (executing program) 2025/08/29 11:06:28 fetching corpus: 4400, signal 158094/186090 (executing program) 2025/08/29 11:06:28 fetching corpus: 4450, signal 158955/186456 (executing program) 2025/08/29 11:06:28 fetching corpus: 4500, signal 159380/186668 (executing program) 2025/08/29 11:06:28 fetching corpus: 4550, signal 159705/186676 (executing program) 2025/08/29 11:06:28 fetching corpus: 4600, signal 160186/186681 (executing program) 2025/08/29 11:06:28 fetching corpus: 4650, signal 160820/186682 (executing program) 2025/08/29 11:06:28 fetching corpus: 4700, signal 161184/186710 (executing program) 2025/08/29 11:06:28 fetching corpus: 4750, signal 161854/186718 (executing program) 2025/08/29 11:06:28 fetching corpus: 4800, signal 162249/186735 (executing program) 2025/08/29 11:06:29 fetching corpus: 4850, signal 162610/186742 (executing program) 2025/08/29 11:06:29 fetching corpus: 4900, signal 163125/186744 (executing program) 2025/08/29 11:06:29 fetching corpus: 4950, signal 163556/186762 (executing program) 2025/08/29 11:06:29 fetching corpus: 5000, signal 163995/186767 (executing program) 2025/08/29 11:06:29 fetching corpus: 5050, signal 164275/186796 (executing program) 2025/08/29 11:06:29 fetching corpus: 5100, signal 164688/186816 (executing program) 2025/08/29 11:06:29 fetching corpus: 5150, signal 164918/186829 (executing program) 2025/08/29 11:06:29 fetching corpus: 5200, signal 165394/186833 (executing program) 2025/08/29 11:06:29 fetching corpus: 5250, signal 165924/186846 (executing program) 2025/08/29 11:06:30 fetching corpus: 5300, signal 166250/186863 (executing program) 2025/08/29 11:06:30 fetching corpus: 5350, signal 166720/186866 (executing program) 2025/08/29 11:06:30 fetching corpus: 5400, signal 167137/186873 (executing program) 2025/08/29 11:06:30 fetching corpus: 5450, signal 167639/186874 (executing program) 2025/08/29 11:06:30 fetching corpus: 5500, signal 167890/186896 (executing program) 2025/08/29 11:06:30 fetching corpus: 5550, signal 168200/186904 (executing program) 2025/08/29 11:06:30 fetching corpus: 5600, signal 168478/186922 (executing program) 2025/08/29 11:06:30 fetching corpus: 5650, signal 168835/186922 (executing program) 2025/08/29 11:06:30 fetching corpus: 5700, signal 169132/186931 (executing program) 2025/08/29 11:06:30 fetching corpus: 5750, signal 169567/186943 (executing program) 2025/08/29 11:06:30 fetching corpus: 5800, signal 169957/186951 (executing program) 2025/08/29 11:06:30 fetching corpus: 5850, signal 170321/186956 (executing program) 2025/08/29 11:06:30 fetching corpus: 5900, signal 170637/186965 (executing program) 2025/08/29 11:06:31 fetching corpus: 5950, signal 171048/186970 (executing program) 2025/08/29 11:06:31 fetching corpus: 6000, signal 171450/187056 (executing program) 2025/08/29 11:06:31 fetching corpus: 6050, signal 171807/187069 (executing program) 2025/08/29 11:06:31 fetching corpus: 6100, signal 172107/187071 (executing program) 2025/08/29 11:06:31 fetching corpus: 6150, signal 172433/187096 (executing program) 2025/08/29 11:06:31 fetching corpus: 6200, signal 172714/187096 (executing program) 2025/08/29 11:06:31 fetching corpus: 6250, signal 172948/187103 (executing program) 2025/08/29 11:06:31 fetching corpus: 6300, signal 173366/187108 (executing program) 2025/08/29 11:06:31 fetching corpus: 6350, signal 173748/187112 (executing program) 2025/08/29 11:06:32 fetching corpus: 6400, signal 174063/187121 (executing program) 2025/08/29 11:06:32 fetching corpus: 6450, signal 174333/187125 (executing program) 2025/08/29 11:06:32 fetching corpus: 6500, signal 174684/187126 (executing program) 2025/08/29 11:06:32 fetching corpus: 6550, signal 174928/187130 (executing program) 2025/08/29 11:06:32 fetching corpus: 6600, signal 175270/187143 (executing program) 2025/08/29 11:06:32 fetching corpus: 6650, signal 175556/187148 (executing program) 2025/08/29 11:06:32 fetching corpus: 6700, signal 175852/187161 (executing program) 2025/08/29 11:06:32 fetching corpus: 6750, signal 176187/187173 (executing program) 2025/08/29 11:06:32 fetching corpus: 6800, signal 176657/187183 (executing program) 2025/08/29 11:06:32 fetching corpus: 6850, signal 176949/187191 (executing program) 2025/08/29 11:06:32 fetching corpus: 6900, signal 177341/187200 (executing program) 2025/08/29 11:06:32 fetching corpus: 6950, signal 177728/187202 (executing program) 2025/08/29 11:06:32 fetching corpus: 7000, signal 177983/187202 (executing program) 2025/08/29 11:06:33 fetching corpus: 7050, signal 178223/187209 (executing program) 2025/08/29 11:06:33 fetching corpus: 7100, signal 178433/187209 (executing program) 2025/08/29 11:06:33 fetching corpus: 7150, signal 178724/187214 (executing program) 2025/08/29 11:06:33 fetching corpus: 7200, signal 179071/187233 (executing program) 2025/08/29 11:06:33 fetching corpus: 7250, signal 179369/187248 (executing program) 2025/08/29 11:06:33 fetching corpus: 7300, signal 179766/187248 (executing program) 2025/08/29 11:06:33 fetching corpus: 7350, signal 180069/187250 (executing program) 2025/08/29 11:06:33 fetching corpus: 7400, signal 180305/187261 (executing program) 2025/08/29 11:06:33 fetching corpus: 7450, signal 180625/187266 (executing program) 2025/08/29 11:06:33 fetching corpus: 7500, signal 180890/187271 (executing program) 2025/08/29 11:06:33 fetching corpus: 7550, signal 181074/187277 (executing program) 2025/08/29 11:06:34 fetching corpus: 7600, signal 181394/187280 (executing program) 2025/08/29 11:06:34 fetching corpus: 7650, signal 182198/187321 (executing program) 2025/08/29 11:06:34 fetching corpus: 7700, signal 182441/187333 (executing program) 2025/08/29 11:06:34 fetching corpus: 7750, signal 182757/187336 (executing program) 2025/08/29 11:06:34 fetching corpus: 7800, signal 183052/187338 (executing program) 2025/08/29 11:06:34 fetching corpus: 7850, signal 183330/187345 (executing program) 2025/08/29 11:06:34 fetching corpus: 7900, signal 183554/187369 (executing program) 2025/08/29 11:06:34 fetching corpus: 7950, signal 183773/187369 (executing program) 2025/08/29 11:06:34 fetching corpus: 7987, signal 184143/187370 (executing program) 2025/08/29 11:06:34 fetching corpus: 7987, signal 184143/187370 (executing program) 2025/08/29 11:06:37 starting 8 fuzzer processes 11:06:37 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)) umount2(&(0x7f0000000140)='./file0\x00', 0xc) 11:06:37 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x8, r1, r0, 0x0, 0x0) 11:06:37 executing program 1: keyctl$set_reqkey_keyring(0xe, 0x2) keyctl$set_reqkey_keyring(0xe, 0x2) 11:06:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='C', 0xf7d0}], 0x1}}], 0x1, 0x0) 11:06:37 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 11:06:37 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x7, 0x0, 0x0) 11:06:37 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0) [ 80.845240] audit: type=1400 audit(1756465597.362:7): avc: denied { execmem } for pid=272 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:06:37 executing program 5: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0) request_key(&(0x7f00000000c0)='rxrpc\x00', 0x0, 0x0, 0x0) [ 81.998199] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.001696] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.003434] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.007543] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.010741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.254408] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.258303] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.262131] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.263577] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.269111] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.272829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.279771] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.282425] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.287828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.293513] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.315220] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.317231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.318690] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.334619] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.338881] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.343464] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.345251] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.348305] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.350396] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 82.353380] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 82.354664] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.357236] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 82.359129] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.360323] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 82.364387] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 82.364520] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 82.371189] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 82.372596] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 82.374131] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 