Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:50627' (ECDSA) to the list of known hosts. 2025/08/29 11:50:37 fuzzer started 2025/08/29 11:50:37 dialing manager at localhost:43077 syzkaller login: [ 42.965811] cgroup: Unknown subsys name 'net' [ 43.064758] cgroup: Unknown subsys name 'cpuset' [ 43.106054] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:50:46 syscalls: 2214 2025/08/29 11:50:46 code coverage: enabled 2025/08/29 11:50:46 comparison tracing: enabled 2025/08/29 11:50:46 extra coverage: enabled 2025/08/29 11:50:46 setuid sandbox: enabled 2025/08/29 11:50:46 namespace sandbox: enabled 2025/08/29 11:50:46 Android sandbox: enabled 2025/08/29 11:50:46 fault injection: enabled 2025/08/29 11:50:46 leak checking: enabled 2025/08/29 11:50:46 net packet injection: enabled 2025/08/29 11:50:46 net device setup: enabled 2025/08/29 11:50:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:50:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:50:46 USB emulation: enabled 2025/08/29 11:50:46 hci packet injection: enabled 2025/08/29 11:50:46 wifi device emulation: enabled 2025/08/29 11:50:46 802.15.4 emulation: enabled 2025/08/29 11:50:46 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:50:47 fetching corpus: 50, signal 16298/19964 (executing program) 2025/08/29 11:50:47 fetching corpus: 100, signal 30057/35120 (executing program) 2025/08/29 11:50:47 fetching corpus: 150, signal 41488/47728 (executing program) 2025/08/29 11:50:47 fetching corpus: 200, signal 46689/54225 (executing program) 2025/08/29 11:50:47 fetching corpus: 250, signal 52720/61367 (executing program) 2025/08/29 11:50:47 fetching corpus: 300, signal 57776/67533 (executing program) 2025/08/29 11:50:47 fetching corpus: 350, signal 60665/71582 (executing program) 2025/08/29 11:50:47 fetching corpus: 400, signal 64593/76501 (executing program) 2025/08/29 11:50:48 fetching corpus: 449, signal 68238/81071 (executing program) 2025/08/29 11:50:48 fetching corpus: 499, signal 70277/84121 (executing program) 2025/08/29 11:50:48 fetching corpus: 549, signal 74490/89119 (executing program) 2025/08/29 11:50:48 fetching corpus: 599, signal 77510/92926 (executing program) 2025/08/29 11:50:48 fetching corpus: 649, signal 80358/96594 (executing program) 2025/08/29 11:50:48 fetching corpus: 699, signal 83296/100229 (executing program) 2025/08/29 11:50:48 fetching corpus: 749, signal 85589/103288 (executing program) 2025/08/29 11:50:48 fetching corpus: 799, signal 86840/105381 (executing program) 2025/08/29 11:50:49 fetching corpus: 849, signal 88978/108216 (executing program) 2025/08/29 11:50:49 fetching corpus: 898, signal 91515/111282 (executing program) 2025/08/29 11:50:49 fetching corpus: 948, signal 93690/114085 (executing program) 2025/08/29 11:50:49 fetching corpus: 997, signal 95857/116798 (executing program) 2025/08/29 11:50:49 fetching corpus: 1047, signal 97053/118676 (executing program) 2025/08/29 11:50:49 fetching corpus: 1096, signal 99118/121236 (executing program) 2025/08/29 11:50:49 fetching corpus: 1146, signal 100845/123459 (executing program) 2025/08/29 11:50:49 fetching corpus: 1196, signal 102461/125583 (executing program) 2025/08/29 11:50:49 fetching corpus: 1246, signal 104162/127680 (executing program) 2025/08/29 11:50:49 fetching corpus: 1296, signal 105517/129607 (executing program) 2025/08/29 11:50:49 fetching corpus: 1346, signal 106446/131180 (executing program) 2025/08/29 11:50:50 fetching corpus: 1396, signal 107662/132931 (executing program) 2025/08/29 11:50:50 fetching corpus: 1446, signal 108618/134438 (executing program) 2025/08/29 11:50:50 fetching corpus: 1496, signal 109593/135948 (executing program) 2025/08/29 11:50:50 fetching corpus: 1546, signal 111129/137804 (executing program) 2025/08/29 11:50:50 fetching corpus: 1596, signal 112817/139765 (executing program) 2025/08/29 11:50:50 fetching corpus: 1646, signal 114184/141455 (executing program) 2025/08/29 11:50:50 fetching corpus: 1696, signal 115197/142900 (executing program) 2025/08/29 11:50:50 fetching corpus: 1746, signal 115987/144233 (executing program) 2025/08/29 11:50:50 fetching corpus: 1796, signal 117414/145912 (executing program) 2025/08/29 11:50:50 fetching corpus: 1846, signal 118224/147185 (executing program) 2025/08/29 11:50:50 fetching corpus: 1896, signal 119255/148567 (executing program) 2025/08/29 11:50:51 fetching corpus: 1946, signal 120185/149817 (executing program) 2025/08/29 11:50:51 fetching corpus: 1996, signal 121084/151058 (executing program) 2025/08/29 11:50:51 fetching corpus: 2046, signal 122053/152349 (executing program) 2025/08/29 11:50:51 fetching corpus: 2096, signal 123080/153794 (executing program) 2025/08/29 11:50:51 fetching corpus: 2146, signal 123938/154989 (executing program) 2025/08/29 11:50:51 fetching corpus: 2196, signal 124934/156292 (executing program) 2025/08/29 11:50:51 fetching corpus: 2246, signal 125433/157267 (executing program) 