Warning: Permanently added '[localhost]:57116' (ECDSA) to the list of known hosts. 2025/08/29 12:13:03 fuzzer started 2025/08/29 12:13:03 dialing manager at localhost:43077 syzkaller login: [ 51.255846] cgroup: Unknown subsys name 'net' [ 51.321849] cgroup: Unknown subsys name 'cpuset' [ 51.338733] cgroup: Unknown subsys name 'rlimit' 2025/08/29 12:13:14 syscalls: 2214 2025/08/29 12:13:14 code coverage: enabled 2025/08/29 12:13:14 comparison tracing: enabled 2025/08/29 12:13:14 extra coverage: enabled 2025/08/29 12:13:14 setuid sandbox: enabled 2025/08/29 12:13:14 namespace sandbox: enabled 2025/08/29 12:13:14 Android sandbox: enabled 2025/08/29 12:13:14 fault injection: enabled 2025/08/29 12:13:14 leak checking: enabled 2025/08/29 12:13:14 net packet injection: enabled 2025/08/29 12:13:14 net device setup: enabled 2025/08/29 12:13:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 12:13:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 12:13:14 USB emulation: enabled 2025/08/29 12:13:14 hci packet injection: enabled 2025/08/29 12:13:14 wifi device emulation: enabled 2025/08/29 12:13:14 802.15.4 emulation: enabled 2025/08/29 12:13:14 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 12:13:14 fetching corpus: 49, signal 22594/26098 (executing program) 2025/08/29 12:13:14 fetching corpus: 97, signal 31016/36002 (executing program) 2025/08/29 12:13:14 fetching corpus: 147, signal 37200/43625 (executing program) 2025/08/29 12:13:14 fetching corpus: 197, signal 45030/52664 (executing program) 2025/08/29 12:13:14 fetching corpus: 247, signal 50855/59646 (executing program) 2025/08/29 12:13:14 fetching corpus: 297, signal 54495/64520 (executing program) 2025/08/29 12:13:14 fetching corpus: 347, signal 57556/68798 (executing program) 2025/08/29 12:13:14 fetching corpus: 397, signal 61104/73365 (executing program) 2025/08/29 12:13:15 fetching corpus: 447, signal 65669/78798 (executing program) 2025/08/29 12:13:15 fetching corpus: 497, signal 70378/84258 (executing program) 2025/08/29 12:13:15 fetching corpus: 547, signal 73001/87803 (executing program) 2025/08/29 12:13:15 fetching corpus: 597, signal 74756/90581 (executing program) 2025/08/29 12:13:15 fetching corpus: 647, signal 77210/93941 (executing program) 2025/08/29 12:13:15 fetching corpus: 697, signal 80467/97935 (executing program) 2025/08/29 12:13:15 fetching corpus: 747, signal 82763/100984 (executing program) 2025/08/29 12:13:15 fetching corpus: 797, signal 84596/103624 (executing program) 2025/08/29 12:13:15 fetching corpus: 847, signal 85687/105661 (executing program) 2025/08/29 12:13:15 fetching corpus: 897, signal 87589/108280 (executing program) 2025/08/29 12:13:15 fetching corpus: 947, signal 89965/111257 (executing program) 2025/08/29 12:13:15 fetching corpus: 997, signal 92288/114169 (executing program) 2025/08/29 12:13:16 fetching corpus: 1047, signal 93854/116410 (executing program) 2025/08/29 12:13:16 fetching corpus: 1097, signal 95738/118887 (executing program) 2025/08/29 12:13:16 fetching corpus: 1147, signal 96644/120594 (executing program) 2025/08/29 12:13:16 fetching corpus: 1197, signal 99956/124046 (executing program) 2025/08/29 12:13:16 fetching corpus: 1247, signal 101695/126287 (executing program) 2025/08/29 12:13:16 fetching corpus: 1296, signal 102770/128010 (executing program) 2025/08/29 12:13:16 fetching corpus: 1346, signal 105073/130599 (executing program) 2025/08/29 12:13:16 fetching corpus: 1396, signal 106584/132590 (executing program) 2025/08/29 12:13:16 