82.378316] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 82.386838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 82.388865] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.397613] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 82.399060] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 82.407290] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 84.031933] Bluetooth: hci0: command tx timeout [ 84.352147] Bluetooth: hci1: command tx timeout [ 84.352821] Bluetooth: hci2: command tx timeout [ 84.416044] Bluetooth: hci4: command tx timeout [ 84.416632] Bluetooth: hci3: command tx timeout [ 84.479278] Bluetooth: hci6: command tx timeout [ 84.480045] Bluetooth: hci5: command tx timeout [ 84.481707] Bluetooth: hci7: command tx timeout [ 86.079021] Bluetooth: hci0: command tx timeout [ 86.399074] Bluetooth: hci2: command tx timeout [ 86.399533] Bluetooth: hci1: command tx timeout [ 86.463075] Bluetooth: hci3: command tx timeout [ 86.463529] Bluetooth: hci4: command tx timeout [ 86.527047] Bluetooth: hci5: command tx timeout [ 86.527489] Bluetooth: hci7: command tx timeout [ 86.527852] Bluetooth: hci6: command tx timeout [ 88.127145] Bluetooth: hci0: command tx timeout [ 88.447032] Bluetooth: hci1: command tx timeout [ 88.447469] Bluetooth: hci2: command tx timeout [ 88.511152] Bluetooth: hci4: command tx timeout [ 88.511590] Bluetooth: hci3: command tx timeout [ 88.575044] Bluetooth: hci6: command tx timeout [ 88.575501] Bluetooth: hci7: command tx timeout [ 88.575879] Bluetooth: hci5: command tx timeout [ 90.175091] Bluetooth: hci0: command tx timeout [ 90.495744] Bluetooth: hci2: command tx timeout [ 90.497107] Bluetooth: hci1: command tx timeout [ 90.559081] Bluetooth: hci3: command tx timeout [ 90.560017] Bluetooth: hci4: command tx timeout [ 90.623098] Bluetooth: hci5: command tx timeout [ 90.623922] Bluetooth: hci7: command tx timeout [ 90.624915] Bluetooth: hci6: command tx timeout [ 117.997694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.999013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.281187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.282273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.718312] audit: type=1400 audit(1756465635.240:8): avc: denied { open } for pid=3671 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.728070] audit: type=1400 audit(1756465635.240:9): avc: denied { kernel } for pid=3671 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:07:15 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x8, r1, r0, 0x0, 0x0) 11:07:15 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x8, r1, r0, 0x0, 0x0) 11:07:15 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x8, r1, r0, 0x0, 0x0) 11:07:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, 0x0, 0xc) [ 119.431122] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:07:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, 0x0, 0xc) 11:07:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, 0x0, 0xc) 11:07:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, 0x0, 0xc) 11:07:16 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xac1414ad}}, 0x1c, 0x0}}], 0x1, 0x0) [ 120.109071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.109707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.214887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.215645] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.663302] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.663934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.802298] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.802933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.864505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.865197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.940990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.941595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.968328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.968897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.030265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.030856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.113099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.113727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.138191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.138771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.190884] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.191585] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.267823] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.268430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.437865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.438509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.486092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.486709] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:07:18 