2025/08/29 11:50:51 fetching corpus: 2296, signal 126894/158817 (executing program) 2025/08/29 11:50:51 fetching corpus: 2346, signal 127660/159849 (executing program) 2025/08/29 11:50:51 fetching corpus: 2396, signal 128408/160919 (executing program) 2025/08/29 11:50:51 fetching corpus: 2446, signal 129336/162098 (executing program) 2025/08/29 11:50:52 fetching corpus: 2496, signal 130185/163164 (executing program) 2025/08/29 11:50:52 fetching corpus: 2546, signal 130993/164236 (executing program) 2025/08/29 11:50:52 fetching corpus: 2596, signal 131760/165243 (executing program) 2025/08/29 11:50:52 fetching corpus: 2646, signal 132539/166321 (executing program) 2025/08/29 11:50:52 fetching corpus: 2696, signal 133499/167339 (executing program) 2025/08/29 11:50:52 fetching corpus: 2746, signal 136043/168965 (executing program) 2025/08/29 11:50:52 fetching corpus: 2796, signal 136727/169904 (executing program) 2025/08/29 11:50:52 fetching corpus: 2846, signal 137406/170828 (executing program) 2025/08/29 11:50:52 fetching corpus: 2896, signal 138158/171726 (executing program) 2025/08/29 11:50:52 fetching corpus: 2946, signal 138595/172460 (executing program) 2025/08/29 11:50:52 fetching corpus: 2996, signal 139110/173190 (executing program) 2025/08/29 11:50:52 fetching corpus: 3046, signal 139708/173993 (executing program) 2025/08/29 11:50:53 fetching corpus: 3096, signal 140892/174954 (executing program) 2025/08/29 11:50:53 fetching corpus: 3146, signal 141671/175774 (executing program) 2025/08/29 11:50:53 fetching corpus: 3196, signal 142402/176610 (executing program) 2025/08/29 11:50:53 fetching corpus: 3246, signal 142926/177302 (executing program) 2025/08/29 11:50:53 fetching corpus: 3296, signal 143494/177981 (executing program) 2025/08/29 11:50:53 fetching corpus: 3346, signal 144518/178791 (executing program) 2025/08/29 11:50:53 fetching corpus: 3396, signal 145133/179465 (executing program) 2025/08/29 11:50:53 fetching corpus: 3446, signal 145666/180088 (executing program) 2025/08/29 11:50:53 fetching corpus: 3496, signal 146147/180704 (executing program) 2025/08/29 11:50:53 fetching corpus: 3546, signal 146958/181375 (executing program) 2025/08/29 11:50:53 fetching corpus: 3596, signal 147712/182014 (executing program) 2025/08/29 11:50:53 fetching corpus: 3646, signal 148416/182644 (executing program) 2025/08/29 11:50:53 fetching corpus: 3696, signal 149339/183364 (executing program) 2025/08/29 11:50:54 fetching corpus: 3746, signal 149947/183913 (executing program) 2025/08/29 11:50:54 fetching corpus: 3796, signal 150382/184441 (executing program) 2025/08/29 11:50:54 fetching corpus: 3846, signal 150818/184954 (executing program) 2025/08/29 11:50:54 fetching corpus: 3896, signal 151467/185615 (executing program) 2025/08/29 11:50:54 fetching corpus: 3946, signal 152081/186162 (executing program) 2025/08/29 11:50:54 fetching corpus: 3996, signal 152693/186697 (executing program) 2025/08/29 11:50:54 fetching corpus: 4046, signal 153729/187298 (executing program) 2025/08/29 11:50:54 fetching corpus: 4096, signal 154090/187747 (executing program) 2025/08/29 11:50:54 fetching corpus: 4146, signal 154622/188233 (executing program) 2025/08/29 11:50:55 fetching corpus: 4196, signal 155333/188766 (executing program) 2025/08/29 11:50:55 fetching corpus: 4246, signal 155859/189212 (executing program) 2025/08/29 11:50:55 fetching corpus: 4296, signal 156260/189595 (executing program) 2025/08/29 11:50:55 fetching corpus: 4346, signal 156922/190019 (executing program) 2025/08/29 11:50:55 fetching corpus: 4396, signal 157548/190473 (executing program) 2025/08/29 11:50:55 fetching corpus: 4446, signal 157817/190868 (executing program) 2025/08/29 11:50:55 fetching corpus: 4496, signal 158524/191270 (executing program) 2025/08/29 11:50:55 fetching corpus: 4546, signal 158950/191675 (executing program) 2025/08/29 11:50:55 fetching corpus: 4596, signal 159482/192078 (executing program) 2025/08/29 11:50:55 fetching corpus: 4646, signal 159890/192286 (executing program) 2025/08/29 11:50:56 fetching corpus: 4696, signal 160535/192296 (executing program) 2025/08/29 11:50:56 fetching corpus: 4746, signal 160931/192315 (executing program) 2025/08/29 11:50:56 fetching corpus: 4796, signal 161398/192327 (executing program) 2025/08/29 11:50:56 fetching corpus: 4846, signal 161830/192339 (executing program) 2025/08/29 11:50:56 fetching corpus: 4896, signal 162401/192343 (executing program) 2025/08/29 11:50:56 fetching corpus: 4946, signal 162888/192352 (executing program) 2025/08/29 11:50:56 fetching corpus: 4996, signal 163550/192355 (executing program) 2025/08/29 11:50:56 fetching corpus: 5046, signal 163965/192355 (executing program) 2025/08/29 11:50:56 fetching corpus: 5096, signal 165391/192361 (executing program) 2025/08/29 11:50:56 fetching corpus: 5146, signal 165859/192362 (executing program) 2025/08/29 11:50:56 fetching corpus: 5196, signal 