Warning: Permanently added '[localhost]:61852' (ECDSA) to the list of known hosts. 2025/08/29 11:52:48 fuzzer started 2025/08/29 11:52:48 dialing manager at localhost:43077 syzkaller login: [ 50.453937] cgroup: Unknown subsys name 'net' [ 50.676199] cgroup: Unknown subsys name 'cpuset' [ 50.709988] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:53:00 syscalls: 2214 2025/08/29 11:53:00 code coverage: enabled 2025/08/29 11:53:00 comparison tracing: enabled 2025/08/29 11:53:00 extra coverage: enabled 2025/08/29 11:53:00 setuid sandbox: enabled 2025/08/29 11:53:00 namespace sandbox: enabled 2025/08/29 11:53:00 Android sandbox: enabled 2025/08/29 11:53:00 fault injection: enabled 2025/08/29 11:53:00 leak checking: enabled 2025/08/29 11:53:00 net packet injection: enabled 2025/08/29 11:53:00 net device setup: enabled 2025/08/29 11:53:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:53:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:53:00 USB emulation: enabled 2025/08/29 11:53:00 hci packet injection: enabled 2025/08/29 11:53:00 wifi device emulation: enabled 2025/08/29 11:53:00 802.15.4 emulation: enabled 2025/08/29 11:53:00 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:53:00 fetching corpus: 50, signal 24267/27676 (executing program) 2025/08/29 11:53:00 fetching corpus: 100, signal 33024/37894 (executing program) 2025/08/29 11:53:00 fetching corpus: 150, signal 41210/47445 (executing program) 2025/08/29 11:53:00 fetching corpus: 200, signal 50583/57886 (executing program) 2025/08/29 11:53:00 fetching corpus: 250, signal 55691/64119 (executing program) 2025/08/29 11:53:00 fetching corpus: 300, signal 60770/70216 (executing program) 2025/08/29 11:53:01 fetching corpus: 350, signal 64072/74632 (executing program) 2025/08/29 11:53:01 fetching corpus: 400, signal 67125/78684 (executing program) 2025/08/29 11:53:01 fetching corpus: 450, signal 70195/82765 (executing program) 2025/08/29 11:53:01 fetching corpus: 500, signal 73852/87290 (executing program) 2025/08/29 11:53:01 fetching corpus: 550, signal 77326/91579 (executing program) 2025/08/29 11:53:01 fetching corpus: 600, signal 81416/96305 (executing program) 2025/08/29 11:53:01 fetching corpus: 650, signal 83284/99017 (executing program) 2025/08/29 11:53:01 fetching corpus: 700, signal 86195/102642 (executing program) 2025/08/29 11:53:01 fetching corpus: 750, signal 88598/105753 (executing program) 2025/08/29 11:53:01 fetching corpus: 800, signal 91583/109303 (executing program) 2025/08/29 11:53:01 fetching corpus: 850, signal 92902/111424 (executing program) 2025/08/29 11:53:02 fetching corpus: 900, signal 94475/113727 (executing program) 2025/08/29 11:53:02 fetching corpus: 950, signal 95558/115602 (executing program) 2025/08/29 11:53:02 fetching corpus: 1000, signal 96873/117620 (executing program) 2025/08/29 11:53:02 fetching corpus: 1050, signal 98145/119589 (executing program) 2025/08/29 11:53:02 fetching corpus: 1100, signal 99178/121333 (executing program) 2025/08/29 11:53:02 fetching corpus: 1150, signal 101348/123918 (executing program) 2025/08/29 11:53:02 fetching corpus: 1200, signal 102907/125970 (executing program) 2025/08/29 11:53:02 fetching corpus: 1250, signal 104419/128009 (executing program) 2025/08/29 11:53:02 fetching corpus: 1300, signal 106202/130210 (executing program) 2025/08/29 11:53:02 fetching corpus: 1350, signal 107274/131843 (executing program) 2025/08/29 11:53:02 fetching corpus: 1400, signal 108843/133816 (executing program) 2025/08/29 11:53:02 fetching corpus: 1450, signal 109819/135312 (executing program) 2025/08/29 11:53:03 fetching corpus: 1500, signal 111077/137049 (executing program) 2025/08/29 11:53:03 fetching corpus: 1550, signal 112158/138618 (executing program) 2025/08/29 11:53:03 fetching corpus: 1600, signal 113178/140144 (executing program) 2025/08/29 11:53:03 fetching corpus: 1650, signal 114270/141640 (executing program) 2025/08/29 11:53:03 fetching corpus: 1700, signal 115392/143271 (executing program) 2025/08/29 11:53:03 fetching corpus: 1750, signal 116404/144728 (executing program) 2025/08/29 11:53:03 fetching corpus: 1800, signal 117227/146056 (executing program) 2025/08/29 11:53:03 fetching corpus: 1850, signal 118082/147433 (executing program) 2025/08/29 11:53:03 fetching corpus: 1900, signal 119673/149185 (executing program) 2025/08/29 11:53:03 fetching corpus: 1950, signal 120611/150532 (executing program) 2025/08/29 11:53:03 fetching corpus: 2000, signal 121640/151880 (executing program) 2025/08/29 11:53:04 fetching corpus: 2050, signal 122670/153216 (executing program) 2025/08/29 11:53:04 fetching corpus: 2100, signal 123660/154477 (executing program) 2025/08/29 11:53:04 fetching corpus: 2150, signal 124568/155693 (executing program) 2025/08/29 11:53:04 fetching corpus: 2200, signal 125420/156850 (executing program) 2025/08/29 11:53:04 fetching corpus: 2250, signal 126216/158072 (executing program) 2025/08/29 11:53:04 fetching corpus: 2300, signal 127388/159306 (executing program) 2025/08/29 11:53:04 fetching corpus: 2350, signal 130053/161238 (executing program) 2025/08/29 11:53:04 fetching corpus: 2400, signal 130781/162255 (executing program) 2025/08/29 11:53:04 fetching corpus: 2450, signal 131579/163323 (executing program) 2025/08/29 11:53:04 fetching corpus: 2500, signal 132468/164370 (executing program) 2025/08/29 11:53:04 fetching corpus: 2550, signal 132934/165239 (executing program) 2025/08/29 11:53:05 fetching corpus: 2600, signal 133485/166134 (executing program) 2025/08/29 11:53:05 fetching corpus: 2650, signal 134237/167066 (executing program) 2025/08/29 11:53:05 fetching corpus: 2700, signal 135522/168263 (executing program) 2025/08/29 11:53:05 fetching corpus: 2750, signal 136403/169250 (executing program) 2025/08/29 11:53:05 fetching corpus: 2800, signal 137095/170157 (executing program) 2025/08/29 11:53:05 fetching corpus: 2850, signal 137758/171056 (executing program) 2025/08/29 11:53:05 fetching corpus: 2900, signal 138348/171878 (executing program) 2025/08/29 11:53:05 fetching corpus: 2950, signal 139443/172854 (executing program) 2025/08/29 11:53:05 fetching corpus: 3000, signal 140175/173701 (executing program) 2025/08/29 11:53:06 fetching corpus: 3050, signal 140765/174441 (executing program) 2025/08/29 11:53:06 fetching corpus: 3100, signal 141315/175206 (executing program) 2025/08/29 11:53:06 fetching corpus: 3150, signal 142128/176030 (executing program) 2025/08/29 11:53:06 fetching corpus: 3200, signal 142906/176834 (executing program) 2025/08/29 11:53:06 fetching corpus: 3250, signal 143707/177645 (executing program) 2025/08/29 11:53:06 fetching corpus: 3300, signal 144639/178463 (executing program) 2025/08/29 11:53:06 fetching corpus: 3350, signal 145314/179160 (executing program) 2025/08/29 11:53:06 fetching corpus: 3400, signal 145860/179890 (executing program) 2025/08/29 11:53:06 fetching corpus: 3450, signal 146292/180464 (executing program) 2025/08/29 11:53:06 fetching corpus: 3500, signal 146965/181193 (executing program) 2025/08/29 11:53:06 fetching corpus: 3550, signal 147648/181870 (executing program) 2025/08/29 11:53:07 fetching corpus: 3600, signal 148333/182522 (executing program) 2025/08/29 11:53:07 fetching corpus: 3650, signal 149444/183250 (executing program) 2025/08/29 11:53:07 fetching corpus: 3700, signal 149870/183784 (executing program) 2025/08/29 11:53:07 fetching corpus: 3750, signal 150420/184372 (executing program) 2025/08/29 11:53:07 fetching corpus: 3800, signal 151185/184998 (executing program) 2025/08/29 11:53:07 fetching corpus: 3850, signal 151791/185559 (executing program) 2025/08/29 11:53:07 fetching corpus: 3900, signal 152207/186025 (executing program) 2025/08/29 11:53:07 fetching corpus: 3950, signal 152868/186519 (executing program) 2025/08/29 11:53:07 fetching corpus: 4000, signal 153611/187086 (executing program) 2025/08/29 11:53:08 fetching corpus: 4050, signal 153882/187520 (executing program) 2025/08/29 11:53:08 fetching corpus: 4100, signal 154600/188047 (executing program) 2025/08/29 11:53:08 fetching corpus: 4150, signal 155077/188485 (executing program) 2025/08/29 11:53:08 fetching corpus: 4200, signal 155681/188967 (executing program) 2025/08/29 11:53:08 fetching corpus: 4250, signal 156148/189405 (executing program) 2025/08/29 11:53:08 fetching corpus: 4300, signal 156852/189837 (executing program) 2025/08/29 11:53:08 fetching corpus: 4350, signal 157244/190284 (executing program) 2025/08/29 11:53:08 fetching corpus: 4400, signal 157719/190686 (executing program) 2025/08/29 11:53:08 fetching corpus: 4450, signal 158171/191096 (executing program) 2025/08/29 11:53:08 fetching corpus: 4500, signal 158733/191471 (executing program) 2025/08/29 11:53:09 fetching corpus: 4550, signal 159279/191834 (executing program) 2025/08/29 11:53:09 fetching corpus: 4600, signal 159950/192170 (executing program) 2025/08/29 11:53:09 fetching corpus: 4650, signal 160433/192347 (executing program) 2025/08/29 11:53:09 fetching corpus: 4700, signal 161817/192353 (executing program) 2025/08/29 11:53:09 fetching corpus: 4750, signal 162389/192354 (executing program) 2025/08/29 11:53:09 fetching corpus: 4800, signal 162836/192355 (executing program) 2025/08/29 11:53:09 fetching corpus: 4850, signal 163270/192404 (executing program) 2025/08/29 11:53:09 fetching corpus: 4900, signal 163964/192450 (executing program) 2025/08/29 11:53:09 fetching corpus: 4950, signal 164449/192452 (executing program) 2025/08/29 11:53:09 fetching corpus: 5000, signal 164938/192548 (executing program) 2025/08/29 11:53:09 fetching corpus: 5050, signal 165407/192562 (executing program) 2025/08/29 11:53:10 fetching corpus: 5100, signal 165818/192582 (executing program) 2025/08/29 11:53:10 fetching corpus: 5150, signal 166074/192596 (executing program) 2025/08/29 11:53:10 fetching corpus: 5200, signal 166593/192599 (executing program) 2025/08/29 11:53:10 fetching corpus: 5250, signal 167091/192659 (executing program) 2025/08/29 11:53:10 fetching corpus: 5300, signal 167542/192664 (executing program) 2025/08/29 11:53:10 fetching corpus: 5350, signal 167806/192672 (executing program) 2025/08/29 11:53:10 fetching corpus: 5400, signal 168191/192727 (executing program) 2025/08/29 11:53:10 fetching corpus: 5450, signal 168564/192750 (executing program) 2025/08/29 11:53:10 fetching corpus: 5500, signal 168919/192752 (executing program) 2025/08/29 11:53:11 fetching corpus: 5550, signal 169256/192767 (executing program) 2025/08/29 11:53:11 fetching corpus: 5600, signal 169664/192771 (executing program) 2025/08/29 11:53:11 fetching corpus: 5650, signal 170166/192771 (executing program) 2025/08/29 11:53:11 fetching corpus: 5700, signal 170516/192783 (executing program) 2025/08/29 11:53:11 fetching corpus: 5750, signal 170893/192790 (executing program) 2025/08/29 11:53:11 fetching corpus: 5800, signal 171229/192792 (executing program) 2025/08/29 11:53:11 fetching corpus: 5850, signal 171879/192798 (executing program) 2025/08/29 11:53:12 fetching corpus: 5900, signal 172367/192829 (executing program) 2025/08/29 11:53:12 fetching corpus: 5950, signal 172716/192835 (executing program) 2025/08/29 11:53:12 fetching corpus: 6000, signal 173048/192836 (executing program) 2025/08/29 11:53:12 fetching corpus: 6050, signal 173423/192856 (executing program) 2025/08/29 11:53:12 fetching corpus: 6100, signal 173809/192859 (executing program) 2025/08/29 11:53:12 fetching corpus: 6150, signal 174124/192862 (executing program) 2025/08/29 11:53:12 fetching corpus: 6200, signal 174484/192878 (executing program) 2025/08/29 11:53:12 fetching corpus: 6250, signal 174750/192893 (executing program) 2025/08/29 