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)) umount2(&(0x7f0000000140)='./file0\x00', 0xc) 11:07:18 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='C', 0xf7d0}], 0x1}}], 0x1, 0x0) 11:07:18 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0) 11:07:18 executing program 5: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0) request_key(&(0x7f00000000c0)='rxrpc\x00', 0x0, 0x0, 0x0) 11:07:18 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x7, 0x0, 0x0) 11:07:18 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 11:07:18 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xac1414ad}}, 0x1c, 0x0}}], 0x1, 0x0) 11:07:18 executing program 1: keyctl$set_reqkey_keyring(0xe, 0x2) keyctl$set_reqkey_keyring(0xe, 0x2) 11:07:18 executing program 5: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0) request_key(&(0x7f00000000c0)='rxrpc\x00', 0x0, 0x0, 0x0) 11:07:18 executing program 1: keyctl$set_reqkey_keyring(0xe, 0x2) keyctl$set_reqkey_keyring(0xe, 0x2) 11:07:18 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xac1414ad}}, 0x1c, 0x0}}], 0x1, 0x0) 11:07:18 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 11:07:18 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x7, 0x0, 0x0) 11:07:18 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='C', 0xf7d0}], 0x1}}], 0x1, 0x0) 11:07:18 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0) 11:07:18 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)) umount2(&(0x7f0000000140)='./file0\x00', 0xc) 11:07:18 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 11:07:18 executing program 5: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0) request_key(&(0x7f00000000c0)='rxrpc\x00', 0x0, 0x0, 0x0) 11:07:18 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xac1414ad}}, 0x1c, 0x0}}], 0x1, 0x0) 11:07:18 executing program 1: keyctl$set_reqkey_keyring(0xe, 0x2) keyctl$set_reqkey_keyring(0xe, 0x2) 11:07:18 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)) umount2(&(0x7f0000000140)='./file0\x00', 0xc) 11:07:18 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x7, 0x0, 0x0) 11:07:18 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0) 11:07:18 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='C', 0xf7d0}], 0x1}}], 0x1, 0x0) 11:07:18 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 11:07:18 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0x0) 11:07:18 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000380)=""/4096, 0x39, 0x300) 11:07:18 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0xa, 0x0, 0x0) 11:07:18 executing program 3: pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) getsockname$packet(r0, 0x0, 0x0) [ 122.008613] kmemleak: Found object by alias at 0x607f1a639c3c [ 122.008634] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.008656] Tainted: [W]=WARN [ 122.008659] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.008667] Call Trace: [ 122.008672] [ 122.008677] dump_stack_lvl+0xca/0x120 [ 122.008704] __lookup_object+0x94/0xb0 [ 122.008722] delete_object_full+0x27/0x70 [ 122.008738] free_percpu+0x30/0x1160 [ 122.008755] ? arch_uprobe_clear_state+0x16/0x140 [ 122.008775] futex_hash_free+0x38/0xc0 [ 122.008790] mmput+0x2d3/0x390 [ 122.008809] do_exit+0x79d/0x2970 [ 122.008822] ? signal_wake_up_state+0x85/0x120 [ 122.008838] ? zap_other_threads+0x2b9/0x3a0 [ 122.008854] ? __pfx_do_exit+0x10/0x10 [ 122.008866] ? do_group_exit+0x1c3/0x2a0 [ 122.008880] ? lock_release+0xc8/0x290 [ 122.008897] do_group_exit+0xd3/0x2a0 [ 122.008912] __x64_sys_exit_group+0x3e/0x50 [ 122.008925] x64_sys_call+0x18c5/0x18d0 [ 122.008941] do_syscall_64+0xbf/0x360 [ 122.008957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.008968] RIP: 0033:0x7faae0323b19 [ 122.008977] Code: Unable to access opcode bytes at 0x7faae0323aef. [ 122.008982] RSP: 002b:00007fff3cb26be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.008994] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007faae0323b19 [ 122.009001] RDX: 00007faae02d672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.009008] RBP: 0000000000000000 R08: 0000001b2d1217b4 R09: 0000000000000000 [ 122.009016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.009022] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff3cb26cd0 [ 122.009038] [ 122.009042] kmemleak: Object (percpu) 0x607f1a639c38 (size 8): [ 122.009049] kmemleak: comm "syz-executor.1", pid 3964, jiffies 4294788871 [ 122.009056] kmemleak: min_count = 1 [ 122.009060] kmemleak: count = 0 [ 122.009063] kmemleak: flags = 0x21 [ 122.009067] kmemleak: checksum = 0 [ 122.009071] kmemleak: backtrace: [ 122.009075] pcpu_alloc_noprof+0x87a/0x1170 [ 122.009089] perf_trace_event_init+0x366/0xa10 [ 122.009103] perf_trace_init+0x1a4/0x2f0 [ 122.009114] perf_tp_event_init+0xa6/0x120 [ 122.009130] perf_try_init_event+0x140/0x9f0 [ 122.009143] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.009159] __do_sys_perf_event_open+0x719/0x2c20 [ 122.009172] do_syscall_64+0xbf/0x360 [ 122.009180] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:07:18 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0x0) 11:07:18 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00', 0x4a}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0x40a85321, 0x0) 11:07:18 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0145401, &(0x7f0000000040)={{0x0, 0x0, 0xfdfdffff}}) 11:07:18 executing program 3: pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) getsockname$packet(r0, 0x0, 0x0) 11:07:18 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in=@dev}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 11:07:18 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0x4002}, {0x0}], 0x3}}], 0x1, 0x8000015) 11:07:18 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0xa, 0x0, 0x0) [ 122.108442] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 122.109349] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.109962] CPU: 1 UID: 0 PID: 3979 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.110911] Tainted: [W]=WARN [ 122.111160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.113185] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.114197] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.118136] RSP: 0018:ffff88801c93f800 EFLAGS: 00010212 [ 122.119521] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90007224000 [ 122.120434] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.121007] RBP: ffff88801c93fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16c38 [ 122.121583] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 122.122151] R13: 0000000000000024 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.122723] FS: 00007f4e709fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.123364] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.123836] CR2: 00007f4e73599018 CR3: 0000000044ea3000 CR4: 0000000000350ef0 [ 122.124403] Call Trace: [ 122.124613] [ 122.124802] ? __pfx_perf_tp_event+0x10/0x10 [ 122.125167] ? lock_is_held_type+0x9e/0x120 [ 122.125528] ? lock_is_held_type+0x9e/0x120 [ 122.125884] ? ctx_sched_in+0x134/0x9b0 [ 122.126208] ? __pfx_ctx_sched_in+0x10/0x10 [ 122.126551] ? arch_stack_walk+0x9c/0xf0 [ 122.126885] ? find_held_lock+0x2b/0x80 [ 122.127216] ? find_held_lock+0x2b/0x80 [ 122.127544] ? __perf_install_in_context+0x503/0xb90 [ 122.127949] ? lock_release+0xc8/0x290 [ 122.128269] ? do_raw_spin_unlock+0x53/0x220 [ 122.128641] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.129045] perf_trace_run_bpf_submit+0xef/0x180 [ 122.129447] perf_trace_lock_acquire+0x3c2/0x700 [ 122.129843] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 122.130269] ? futex_ref_get+0x48/0x300 [ 122.130593] ? find_held_lock+0x2b/0x80 [ 122.130925] lock_acquire+0xc5/0x2f0 [ 122.131232] ? futex_wake+0x228/0x540 [ 122.131547] _raw_spin_lock+0x2b/0x40 [ 122.131857] ? futex_wake+0x228/0x540 [ 122.132167] futex_wake+0x228/0x540 [ 122.132472] ? __pfx_futex_wake+0x10/0x10 [ 122.132814] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 122.133226] ? lock_release+0xc8/0x290 [ 122.133553] do_futex+0x26d/0x370 [ 122.133842] ? __pfx_do_futex+0x10/0x10 [ 122.134165] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.134592] ? find_held_lock+0x2b/0x80 [ 122.134922] __x64_sys_futex+0x1c9/0x4d0 [ 122.135256] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.135628] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.136051] do_syscall_64+0xbf/0x360 [ 122.136362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.136781] RIP: 0033:0x7f4e73485b19 [ 122.137081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.138533] RSP: 002b:00007f4e709fb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.139145] RAX: ffffffffffffffda RBX: 00007f4e73598f68 RCX: 00007f4e73485b19 [ 122.139722] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4e73598f6c [ 122.140425] RBP: 00007f4e73598f60 R08: 000000000000000e R09: 0000000000000000 [ 122.140993] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4e73598f6c [ 