166242/192365 (executing program) 2025/08/29 11:50:57 fetching corpus: 5246, signal 166631/192412 (executing program) 2025/08/29 11:50:57 fetching corpus: 5296, signal 167357/192453 (executing program) 2025/08/29 11:50:57 fetching corpus: 5346, signal 167905/192542 (executing program) 2025/08/29 11:50:57 fetching corpus: 5396, signal 168311/192564 (executing program) 2025/08/29 11:50:57 fetching corpus: 5446, signal 168658/192565 (executing program) 2025/08/29 11:50:57 fetching corpus: 5496, signal 169062/192585 (executing program) 2025/08/29 11:50:57 fetching corpus: 5546, signal 169343/192599 (executing program) 2025/08/29 11:50:57 fetching corpus: 5596, signal 169888/192602 (executing program) 2025/08/29 11:50:57 fetching corpus: 5646, signal 170302/192663 (executing program) 2025/08/29 11:50:57 fetching corpus: 5696, signal 170739/192667 (executing program) 2025/08/29 11:50:57 fetching corpus: 5746, signal 170976/192676 (executing program) 2025/08/29 11:50:57 fetching corpus: 5796, signal 171340/192730 (executing program) 2025/08/29 11:50:58 fetching corpus: 5846, signal 171693/192744 (executing program) 2025/08/29 11:50:58 fetching corpus: 5896, signal 172079/192755 (executing program) 2025/08/29 11:50:58 fetching corpus: 5946, signal 172311/192761 (executing program) 2025/08/29 11:50:58 fetching corpus: 5996, signal 172661/192765 (executing program) 2025/08/29 11:50:58 fetching corpus: 6046, signal 173031/192765 (executing program) 2025/08/29 11:50:58 fetching corpus: 6096, signal 173383/192777 (executing program) 2025/08/29 11:50:58 fetching corpus: 6146, signal 173727/192784 (executing program) 2025/08/29 11:50:58 fetching corpus: 6196, signal 174042/192786 (executing program) 2025/08/29 11:50:58 fetching corpus: 6246, signal 174732/192792 (executing program) 2025/08/29 11:50:58 fetching corpus: 6296, signal 175156/192824 (executing program) 2025/08/29 11:50:59 fetching corpus: 6346, signal 175443/192829 (executing program) 2025/08/29 11:50:59 fetching corpus: 6396, signal 175801/192839 (executing program) 2025/08/29 11:50:59 fetching corpus: 6446, signal 176078/192850 (executing program) 2025/08/29 11:50:59 fetching corpus: 6496, signal 176448/192853 (executing program) 2025/08/29 11:50:59 fetching corpus: 6546, signal 176899/192855 (executing program) 2025/08/29 11:50:59 fetching corpus: 6596, signal 177113/192874 (executing program) 2025/08/29 11:50:59 fetching corpus: 6646, signal 177385/192890 (executing program) 2025/08/29 11:50:59 fetching corpus: 6696, signal 177539/192895 (executing program) 2025/08/29 11:50:59 fetching corpus: 6746, signal 177861/192895 (executing program) 2025/08/29 11:50:59 fetching corpus: 6796, signal 178137/192906 (executing program) 2025/08/29 11:50:59 fetching corpus: 6846, signal 178533/192928 (executing program) 2025/08/29 11:51:00 fetching corpus: 6896, signal 178797/192932 (executing program) 2025/08/29 11:51:00 fetching corpus: 6946, signal 179090/192945 (executing program) 2025/08/29 11:51:00 fetching corpus: 6996, signal 179494/192949 (executing program) 2025/08/29 11:51:00 fetching corpus: 7046, signal 179797/192950 (executing program) 2025/08/29 11:51:00 fetching corpus: 7096, signal 180004/192960 (executing program) 2025/08/29 11:51:00 fetching corpus: 7146, signal 180308/192985 (executing program) 2025/08/29 11:51:00 fetching corpus: 7196, signal 180562/192996 (executing program) 2025/08/29 11:51:00 fetching corpus: 7246, signal 180836/192997 (executing program) 2025/08/29 11:51:00 fetching corpus: 7296, signal 181095/193014 (executing program) 2025/08/29 11:51:00 fetching corpus: 7346, signal 181327/193017 (executing program) 2025/08/29 11:51:01 fetching corpus: 7396, signal 181740/193028 (executing program) 2025/08/29 11:51:01 fetching corpus: 7446, signal 182119/193029 (executing program) 2025/08/29 11:51:01 fetching corpus: 7496, signal 182580/193035 (executing program) 2025/08/29 11:51:01 fetching corpus: 7546, signal 182895/193051 (executing program) 2025/08/29 11:51:01 fetching corpus: 7596, signal 183123/193064 (executing program) 2025/08/29 11:51:01 fetching corpus: 7646, signal 183372/193065 (executing program) 2025/08/29 11:51:01 fetching corpus: 7696, signal 183593/193071 (executing program) 2025/08/29 11:51:01 fetching corpus: 7746, signal 183884/193071 (executing program) 2025/08/29 11:51:01 fetching corpus: 7795, signal 184253/193080 (executing program) 2025/08/29 11:51:01 fetching corpus: 7845, signal 184476/193095 (executing program) 2025/08/29 11:51:01 fetching corpus: 7895, signal 184722/193109 (executing program) 2025/08/29 11:51:01 fetching corpus: 7945, signal 184934/193140 (executing program) 2025/08/29 11:51:01 fetching corpus: 7995, signal 185184/193148 (executing program) 2025/08/29 11:51:02 fetching corpus: 8045, signal 185470/193168 (executing program) 2025/08/29 11:51:02 fetching corpus: 8095, signal 185650/193173 (executing program) 2025/08/29 11:51:02 fetching