11:53:12 fetching corpus: 6300, signal 174954/192905 (executing program) 2025/08/29 11:53:12 fetching corpus: 6350, signal 175231/192905 (executing program) 2025/08/29 11:53:12 fetching corpus: 6400, signal 175524/192910 (executing program) 2025/08/29 11:53:13 fetching corpus: 6450, signal 176005/192938 (executing program) 2025/08/29 11:53:13 fetching corpus: 6500, signal 176287/192941 (executing program) 2025/08/29 11:53:13 fetching corpus: 6550, signal 176614/192947 (executing program) 2025/08/29 11:53:13 fetching corpus: 6600, signal 176963/192959 (executing program) 2025/08/29 11:53:13 fetching corpus: 6650, signal 177311/192960 (executing program) 2025/08/29 11:53:13 fetching corpus: 6700, signal 177533/192969 (executing program) 2025/08/29 11:53:13 fetching corpus: 6750, signal 177776/192995 (executing program) 2025/08/29 11:53:13 fetching corpus: 6800, signal 178093/193006 (executing program) 2025/08/29 11:53:13 fetching corpus: 6850, signal 178344/193007 (executing program) 2025/08/29 11:53:13 fetching corpus: 6900, signal 178667/193020 (executing program) 2025/08/29 11:53:13 fetching corpus: 6950, signal 178945/193027 (executing program) 2025/08/29 11:53:13 fetching corpus: 7000, signal 179290/193034 (executing program) 2025/08/29 11:53:14 fetching corpus: 7050, signal 179723/193040 (executing program) 2025/08/29 11:53:14 fetching corpus: 7100, signal 180231/193040 (executing program) 2025/08/29 11:53:14 fetching corpus: 7150, signal 180593/193062 (executing program) 2025/08/29 11:53:14 fetching corpus: 7200, signal 180863/193068 (executing program) 2025/08/29 11:53:14 fetching corpus: 7250, signal 181113/193076 (executing program) 2025/08/29 11:53:14 fetching corpus: 7300, signal 181348/193081 (executing program) 2025/08/29 11:53:14 fetching corpus: 7350, signal 181562/193082 (executing program) 2025/08/29 11:53:14 fetching corpus: 7400, signal 181969/193084 (executing program) 2025/08/29 11:53:14 fetching corpus: 7450, signal 182290/193094 (executing program) 2025/08/29 11:53:14 fetching corpus: 7500, signal 182543/193115 (executing program) 2025/08/29 11:53:14 fetching corpus: 7550, signal 182737/193144 (executing program) 2025/08/29 11:53:14 fetching corpus: 7600, signal 183008/193159 (executing program) 2025/08/29 11:53:14 fetching corpus: 7650, signal 183289/193162 (executing program) 2025/08/29 11:53:15 fetching corpus: 7700, signal 183506/193183 (executing program) 2025/08/29 11:53:15 fetching corpus: 7750, signal 183704/193187 (executing program) 2025/08/29 11:53:15 fetching corpus: 7800, signal 184021/193189 (executing program) 2025/08/29 11:53:15 fetching corpus: 7850, signal 184281/193209 (executing program) 2025/08/29 11:53:15 fetching corpus: 7900, signal 184572/193232 (executing program) 2025/08/29 11:53:15 fetching corpus: 7950, signal 185047/193238 (executing program) 2025/08/29 11:53:15 fetching corpus: 8000, signal 185394/193239 (executing program) 2025/08/29 11:53:15 fetching corpus: 8050, signal 185631/193254 (executing program) 2025/08/29 11:53:15 fetching corpus: 8100, signal 185884/193257 (executing program) 2025/08/29 11:53:15 fetching corpus: 8150, signal 186275/193258 (executing program) 2025/08/29 11:53:15 fetching corpus: 8200, signal 186565/193277 (executing program) 2025/08/29 11:53:16 fetching corpus: 8250, signal 186756/193280 (executing program) 2025/08/29 11:53:16 fetching corpus: 8300, signal 187177/193283 (executing program) 2025/08/29 11:53:16 fetching corpus: 8350, signal 187426/193288 (executing program) 2025/08/29 11:53:16 fetching corpus: 8400, signal 187620/193296 (executing program) 2025/08/29 11:53:16 fetching corpus: 8450, signal 187880/193299 (executing program) 2025/08/29 11:53:16 fetching corpus: 8500, signal 188102/193304 (executing program) 2025/08/29 11:53:16 fetching corpus: 8550, signal 188292/193308 (executing program) 2025/08/29 11:53:16 fetching corpus: 8600, signal 188593/193319 (executing program) 2025/08/29 11:53:16 fetching corpus: 8650, signal 188897/193326 (executing program) 2025/08/29 11:53:16 fetching corpus: 8700, signal 189154/193337 (executing program) 2025/08/29 11:53:16 fetching corpus: 8750, signal 189405/193338 (executing program) 2025/08/29 11:53:16 fetching corpus: 8800, signal 189631/193349 (executing program) 2025/08/29 11:53:17 fetching corpus: 8850, signal 189902/193349 (executing program) 2025/08/29 11:53:17 fetching corpus: 8855, signal 189930/193349 (executing program) 2025/08/29 11:53:17 fetching corpus: 8855, signal 189930/193349 (executing program) 2025/08/29 11:53:19 starting 8 fuzzer processes 11:53:19 executing program 0: semop(0x0, &(0x7f0000000280)=[{0x0, 0x5}, {0x0, 0x4}], 0x2) 11:53:19 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = epoll_create(0x6) r2 = epoll_create(0x6) r3 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000180)={0x20000011}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000180)={0x20000000}) dup2(r0, r1) socket$inet(0x2, 0x4, 0x0) 11:53:19 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00') pread64(r0, &(0x7f0000000140)=""/199, 0xc7, 0x0) 11:53:19 executing program 7: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x161c03, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000080)) 11:53:19 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) 11:53:19 executing program 5: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000000), 0x0) 11:53:19 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000000)=""/192) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x4b67, &(0x7f00000000c0)) 11:53:19 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 81.104559] audit: type=1400 audit(1756468399.730:7): avc: denied { execmem } for pid=271 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 