122.141568] R13: 00007ffd7863d05f R14: 00007f4e709fb300 R15: 0000000000022000 [ 122.142144] [ 122.142337] Modules linked in: [ 122.142624] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 122.143501] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.144096] CPU: 1 UID: 0 PID: 3979 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.145029] Tainted: [D]=DIE, [W]=WARN [ 122.145334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.145983] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.146356] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.147768] RSP: 0018:ffff88806cf08a40 EFLAGS: 00010012 [ 122.148187] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 122.148749] RDX: ffff8880166d5280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.149308] RBP: ffff88806cf08cb0 R08: ffff88806cf31490 R09: ffffe8ffffd16c38 [ 122.149870] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 122.150428] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 122.150993] FS: 00007f4e709fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.151626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.152084] CR2: 00007f4e73599018 CR3: 0000000044ea3000 CR4: 0000000000350ef0 [ 122.152646] Call Trace: [ 122.152853] [ 122.153029] ? __kernel_text_address+0xd/0x40 [ 122.153393] ? __pfx_perf_tp_event+0x10/0x10 [ 122.153756] ? stack_trace_save+0x8e/0xc0 [ 122.154094] ? stack_depot_save_flags+0x2c/0xa20 [ 122.154470] ? stack_depot_save_flags+0x2c/0xa20 [ 122.154847] ? kasan_save_stack+0x34/0x50 [ 122.155177] ? kasan_save_stack+0x24/0x50 [ 122.155504] ? kasan_save_track+0x14/0x30 [ 122.155838] ? __kasan_save_free_info+0x3a/0x60 [ 122.156212] ? __kasan_slab_free+0x3f/0x50 [ 122.156551] ? kmem_cache_free+0x2a1/0x540 [ 122.156890] ? rcu_core+0x7c8/0x1800 [ 122.157193] ? handle_softirqs+0x1b1/0x770 [ 122.157546] ? __irq_exit_rcu+0xc4/0x100 [ 122.157876] ? irq_exit_rcu+0x9/0x20 [ 122.158174] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 122.158576] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 122.159009] ? smp_call_function_many_cond+0xa38/0x1110 [ 122.159434] ? on_each_cpu_cond_mask+0x57/0xa0 [ 122.159805] ? smp_text_poke_batch_finish+0x5fe/0xb50 [ 122.160216] ? __static_call_transform+0x337/0x740 [ 122.160608] ? arch_static_call_transform+0xcb/0xd0 [ 122.161014] ? __static_call_update+0xd6/0x630 [ 122.161383] ? tracepoint_add_func+0xab9/0xec0 [ 122.161763] ? tracepoint_probe_register+0xa4/0xf0 [ 122.162153] ? trace_event_reg+0x297/0x350 [ 122.162491] ? perf_trace_event_init+0x511/0xa10 [ 122.162872] ? perf_trace_init+0x1a4/0x2f0 [ 122.163208] ? perf_tp_event_init+0xa6/0x120 [ 122.163564] ? perf_try_init_event+0x140/0x9f0 [ 122.163933] ? perf_event_alloc.part.0+0x118e/0x45f0 [ 122.164342] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.164742] perf_trace_run_bpf_submit+0xef/0x180 [ 122.165137] perf_trace_lock_acquire+0x3c2/0x700 [ 122.165530] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 122.165955] ? lock_is_held_type+0x9e/0x120 [ 122.166304] lock_acquire+0xc5/0x2f0 [ 122.166602] ? sched_ttwu_pending+0xa1/0x4a0 [ 122.166962] ? lock_release+0xc8/0x290 [ 122.167274] ? lock_release+0xc8/0x290 [ 122.167588] _raw_spin_lock_nested+0x29/0x40 [ 122.167943] ? sched_ttwu_pending+0xa1/0x4a0 [ 122.168300] sched_ttwu_pending+0xa1/0x4a0 [ 122.168643] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.169010] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 122.169403] __flush_smp_call_function_queue+0x434/0x740 [ 122.169847] __sysvec_call_function_single+0x6d/0x370 [ 122.170265] sysvec_call_function_single+0xa1/0xc0 [ 122.170655] [ 122.170840] [ 122.171026] asm_sysvec_call_function_single+0x1a/0x20 [ 122.171444] RIP: 0010:oops_exit+0x0/0x50 [ 122.171771] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 122.173204] RSP: 0018:ffff88801c93f690 EFLAGS: 00000202 [ 122.173633] RAX: 000000000002a455 RBX: 0000000000000212 RCX: ffffc90007224000 [ 122.174193] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 122.174755] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 122.175322] R10: 0000000000000000 R11: 000000000000002c R12: ffff88801c93f758 [ 122.175884] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 122.176450] ? oops_end+0x4a/0xe0 [ 122.176741] oops_end+0x65/0xe0 [ 122.177018] exc_general_protection+0x1a2/0x330 [ 122.177394] asm_exc_general_protection+0x26/0x30 [ 122.177792] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.178170] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.179596] RSP: 0018:ffff88801c93f800 EFLAGS: 00010212 [ 122.180017] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90007224000 [ 