corpus: 8145, signal 185905/193176 (executing program) 2025/08/29 11:51:02 fetching corpus: 8195, signal 186204/193197 (executing program) 2025/08/29 11:51:02 fetching corpus: 8245, signal 186480/193210 (executing program) 2025/08/29 11:51:02 fetching corpus: 8295, signal 186740/193223 (executing program) 2025/08/29 11:51:02 fetching corpus: 8345, signal 187280/193227 (executing program) 2025/08/29 11:51:02 fetching corpus: 8395, signal 187515/193229 (executing program) 2025/08/29 11:51:02 fetching corpus: 8445, signal 187769/193244 (executing program) 2025/08/29 11:51:02 fetching corpus: 8495, signal 188080/193246 (executing program) 2025/08/29 11:51:02 fetching corpus: 8545, signal 188413/193247 (executing program) 2025/08/29 11:51:02 fetching corpus: 8595, signal 188612/193266 (executing program) 2025/08/29 11:51:03 fetching corpus: 8645, signal 188946/193269 (executing program) 2025/08/29 11:51:03 fetching corpus: 8695, signal 189238/193274 (executing program) 2025/08/29 11:51:03 fetching corpus: 8745, signal 189472/193276 (executing program) 2025/08/29 11:51:03 fetching corpus: 8795, signal 189639/193284 (executing program) 2025/08/29 11:51:03 fetching corpus: 8845, signal 189882/193290 (executing program) 2025/08/29 11:51:03 fetching corpus: 8846, signal 189883/193290 (executing program) 2025/08/29 11:51:03 fetching corpus: 8846, signal 189883/193290 (executing program) 2025/08/29 11:51:06 starting 8 fuzzer processes 11:51:06 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000470008000f801", 0x17}, {0x0, 0x0, 0xa20}], 0x0, &(0x7f0000000300)=ANY=[]) io_setup(0x572, &(0x7f0000000140)=0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) io_submit(r1, 0x1, &(0x7f00000002c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x0, r2, 0x0}]) unlinkat(r2, &(0x7f0000000200)='./file0\x00', 0x200) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x80, 0x1) openat$incfs(r0, &(0x7f0000000000)='.log\x00', 0xf0, 0x0) 11:51:06 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x3e, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 11:51:06 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 11:51:06 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200000) write$binfmt_misc(r0, 0x0, 0x0) 11:51:06 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) fallocate(r0, 0x8, 0x0, 0x80000000) 11:51:06 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000980)='sched\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) 11:51:06 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000340)={"1f792c469fb61ecd15f40890", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11:51:06 executing program 4: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x20) [ 71.676015] audit: type=1400 audit(1756468266.262:7): avc: denied { execmem } for pid=272 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 72.869949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.873112] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.875286] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.880012] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.882736] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.934290] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.945373] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.947193] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.949194] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.951926] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.954051] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.955600] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.958757] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.983298] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.988254] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.006934] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.011049] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.012684] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.017957] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.019406] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.019999] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.021016] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.023648] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.024751] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.024879] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.025959] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.028411] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.030201] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.036699] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.041234] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.051030] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.056909] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.058645] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.060399] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.070744] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.072301] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.073888] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.074551] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.084891] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.086121] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.965054] Bluetooth: hci0: command tx timeout [ 75.028494] Bluetooth: hci1: command tx timeout [ 75.094475] Bluetooth: hci7: command tx timeout [ 75.095200] Bluetooth: hci2: command tx timeout [ 75.156521] Bluetooth: hci4: command tx timeout [ 75.157221] Bluetooth: hci3: command tx timeout [ 75.157927] Bluetooth: hci6: command tx timeout [ 75.158396] Bluetooth: hci5: command tx timeout [ 77.013503] Bluetooth: hci0: command tx timeout [ 77.078527] Bluetooth: hci1: command tx timeout [ 77.142456] Bluetooth: hci2: command tx timeout [ 77.142866] Bluetooth: hci7: command tx timeout [ 77.205653] Bluetooth: hci5: command tx timeout [ 77.206052] Bluetooth: hci6: command tx timeout [ 77.206408] Bluetooth: hci3: command tx timeout [ 77.206970] Bluetooth: hci4: command tx timeout [ 79.060563] Bluetooth: hci0: command tx timeout [ 79.124490] Bluetooth: hci1: command tx timeout [ 79.188509] Bluetooth: hci7: command tx timeout [ 79.188998] Bluetooth: hci2: command tx timeout [ 79.253524] Bluetooth: hci4: command tx timeout [ 79.254010] Bluetooth: hci3: command tx timeout [ 79.254495] Bluetooth: hci6: command tx timeout [ 79.254952] Bluetooth: hci5: command tx timeout [ 81.108800] Bluetooth: hci0: command tx timeout [ 81.172524] Bluetooth: hci1: command tx timeout [ 81.238490] Bluetooth: hci7: command tx timeout [ 81.239240] Bluetooth: hci2: command tx timeout [ 81.301214] Bluetooth: hci3: command tx timeout [ 81.302823] Bluetooth: hci4: command tx timeout [ 81.303592] Bluetooth: hci5: command tx timeout [ 81.304284] Bluetooth: hci6: command tx timeout [ 108.591679] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.592358] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.770612] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.771371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.145335] loop0: detected capacity change from 0 to 10 [ 109.172599] FAT-fs (loop0): Directory bread(block 10) failed [ 109.173140] FAT-fs (loop0): Directory bread(block 11) failed [ 109.193160] FAT-fs (loop0): Directory bread(block 10) failed [ 109.194186] FAT-fs (loop0): Directory bread(block 11) failed [ 109.198654] FAT-fs (loop0): Directory bread(block 10) failed [ 109.199143] FAT-fs (loop0): Directory bread(block 11) failed [ 109.203324] FAT-fs (loop0): Directory bread(block 10) failed [ 109.206254] FAT-fs (loop0): Directory bread(block 11) failed [ 109.206900] FAT-fs (loop0): Directory bread(block 10) failed [ 109.209453] FAT-fs (loop0): Directory bread(block 11) failed [ 109.312359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.313188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.464380] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.465471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.607474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.608128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.758404] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.759135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.835349] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.836434] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.906739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.907353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.924672] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.925248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.031776] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.032398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.040913] audit: type=1400 audit(1756468304.627:8): avc: denied { open } for pid=3879 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.044546] audit: type=1400 audit(1756468304.628:9): avc: denied { kernel } for pid=3879 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.062153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.062889] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.095689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.096303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.177787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.178382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.242035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.242708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.262519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.263114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.335026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.335667] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:51:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 11:51:45 