82.345891] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.348368] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.350274] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.353648] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.357369] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.425261] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.433032] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.435602] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.437527] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.442166] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.443749] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.447040] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.450612] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.458050] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.468515] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.473121] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.473232] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 82.476946] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.479293] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 82.482786] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 82.484692] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.494588] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.497246] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 82.499395] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.502198] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.506899] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.509884] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.520737] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 82.523103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.524303] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.529938] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 82.530775] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.542025] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 82.549518] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 82.554298] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 82.558086] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 82.560936] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 82.562849] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.568596] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 82.582634] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 84.377008] Bluetooth: hci0: command tx timeout [ 84.504642] Bluetooth: hci3: command tx timeout [ 84.568528] Bluetooth: hci4: command tx timeout [ 84.632518] Bluetooth: hci5: command tx timeout [ 84.632612] Bluetooth: hci6: command tx timeout [ 84.633069] Bluetooth: hci7: command tx timeout [ 84.634162] Bluetooth: hci2: command tx timeout [ 84.634673] Bluetooth: hci1: command tx timeout [ 86.427433] Bluetooth: hci0: command tx timeout [ 86.552983] Bluetooth: hci3: command tx timeout [ 86.617498] Bluetooth: hci4: command tx timeout [ 86.681879] Bluetooth: hci6: command tx timeout [ 86.682100] Bluetooth: hci1: command tx timeout [ 86.682339] Bluetooth: hci7: command tx timeout [ 86.682887] Bluetooth: hci5: command tx timeout [ 86.683268] Bluetooth: hci2: command tx timeout [ 88.473061] Bluetooth: hci0: command tx timeout [ 88.601468] Bluetooth: hci3: command tx timeout [ 88.665581] Bluetooth: hci4: command tx timeout [ 88.728496] Bluetooth: hci1: command tx timeout [ 88.728958] Bluetooth: hci5: command tx timeout [ 88.729337] Bluetooth: hci7: command tx timeout [ 88.730422] Bluetooth: hci6: command tx timeout [ 88.730582] Bluetooth: hci2: command tx timeout [ 90.522471] Bluetooth: hci0: command tx timeout [ 90.648602] Bluetooth: hci3: command tx timeout [ 90.713609] Bluetooth: hci4: command tx timeout [ 90.776552] Bluetooth: hci6: command tx timeout [ 90.777326] Bluetooth: hci7: command tx timeout [ 90.778211] Bluetooth: hci2: command tx timeout [ 90.778244] Bluetooth: hci5: command tx timeout [ 90.779523] Bluetooth: hci1: command tx timeout [ 118.375629] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.376305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.537616] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.538177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.626859] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.627554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.758964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.759796] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.844859] audit: type=1400 audit(1756468437.471:8): avc: denied { open } for pid=3852 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.845440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.847018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.851339] audit: type=1400 audit(1756468437.471:9): avc: denied { kernel } for pid=3852 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.910314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.910970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:53:57 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) [ 119.030918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.031551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:53:57 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) [ 119.088962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.089911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:53:57 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$rfkill(r0, &(0x7f0000000240), 0x80000) [ 119.164173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.165030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:53:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000000)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000000c0)="1510de80e75b", 0x0, 0x0, 0x0, 0x0, 0x0}) 11:53:57 