122.180576] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.181145] RBP: ffff88801c93fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16c38 [ 122.181713] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 122.182274] R13: 0000000000000024 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.182839] ? perf_tp_event+0x167/0xe70 [ 122.183174] ? __pfx_perf_tp_event+0x10/0x10 [ 122.183531] ? lock_is_held_type+0x9e/0x120 [ 122.183878] ? lock_is_held_type+0x9e/0x120 [ 122.184225] ? ctx_sched_in+0x134/0x9b0 [ 122.184548] ? __pfx_ctx_sched_in+0x10/0x10 [ 122.184891] ? arch_stack_walk+0x9c/0xf0 [ 122.185217] ? find_held_lock+0x2b/0x80 [ 122.185547] ? find_held_lock+0x2b/0x80 [ 122.185870] ? __perf_install_in_context+0x503/0xb90 [ 122.186264] ? lock_release+0xc8/0x290 [ 122.186572] ? do_raw_spin_unlock+0x53/0x220 [ 122.186930] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.187324] perf_trace_run_bpf_submit+0xef/0x180 [ 122.187705] perf_trace_lock_acquire+0x3c2/0x700 [ 122.188082] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 122.188496] ? futex_ref_get+0x48/0x300 [ 122.188807] ? find_held_lock+0x2b/0x80 [ 122.189125] lock_acquire+0xc5/0x2f0 [ 122.189421] ? futex_wake+0x228/0x540 [ 122.189743] _raw_spin_lock+0x2b/0x40 [ 122.190048] ? futex_wake+0x228/0x540 [ 122.190352] futex_wake+0x228/0x540 [ 122.190644] ? __pfx_futex_wake+0x10/0x10 [ 122.190974] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 122.191373] ? lock_release+0xc8/0x290 [ 122.191680] do_futex+0x26d/0x370 [ 122.191960] ? __pfx_do_futex+0x10/0x10 [ 122.192277] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.192692] ? find_held_lock+0x2b/0x80 [ 122.193010] __x64_sys_futex+0x1c9/0x4d0 [ 122.193334] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.193705] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.194117] do_syscall_64+0xbf/0x360 [ 122.194416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.194820] RIP: 0033:0x7f4e73485b19 [ 122.195110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.196523] RSP: 002b:00007f4e709fb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.197114] RAX: ffffffffffffffda RBX: 00007f4e73598f68 RCX: 00007f4e73485b19 [ 122.197672] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4e73598f6c [ 122.198263] RBP: 00007f4e73598f60 R08: 000000000000000e R09: 0000000000000000 [ 122.198840] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4e73598f6c [ 122.199435] R13: 00007ffd7863d05f R14: 00007f4e709fb300 R15: 0000000000022000 [ 122.200024] [ 122.200218] Modules linked in: [ 122.200493] ---[ end trace 0000000000000000 ]--- [ 122.200859] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.201227] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.202634] RSP: 0018:ffff88801c93f800 EFLAGS: 00010212 [ 122.203053] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90007224000 [ 122.203608] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.204162] RBP: ffff88801c93fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16c38 [ 122.204719] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 122.205274] R13: 0000000000000024 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.205848] FS: 00007f4e709fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.206478] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.206937] CR2: 00007f4e73599018 CR3: 0000000044ea3000 CR4: 0000000000350ef0 [ 122.207501] Kernel panic - not syncing: Fatal exception in interrupt [ 122.208190] Kernel Offset: disabled [ 122.208476] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:07:18 Registers: info registers vcpu 0 RAX=000000000000786a RBX=ffffea0001051f80 RCX=ffffffff81a27edf RDX=ffff888045881b80 RSI=ffffffff81a27ef1 RDI=0000000000000006 RBP=0000000000000001 RSP=ffff8880178cf830 R8 =0000000000000000 R9 =fffff9400020a3f0 R10=000000000000786a R11=1ffff1100d9c6f7b R12=ffffea0001051f80 R13=000000000004147e R14=ffff88800e534dc0 R15=ffffea0001051fb0 RIP=ffffffff8173e788 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1eefc093a4 CR3=0000000044445000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801c93f178 R8 =ffffffff828fa6c0 R9 =0000000000000001 R10=0000000000000000 R11=000000000000002c R12=0000000000000051 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400 RIP=ffffffff828e3285 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4e709fb700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4e73599018 CR3=0000000044ea3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f4e7356c7c000007f4e7356c7c8 XMM02=00007f4e7356c7e000007f4e7356c7c0 XMM03=00007f4e7356c7c800007f4e7356c7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000