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x3e, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 11:51:45 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000980)='sched\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) 11:51:45 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200000) write$binfmt_misc(r0, 0x0, 0x0) 11:51:45 executing program 4: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x20) 11:51:45 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) fallocate(r0, 0x8, 0x0, 0x80000000) 11:51:45 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 11:51:45 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 11:51:45 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x3e, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 11:51:45 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200000) write$binfmt_misc(r0, 0x0, 0x0) 11:51:45 executing program 4: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x20) 11:51:45 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) fallocate(r0, 0x8, 0x0, 0x80000000) 11:51:45 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000980)='sched\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) 11:51:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 11:51:45 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, &(0x7f0000000300)=""/173, 0xad, 0x2) pipe2(&(0x7f0000000040), 0x80000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) [ 110.741249] kmemleak: Found object by alias at 0x607f1a6396e8 [ 110.741269] CPU: 1 UID: 0 PID: 3918 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.741287] Tainted: [W]=WARN [ 110.741291] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.741298] Call Trace: [ 110.741302] [ 110.741306] dump_stack_lvl+0xca/0x120 [ 110.741331] __lookup_object+0x94/0xb0 [ 110.741347] delete_object_full+0x27/0x70 [ 110.741363] free_percpu+0x30/0x1160 [ 110.741379] ? arch_uprobe_clear_state+0x16/0x140 [ 110.741398] futex_hash_free+0x38/0xc0 [ 110.741417] mmput+0x2d3/0x390 [ 110.741436] do_exit+0x79d/0x2970 [ 110.741449] ? signal_wake_up_state+0x85/0x120 [ 110.741465] ? zap_other_threads+0x2b9/0x3a0 [ 110.741480] ? __pfx_do_exit+0x10/0x10 [ 110.741492] ? do_group_exit+0x1c3/0x2a0 [ 110.741506] ? lock_release+0xc8/0x290 [ 110.741522] do_group_exit+0xd3/0x2a0 [ 110.741537] __x64_sys_exit_group+0x3e/0x50 [ 110.741550] x64_sys_call+0x18c5/0x18d0 [ 110.741565] do_syscall_64+0xbf/0x360 [ 110.741577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.741588] RIP: 0033:0x7fe493686b19 [ 110.741597] Code: Unable to access opcode bytes at 0x7fe493686aef. [ 110.741602] RSP: 002b:00007ffd8ac06858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 110.741613] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe493686b19 [ 110.741620] RDX: 00007fe49363972b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 110.741627] RBP: 0000000000000000 R08: 0000001b2cc21224 R09: 0000000000000000 [ 110.741634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.741640] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd8ac06940 [ 110.741655] [ 110.741659] kmemleak: Object (percpu) 0x607f1a6396e0 (size 16): [ 110.741666] kmemleak: comm "syz-executor.1", pid 286, jiffies 4294777505 [ 110.741673] kmemleak: min_count = 1 [ 110.741677] kmemleak: count = 0 [ 110.741681] kmemleak: flags = 0x21 [ 110.741684] kmemleak: checksum = 0 [ 110.741688] kmemleak: backtrace: [ 110.741691] pcpu_alloc_noprof+0x87a/0x1170 [ 110.741706] mm_init+0x99b/0x1170 [ 110.741714] copy_process+0x3ab7/0x73c0 [ 110.741723] kernel_clone+0xea/0x7f0 [ 110.741733] __do_sys_clone+0xce/0x120 [ 110.741743] do_syscall_64+0xbf/0x360 [ 110.741751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.763208] Oops: general protection fault, probably for non-canonical address 0xdffffc03393ffd9f: 0000 [#1] SMP KASAN NOPTI [ 110.764111] KASAN: probably user-memory-access in range [0x00000019c9ffecf8-0x00000019c9ffecff] [ 110.764799] CPU: 1 UID: 0 PID: 3927 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.766239] Tainted: [W]=WARN [ 110.766820] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.768369] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.769122] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.772172] RSP: 0018:ffff88804836f540 EFLAGS: 00010017 [ 110.773771] RAX: 00000003393ffd9f RBX: 00000019c9ffeb0f RCX: 0000000000000002 [ 110.775241] RDX: ffff88800714b700 RSI: ffffffff818995b7 RDI: 00000019c9ffecff [ 110.776767] RBP: ffff88804836f7b0 R08: ffff88806cf31340 R09: ffffe8ffffd166e0 [ 110.777339] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.777906] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.778481] FS: 000055557dc6e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.779136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.779605] CR2: 00007f0833578018 CR3: 000000001edc9000 CR4: 0000000000350ef0 [ 110.780174] Call Trace: [ 110.780384] [ 110.780571] ? __pfx_perf_tp_event+0x10/0x10 [ 