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2000000) write$binfmt_aout(r0, &(0x7f0000000d40)={{}, "23826f37e58dd2774c9cbd2242364ae70c0a1842fc9ab1558b05c40339724960ea2f7e02cf8a66e2ab99138f670f5ba50769037f179705a9b42137edc8d54c639f5604e74becee51345d6314f5b22926babb7b13de60a4937e09ed0621ee1bb6b6e0cfddcfb334bf08bebab47eddaccdbff3db9fc0a070608df7f6d4048013f3cb916935ba8e31b270c8c36c35ead6b8297003c8a79850987797921994c7b0908c52458c6494088dba58cf405388a361d6dcda2e37e062db16b0b491dac4888defbc213bf795540f6dff9d577c5587e9dc6f2345176a9dd9e3a22a099bc9b2689e685ed4460da4636389f3879d413b7e58867622cb57c985e9cde1a3f24fa88c630ca2cc841a0aa6e61edce9a2d9cfb73eabf9bf916d50c5b45885cad5745a4df3d624f30a4faa2cb23352e212f0f982a3931623f926db9cee87d9a89ec5521a9a5b3156d536170799687ce82811ff7125e733624e68e1525e58bc767120c3e830b71ee573c25ae583222d4c9dd728916576dcc2cc822d7833e4dab0456b24c00d491a285316aac068fbed6a5515b0c6a3a845a3d3e9df0a4cd340c978e370371c40ccb0b09c1a5885437262d08ff1b7408e54108a02ec3b9151f025acef21838e45c34a860b005e214f3ab5eacd86599afccd4c6711de94457f9699763da44c17af6bced349cef70a2f379b9aab98290e29cb359b3e595f21e3a6fbe3d7bd3bb706c9a7002dc0ccc9f985289fce85a61ea7a1f1ae014def5ec8c5eb5f97ac89a853f88b4635da1277af91a0b4d6b7fe5835feaaa02964bb1c6f7dc1b5e96f3061e1c7dc2b3db4cff09b4ea42785387feb16041a84ab1d0d6ab4ab9390ff0e23f4941f18f021df2def1c7bfeadbc08d0f349fa1b7f2417e5eb482667bfe73813c1e379ac4c3264d911477342c0a0112b2a11c931bf59c05fe19fe8b63fa278501ca7909090c13a1368afe7357ba20a2af29753aa10542f986173499351ec45a7970f6b24c3bec2f5fa4c066e0359bce0776ae483ebf76c8d5517233f36fec152ea033188db99c34f5d08eccc844df6cdbd1a77136624e2468e9d48cb634b3b257b53b62fc9a3cb13b7f123f98487399317923401876208d67c7d8b60ec285b74633fe398870311bbeefb204240e78188f8cc980ff5e40fbeb5a2b92c6a663e5567b70945b8458dc74510f61b03f168c8b7d7039234f5c39e9cd13e40f4d0119c8c8de288348e51042b469d4e6d60b64dceed54b18640e6948674e651730709fba6173d056a2a51ca183e2a3857b96adca7d70672d227cf5260eaf0110812bbac865b679e68d7615ac75d8811c83f139d37500adef87113996c242659553f8a3be2107dc76c6b3ab3ba8fbfe76b7a7dab1e74d138a6f136f5d9d5fc4bd92719ca2a9292389995b7d48943827855e6c464fb30a70471baa310229dd264aff485130d89ca27af807c67890000195b54027cb3cf634032b6de5c65a817d0e8a50bc8d8dadcbb0d88c12926b733752e7382f570318b4aaa6698573b85959780e5339838649b6c59c4db1aedec3d54d803904d7e32eca48311a4aeaaec0cd9f2c02c1fce817e04bff4c18c9722fade0f79772f442e7f918a827eafcdf132fde61ae95fa0c7799ae661535d4417149b272a066230a5c2dd2ecfe66e399600e022c7e9cbbd6eb332b087f7bfeeae8f17964092a6c28a75eb4986e4cc0e73f11910d76208325768faffd89f02b6e722d3155d0f7d85dd2bfcec845025fbe0f67ecea38e3e8f97201e6a0aca473c4c17bceceb5344dbf3c3529259f4987471f9c21acd36e10b8bc137c6acce0bbf09d24d06ba1f77aa6134db7bde18dedbd3945105a1fc9a8c1ef327fef4abd9a86b171a2aa5868332bd5dc8b27915164149f76973efc56df9a2b966e46eb5f560275119e576b3f1b3af7701903b0a6ab736b8a09f14280ba03462b6474e255ba0cee590612c5344b203820666c8cb3e0a2382e7066aeeda6f27c707959b3d6dabee3373e567a3e22c39d66f7ef51f08fffe447f02667f6d1939eb7a22bb972b7e2fb103d28a8fa1a2c101e727732593912cef84e8a7dc1f34a513aa7a9a8a1012acc25e79c72431f68708ee3be66d25769c3895db1f59b695c2e296263e4f696426194d3738803516960af346395d2b322c5d1fcfa797da9f43912c2af3b4bcf5fc83c2012e6b6e311569baa8d9453a30e563288d91f502882829a146b592d36d9aba00cc834d1a0f5e57991835e984aea5b7f1424470b015c5f6f75d694d9e59c3c24c503853c09da0a62b21887ed892328c010e6a8ac17a7ed626820ca3946bb74f13f5a290dcdb0474946c26ab8b04b79fce356cf42c1f8fbf8f8e28f1f1f63e99b05a88605e0cfa71716e2df379f24085b3591900db47c7a530335a0f0df43d521c8292b3fe9f05de6e8cc66a42178a09a4c3feaa5e2221c5c0dce900bdb68b0afefe60d7204db4369d2df94a580145a9a8796227c5f8", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x1001) close(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000) 11:53:57 executing program 3: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) [ 119.284242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.285085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.318379] audit: type=1400 audit(1756468437.944:10): avc: denied { write } for pid=3886 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.374955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.375854] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.412866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.413490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.429747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.430335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.486079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.486092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.548193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.548826] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.607966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.608649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.721737] audit: type=1400 audit(1756468438.348:11): avc: denied { block_suspend } for pid=3904 comm="syz-executor.2" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 11:53:59 executing program 0: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) 11:53:59 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x40, @none, 0x0, 0x1}, 0xe) 11:53:59 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, &(0x7f0000000000)) 11:53:59 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000000)={@remote}, 0x14) 11:53:59 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='security.selinux\x00', &(0x7f00000001c0)='\x00', 0x700, 0x0) 11:53:59 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080), 0x4) 11:53:59 executing program 5: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000000), 0x0) 11:53:59 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) accept(r0, 0x0, 0x0) close(0xffffffffffffffff) clone3(0x0, 0x0) [ 120.631072] SELinux: Context is not valid (left unmapped). [ 120.635256] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:53:59 executing program 0: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) 11:53:59 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:53:59 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001d00)) r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) ftruncate(r0, 0x0) 11:53:59 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@dev}, {@in6=@remote, 0x0, 0x33}, @in=@multicast1, {}, {}, {}, 0x70bd25}}}, 0xf8}}, 0x0) 11:54:00 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, &(0x7f0000000000)) 11:54:00 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x0) 11:54:00 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x28, r3, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x28}}, 0x0) 11:54:00 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer'}}}]}) 11:54:00 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setresuid(0xee01, 0xee00, 0x0) setfsuid(0x0) stat(0x0, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) 11:54:00 executing program 0: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) 11:54:00 executing program 5: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000000), 0x0) 11:54:00 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, 0x4) 11:54:00 executing program 0: mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3) 11:54:00 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, &(0x7f0000000000)) [ 121.607294] tmpfs: Bad value for 'mpol' [ 121.624674] tmpfs: Bad value for 'mpol' [ 121.650950] kmemleak: Found object by alias at 0x607f1a638aec [ 121.650966] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.650983] Tainted: [W]=WARN [ 121.650987] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.650994] Call Trace: [ 121.650998] [ 121.651003] dump_stack_lvl+0xca/0x120 [ 121.651026] __lookup_object+0x94/0xb0 [ 121.651042] delete_object_full+0x27/0x70 [ 121.651058] free_percpu+0x30/0x1160 [ 121.651074] ? arch_uprobe_clear_state+0x16/0x140 [ 121.651093] futex_hash_free+0x38/0xc0 [ 121.651108] mmput+0x2d3/0x390 [ 121.651134] do_exit+0x79d/0x2970 [ 121.651147] ? lock_release+0xc8/0x290 [ 121.651163] ? __pfx_do_exit+0x10/0x10 [ 121.651177] ? find_held_lock+0x2b/0x80 [ 121.651194] ? get_signal+0x835/0x2340 [ 121.651213] do_group_exit+0xd3/0x2a0 [ 121.651228] get_signal+0x2315/0x2340 [ 121.651247] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 121.651264] ? __pfx_get_signal+0x10/0x10 [ 121.651279] ? do_futex+0x135/0x370 [ 121.651293] ? __pfx_do_futex+0x10/0x10 [ 121.651307] arch_do_signal_or_restart+0x80/0x790 [ 121.651325] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 121.651341] ? __x64_sys_futex+0x1c9/0x4d0 [ 121.651353] ? __x64_sys_futex+0x1d2/0x4d0 [ 121.651366] ? fput_close_sync+0x114/0x240 [ 121.651382] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.651397] ? __pfx_fput_close_sync+0x10/0x10 [ 121.651412] ? dnotify_flush+0x79/0x4c0 [ 121.651428] exit_to_user_mode_loop+0x8b/0x110 [ 121.651440] do_syscall_64+0x2f7/0x360 [ 121.651452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.651464] RIP: 0033:0x7f52b8348b19 [ 121.651473] Code: Unable to access opcode bytes at 0x7f52b8348aef. [ 121.651478] RSP: 002b:00007f52b589d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.651489] RAX: fffffffffffffe00 RBX: 00007f52b845c028 RCX: 00007f52b8348b19 [ 121.651496] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f52b845c028 [ 121.651503] RBP: 00007f52b845c020 R08: 0000000000000000 R09: 0000000000000000 [ 121.651510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52b845c02c [ 121.651516] R13: 00007ffc8197d1ff R14: 00007f52b589d300 R15: 0000000000022000 [ 121.651532] [ 121.651535] kmemleak: Object (percpu) 0x607f1a638ae8 (size 8): [ 121.651542] kmemleak: comm "syz-executor.2", pid 3967, jiffies 4294788250 [ 121.651549] kmemleak: min_count = 1 [ 121.651552] kmemleak: count = 0 [ 121.651556] kmemleak: flags = 0x21 [ 121.651560] kmemleak: checksum = 0 [ 121.651563] kmemleak: backtrace: [ 121.651567] pcpu_alloc_noprof+0x87a/0x1170 [ 121.651581] perf_trace_event_init+0x366/0xa10 [ 121.651595] perf_trace_init+0x1a4/0x2f0 [ 121.651606] perf_tp_event_init+0xa6/0x120 [ 121.651621] perf_try_init_event+0x140/0x9f0 [ 121.651634] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.651649] __do_sys_perf_event_open+0x719/0x2c20 [ 121.651661] do_syscall_64+0xbf/0x360 [ 121.651670] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:54:00 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, 0x4) 11:54:00 executing program 6: prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) epoll_create(0x6) 11:54:00 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, &(0x7f0000000000)) 11:54:00 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x28, r3, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x28}}, 0x0) 11:54:00 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setresuid(0xee01, 0xee00, 0x0) setfsuid(0x0) stat(0x0, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) 11:54:00 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, 0x4) 11:54:00 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x28, r3, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x28}}, 0x0) 11:54:00 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x0) 11:54:00 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 11:54:00 executing program 3: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00') linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x1000) 11:54:00 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 11:54:00 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$FIBMAP(r0, 0x401870c8, 0x0) 11:54:01 executing program 5: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000000), 0x0) 11:54:01 executing program 6: syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd607437d700032c00fe8000"/35, @ANYRES32=0x41424344], 0x0) 11:54:01 