110.780933] ? lock_acquire+0x15e/0x2f0 [ 110.781255] ? __is_insn_slot_addr+0x2e/0x290 [ 110.781632] ? find_held_lock+0x2b/0x80 [ 110.781959] ? __is_insn_slot_addr+0x136/0x290 [ 110.782338] ? lock_release+0xc8/0x290 [ 110.782656] ? __is_insn_slot_addr+0x140/0x290 [ 110.783034] ? __lock_acquire+0x694/0x1b70 [ 110.783385] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.783796] perf_trace_run_bpf_submit+0xef/0x180 [ 110.784191] perf_trace_preemptirq_template+0x259/0x430 [ 110.784624] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.785099] ? find_held_lock+0x2b/0x80 [ 110.785435] ? finish_task_switch.isra.0+0x201/0x840 [ 110.785851] ? finish_task_switch.isra.0+0x206/0x840 [ 110.786267] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.786684] trace_hardirqs_on+0x26/0x40 [ 110.787011] finish_task_switch.isra.0+0x206/0x840 [ 110.787427] __schedule+0xe86/0x3590 [ 110.787741] ? __pfx___schedule+0x10/0x10 [ 110.788077] ? lock_acquire+0x15e/0x2f0 [ 110.788406] ? find_held_lock+0x2b/0x80 [ 110.788737] ? schedule+0x2c7/0x390 [ 110.789039] ? lock_release+0xc8/0x290 [ 110.789356] schedule+0xdb/0x390 [ 110.789634] futex_do_wait+0x88/0x180 [ 110.789954] __futex_wait+0x176/0x300 [ 110.790268] ? __pfx___futex_wait+0x10/0x10 [ 110.790624] ? __pfx_futex_wake_mark+0x10/0x10 [ 110.791000] ? __hrtimer_setup+0x1a4/0x2c0 [ 110.791357] ? ktime_add_safe+0x5f/0x70 [ 110.791689] futex_wait+0xde/0x380 [ 110.791979] ? __pfx_futex_wait+0x10/0x10 [ 110.792325] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 110.792693] ? lock_release+0xc8/0x290 [ 110.793013] do_futex+0x2ee/0x370 [ 110.793300] ? __pfx_do_futex+0x10/0x10 [ 110.793627] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 110.794049] ? read_tsc+0x9/0x20 [ 110.794336] __x64_sys_futex+0x1c9/0x4d0 [ 110.794671] ? __pfx___x64_sys_futex+0x10/0x10 [ 110.795044] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 110.795475] do_syscall_64+0xbf/0x360 [ 110.795785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.796204] RIP: 0033:0x7f0833464b19 [ 110.796503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.797944] RSP: 002b:00007fffb62d9c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.798543] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f0833464b19 [ 110.799107] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0833577f6c [ 110.799666] RBP: 00007f0833577f6c R08: 00007f0833554000 R09: 0000000000000000 [ 110.800232] R10: 00007fffb62d9d30 R11: 0000000000000246 R12: 000000000001b02b [ 110.800788] R13: 00000000000003e8 R14: 00007f0833577f60 R15: 000000000001b011 [ 110.801352] [ 110.801540] Modules linked in: [ 110.801802] ---[ end trace 0000000000000000 ]--- [ 110.802174] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.802551] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.803975] RSP: 0018:ffff88804836f540 EFLAGS: 00010017 [ 110.804391] RAX: 00000003393ffd9f RBX: 00000019c9ffeb0f RCX: 0000000000000002 [ 110.804953] RDX: ffff88800714b700 RSI: ffffffff818995b7 RDI: 00000019c9ffecff [ 110.805509] RBP: ffff88804836f7b0 R08: ffff88806cf31340 R09: ffffe8ffffd166e0 [ 110.806065] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.806618] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.807188] FS: 000055557dc6e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.807818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.808277] CR2: 00007f0833578018 CR3: 000000001edc9000 CR4: 0000000000350ef0 [ 110.808834] note: syz-executor.1[3927] exited with irqs disabled [ 110.809399] Oops: general protection fault, probably for non-canonical address 0xf8b27de800c5ee4b: 0000 [#2] SMP KASAN NOPTI [ 110.810271] KASAN: maybe wild-memory-access in range [0xc5940f40062f7258-0xc5940f40062f725f] [ 110.810927] CPU: 1 UID: 0 PID: 3927 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.811871] Tainted: [D]=DIE, [W]=WARN [ 110.812176] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.812814] RIP: 0010:rb_insert_color+0x95/0x7a0 [ 110.813207] Code: 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 ff 04 00 00 4c 8b 75 08 49 39 de 0f 84 6e 01 00 00 4d 85 f6 74 1c 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 0f 85 14 05 00 00 41 f6 06 01 0f 84 3d 04 00 00 48 [ 110.814623] RSP: 0018:ffff88806cf08da8 EFLAGS: 00010017 [ 110.815040] RAX: 18b281e800c5ee4b RBX: ffff88804836fcd0 RCX: ffffffff84b7c643 [ 110.815612] RDX: 1ffff1100d9e513b RSI: ffff88806cf28150 RDI: ffffffff8154bdce [ 110.816173] RBP: ffffffff8154bdc6 R08: 0000000000000000 R09: fffffbfff0c8758a [ 110.816730] R10: 0000000000000000 R11: ffff88800731a898 R12: ffff88806cf289d8 [ 110.817286] R13: dffffc0000000000 R14: c5940f40062f725e R15: ffff88804836fcd8 [ 110.817842] FS: 000055557dc6e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.818489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.818942] CR2: 00007f0833578018 CR3: 000000001edc9000 CR4: 0000000000350ef0 [ 110.819506] Call Trace: [ 110.819716] [ 