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setresuid(0xee01, 0xee00, 0x0) setfsuid(0x0) stat(0x0, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) 11:54:01 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 11:54:01 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, 0x4) 11:54:01 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x0) 11:54:01 executing program 3: r0 = msgget$private(0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) 11:54:01 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x28, r3, 0x1, 0x0, 0x0, {{0x39}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x28}}, 0x0) 11:54:01 executing program 6: syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd607437d700032c00fe8000"/35, @ANYRES32=0x41424344], 0x0) 11:54:01 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x0) 11:54:01 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) acct(0x0) 11:54:01 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xa) sendfile(r1, r0, 0x0, 0x80000) 11:54:01 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 11:54:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448cc, &(0x7f0000000280)={0x0, 0x0, "d017e9"}) 11:54:01 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setresuid(0xee01, 0xee00, 0x0) setfsuid(0x0) stat(0x0, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) 11:54:01 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) acct(0x0) [ 122.713338] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 122.714240] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.714820] CPU: 1 UID: 0 PID: 4028 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.715990] Tainted: [W]=WARN [ 122.716649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.718277] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.719192] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.722906] RSP: 0018:ffff888048117780 EFLAGS: 00010012 [ 122.723890] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900009f2000 [ 122.724434] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.724974] RBP: ffff8880481179f0 R08: ffff88806cf31340 R09: ffffe8ffffd16148 [ 122.725517] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.726058] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.726600] FS: 00007f5b1c3ed700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.727217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.727660] CR2: 00007f5b1ef8b018 CR3: 000000000dc38000 CR4: 0000000000350ef0 [ 122.728199] Call Trace: [ 122.728401] [ 122.728579] ? __pfx_perf_tp_event+0x10/0x10 [ 122.728926] ? lock_acquire+0x15e/0x2f0 [ 122.729235] ? __is_insn_slot_addr+0x2e/0x290 [ 122.729589] ? find_held_lock+0x2b/0x80 [ 122.729901] ? __is_insn_slot_addr+0x136/0x290 [ 122.730263] ? lock_release+0xc8/0x290 [ 122.730567] ? __lock_acquire+0x694/0x1b70 [ 122.730897] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.731288] ? find_held_lock+0x2b/0x80 [ 122.731603] perf_trace_run_bpf_submit+0xef/0x180 [ 122.731979] perf_trace_preemptirq_template+0x259/0x430 [ 122.732395] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.732850] ? __pfx___smp_call_single_queue+0x10/0x10 [ 122.733258] ? find_held_lock+0x2b/0x80 [ 122.733572] ? try_to_wake_up+0x8ae/0x11d0 [ 122.733904] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.734302] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.734693] trace_hardirqs_on+0x26/0x40 [ 122.735004] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.735389] try_to_wake_up+0x8ae/0x11d0 [ 122.735708] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.736061] ? plist_del+0x122/0x270 [ 122.736354] ? find_held_lock+0x2b/0x80 [ 122.736666] ? futex_wake+0x474/0x540 [ 122.736966] wake_up_q+0xa1/0x130 [ 122.737248] futex_wake+0x47e/0x540 [ 122.737536] ? __pfx_futex_wake+0x10/0x10 [ 122.737861] ? kmem_cache_free+0x2a1/0x540 [ 122.738191] ? fd_install+0x1d8/0x660 [ 122.738486] ? putname.part.0+0x11b/0x160 [ 122.738812] do_futex+0x26d/0x370 [ 122.739085] ? __pfx_do_futex+0x10/0x10 [ 122.739402] __x64_sys_futex+0x1c9/0x4d0 [ 122.739719] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.740172] ? __x64_sys_openat+0x142/0x200 [ 122.740509] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.740866] do_syscall_64+0xbf/0x360 [ 122.741167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.741561] RIP: 0033:0x7f5b1ee77b19 [ 122.741847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.743236] RSP: 002b:00007f5b1c3ed218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.743814] RAX: ffffffffffffffda RBX: 00007f5b1ef8af68 RCX: 00007f5b1ee77b19 [ 122.744358] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5b1ef8af6c [ 122.744902] RBP: 00007f5b1ef8af60 R08: 000000000000000e R09: 0000000000000000 [ 122.745442] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f5b1ef8af6c [ 122.745984] R13: 00007ffc3229616f R14: 00007f5b1c3ed300 R15: 0000000000022000 [ 122.746528] [ 122.746712] Modules linked in: [ 122.746964] ---[ end trace 0000000000000000 ]--- [ 122.747333] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.747696] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.749075] RSP: 0018:ffff888048117780 EFLAGS: 00010012 [ 122.749481] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900009f2000 [ 122.750021] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.750562] RBP: ffff8880481179f0 R08: ffff88806cf31340 R09: ffffe8ffffd16148 [ 122.751100] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.751646] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.752185] FS: 00007f5b1c3ed700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.752795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.753240] CR2: 00007f5b1ef8b018 CR3: 000000000dc38000 CR4: 0000000000350ef0 [ 122.753781] note: syz-executor.0[4028] exited with irqs disabled [ 122.754286] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 122.755139] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.755717] CPU: 1 UID: 0 PID: 4028 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.756627] Tainted: [D]=DIE, [W]=WARN [ 122.756924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.757545] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.757910] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.759290] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 122.759711] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 122.760269] RDX: ffff888016e45280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.760813] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16148 [ 122.761353] R10: 0000000000000000 R11: ffff88801e7d9898 R12: dffffc0000000000 [ 122.761896] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 122.762447] FS: 00007f5b1c3ed700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.763065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.763516] CR2: 00007f5b1ef8b018 CR3: 000000000dc38000 CR4: 0000000000350ef0 [ 122.764061] Call Trace: [ 122.764264] [ 122.764436] ? __pfx_perf_tp_event+0x10/0x10 [ 122.764782] ? trace_pelt_se_tp+0xdf/0x130 [ 122.765110] ? place_entity+0x300/0x410 [ 122.765420] ? lock_acquire+0x18c/0x2f0 [ 122.765730] ? update_cfs_group+0x11d/0x260 [ 122.766062] ? lock_release+0x1c7/0x290 [ 122.766377] ? run_posix_cpu_timers+0x160/0x7d0 [ 122.766739] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 122.767123] ? sched_balance_trigger+0x1ac/0xcb0 [ 122.767499] ? sched_tick+0x27c/0x6c0 [ 122.767802] ? do_raw_spin_lock+0x123/0x260 [ 122.768137] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.768501] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.768887] perf_trace_run_bpf_submit+0xef/0x180 [ 122.769265] perf_trace_preemptirq_template+0x259/0x430 [ 122.769679] ? read_tsc+0x9/0x20 [ 122.769949] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.770540] ? clockevents_program_event+0x135/0x360 [ 122.770947] ? tick_program_event+0xac/0x140 [ 122.771315] ? handle_softirqs+0x16e/0x770 [ 122.771666] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.772076] trace_hardirqs_on+0x26/0x40 [ 122.772407] handle_softirqs+0x16e/0x770 [ 122.772741] __irq_exit_rcu+0xc4/0x100 [ 122.773061] irq_exit_rcu+0x9/0x20 [ 122.773351] sysvec_apic_timer_interrupt+0x70/0x80 [ 122.773753] [ 122.773940] [ 122.774125] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 122.774544] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 122.774925] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 122.776383] RSP: 0018:ffff888048117f28 EFLAGS: 00000246 [ 122.776806] RAX: 0000000000000001 RBX: ffff888016e45280 RCX: ffffffff817c2b86 [ 122.777483] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 122.778029] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 122.778571] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016e45280 [ 122.779109] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 122.779663] ? trace_irq_enable.constprop.0+0x26/0x100 [ 122.780065] ? make_task_dead+0x214/0x3b0 [ 122.780391] ? make_task_dead+0x214/0x3b0 [ 122.780713] ? do_syscall_64+0xbf/0x360 [ 122.781020] rewind_stack_and_make_dead+0x16/0x20 [ 122.781400] RIP: 0033:0x7f5b1ee77b19 [ 122.781687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.783068] RSP: 002b:00007f5b1c3ed218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.783650] RAX: ffffffffffffffda RBX: 00007f5b1ef8af68 RCX: 00007f5b1ee77b19 [ 122.784190] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5b1ef8af6c [ 122.784730] RBP: 00007f5b1ef8af60 R08: 000000000000000e R09: 0000000000000000 [ 122.785272] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f5b1ef8af6c [ 122.785814] R13: 00007ffc3229616f R14: 00007f5b1c3ed300 R15: 0000000000022000 [ 122.786358] [ 122.786542] Modules linked in: [ 122.786792] ---[ end trace 0000000000000000 ]--- [ 122.787156] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.787529] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.788952] RSP: 0018:ffff888048117780 EFLAGS: 00010012 [ 122.789373] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900009f2000 [ 122.789936] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.790494] RBP: ffff8880481179f0 R08: ffff88806cf31340 R09: ffffe8ffffd16148 [ 122.791053] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.791620] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.792187] FS: 00007f5b1c3ed700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.792824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.793286] CR2: 00007f5b1ef8b018 CR3: 000000000dc38000 CR4: 0000000000350ef0 [ 122.793846] Kernel panic - not syncing: Fatal exception in interrupt [ 122.794446] Kernel Offset: disabled [ 122.794734] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:54:01 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff88804852d280 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804854f8d0 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8173e788 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557e57a400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5b1ef870a0 CR3=000000000dc38000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f5b1ef5e7c000007f5b1ef5e7c8 XMM02=00007f5b1ef5e7e000007f5b1ef5e7c0 XMM03=00007f5b1ef5e7c800007f5b1ef5e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880481170f0 R8 =0000000000000000 R9 =ffffed100180b046 R10=0000000000000032 R11=313030203a505352 R12=0000000000000032 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f5b1c3ed700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5b1ef8b018 CR3=000000000dc38000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f5b1ef5e7c000007f5b1ef5e7c8 XMM02=00007f5b1ef5e7e000007f5b1ef5e7c0 XMM03=00007f5b1ef5e7c800007f5b1ef5e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000