110.819892] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.820267] timerqueue_add+0x1bd/0x330 [ 110.820587] __hrtimer_run_queues+0x954/0xac0 [ 110.820953] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 110.821354] ? ktime_get_update_offsets_now+0x252/0x3c0 [ 110.821783] hrtimer_interrupt+0x369/0x830 [ 110.822121] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 110.822533] sysvec_apic_timer_interrupt+0x6b/0x80 [ 110.822929] [ 110.823120] [ 110.823302] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 110.823713] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 110.824091] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 110.825499] RSP: 0018:ffff88804836ff28 EFLAGS: 00000246 [ 110.825916] RAX: 0000000000000001 RBX: ffff88800714b700 RCX: ffffffff817c2b86 [ 110.826477] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 110.827030] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 110.827587] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800714b700 [ 110.828144] R13: 0000000000000000 R14: dffffc03393ffd9f R15: 0000000000000000 [ 110.828695] ? trace_irq_enable.constprop.0+0x26/0x100 [ 110.829115] ? make_task_dead+0x214/0x3b0 [ 110.829446] ? make_task_dead+0x214/0x3b0 [ 110.829772] ? do_syscall_64+0xbf/0x360 [ 110.830085] rewind_stack_and_make_dead+0x16/0x20 [ 110.830478] RIP: 0033:0x7f0833464b19 [ 110.830775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.832199] RSP: 002b:00007fffb62d9c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.832790] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f0833464b19 [ 110.833345] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0833577f6c [ 110.833903] RBP: 00007f0833577f6c R08: 00007f0833554000 R09: 0000000000000000 [ 110.834459] R10: 00007fffb62d9d30 R11: 0000000000000246 R12: 000000000001b02b [ 110.835009] R13: 00000000000003e8 R14: 00007f0833577f60 R15: 000000000001b011 [ 110.835584] [ 110.835770] Modules linked in: [ 110.836024] ---[ end trace 0000000000000000 ]--- [ 110.836027] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 110.836392] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.837319] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 110.837680] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.838288] CPU: 0 UID: 0 PID: 66 Comm: kworker/u8:1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.839687] RSP: 0018:ffff88804836f540 EFLAGS: 00010017 [ 110.840593] Tainted: [D]=DIE, [W]=WARN [ 110.841004] RAX: 00000003393ffd9f RBX: 00000019c9ffeb0f RCX: 0000000000000002 [ 110.841308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.841855] RDX: ffff88800714b700 RSI: ffffffff818995b7 RDI: 00000019c9ffecff [ 110.842504] Workqueue: ipv6_addrconf addrconf_dad_work [ 110.843050] RBP: ffff88804836f7b0 R08: ffff88806cf31340 R09: ffffe8ffffd166e0 [ 110.843060] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.843472] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.844017] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.844580] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.844936] FS: 000055557dc6e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.845495] RSP: 0018:ffff88800bad7440 EFLAGS: 00010012 [ 110.846895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.847530] [ 110.847938] CR2: 00007f0833578018 CR3: 000000001edc9000 CR4: 0000000000350ef0 [ 110.848396] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 110.848537] Kernel panic - not syncing: Fatal exception in interrupt [ 110.850406] Kernel Offset: disabled [ 110.850690] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:51:45 Registers: info registers vcpu 0 RAX=0000000080010001 RBX=00000000002aa4fe RCX=ffffffff81623ef2 RDX=ffff8880184c1b80 RSI=00000000005549fc RDI=0000000000000006 RBP=ffff88806ce08db8 RSP=ffff88806ce08cf0 R8 =000f424000000000 R9 =ffffed100d9c11a7 R10=000000000000e5da R11=ffff88806ce08ff8 R12=00000000005549fc R13=0000000000000001 R14=000000000000e5da R15=0000000000000000 RIP=ffffffff8173e784 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2a36ec88c0 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe3bab56546 CR3=000000001f71e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=00ff00000000000000ff00000000ff00 XMM02=00ff00000000000000ff00000000ff00 XMM03=0055a597b16eec00007fff00373a3762 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=02010100ff0101000000000400000005 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000 XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804836eeb0 R8 =0000000000000000 R9 =ffffed1001757046 R10=0000000000000066 R11=6666666666662052 R12=0000000000000066 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557dc6e400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0833578018 CR3=000000001edc9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f083354b7c000007f083354b7c8 XMM02=00007f083354b7e000007f083354b7c0 XMM03=00007f083354b7c800007f083354b7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000