fetching corpus: 1445, signal 107484/134102 (executing program) 2025/08/29 12:13:16 fetching corpus: 1495, signal 109053/136067 (executing program) 2025/08/29 12:13:17 fetching corpus: 1545, signal 110606/137931 (executing program) 2025/08/29 12:13:17 fetching corpus: 1595, signal 112010/139731 (executing program) 2025/08/29 12:13:17 fetching corpus: 1645, signal 113189/141322 (executing program) 2025/08/29 12:13:17 fetching corpus: 1695, signal 114850/143163 (executing program) 2025/08/29 12:13:17 fetching corpus: 1745, signal 116145/144801 (executing program) 2025/08/29 12:13:17 fetching corpus: 1795, signal 117233/146237 (executing program) 2025/08/29 12:13:17 fetching corpus: 1845, signal 118582/147834 (executing program) 2025/08/29 12:13:17 fetching corpus: 1895, signal 119568/149218 (executing program) 2025/08/29 12:13:17 fetching corpus: 1945, signal 120313/150412 (executing program) 2025/08/29 12:13:17 fetching corpus: 1995, signal 121646/151979 (executing program) 2025/08/29 12:13:17 fetching corpus: 2045, signal 122578/153285 (executing program) 2025/08/29 12:13:18 fetching corpus: 2095, signal 123368/154443 (executing program) 2025/08/29 12:13:18 fetching corpus: 2145, signal 124769/155965 (executing program) 2025/08/29 12:13:18 fetching corpus: 2195, signal 125573/157110 (executing program) 2025/08/29 12:13:18 fetching corpus: 2245, signal 126375/158226 (executing program) 2025/08/29 12:13:18 fetching corpus: 2295, signal 127251/159409 (executing program) 2025/08/29 12:13:18 fetching corpus: 2345, signal 128024/160479 (executing program) 2025/08/29 12:13:18 fetching corpus: 2395, signal 128760/161537 (executing program) 2025/08/29 12:13:18 fetching corpus: 2445, signal 129748/162679 (executing program) 2025/08/29 12:13:18 fetching corpus: 2495, signal 130624/163768 (executing program) 2025/08/29 12:13:18 fetching corpus: 2545, signal 131681/164942 (executing program) 2025/08/29 12:13:19 fetching corpus: 2595, signal 132577/165982 (executing program) 2025/08/29 12:13:19 fetching corpus: 2645, signal 133350/166941 (executing program) 2025/08/29 12:13:19 fetching corpus: 2695, signal 134122/167916 (executing program) 2025/08/29 12:13:19 fetching corpus: 2745, signal 135093/168971 (executing program) 2025/08/29 12:13:19 fetching corpus: 2795, signal 136044/169961 (executing program) 2025/08/29 12:13:19 fetching corpus: 2845, signal 137002/170952 (executing program) 2025/08/29 12:13:19 fetching corpus: 2895, signal 137916/171914 (executing program) 2025/08/29 12:13:19 fetching corpus: 2945, signal 138601/172771 (executing program) 2025/08/29 12:13:19 fetching corpus: 2995, signal 139208/173502 (executing program) 2025/08/29 12:13:19 fetching corpus: 3045, signal 139772/174321 (executing program) 2025/08/29 12:13:19 fetching corpus: 3095, signal 140456/175152 (executing program) 2025/08/29 12:13:20 fetching corpus: 3145, signal 140962/175877 (executing program) 2025/08/29 12:13:20 fetching corpus: 3195, signal 141603/176643 (executing program) 2025/08/29 12:13:20 fetching corpus: 3245, signal 142197/177323 (executing program) 2025/08/29 12:13:20 fetching corpus: 3295, signal 142578/177974 (executing program) 2025/08/29 12:13:20 fetching corpus: 3345, signal 143181/178653 (executing program) 2025/08/29 12:13:20 fetching corpus: 3394, signal 143862/179361 (executing program) 2025/08/29 12:13:20 fetching corpus: 3444, signal 144789/180097 (executing program) 2025/08/29 12:13:20 fetching corpus: 3494, signal 145278/180781 (executing program) 2025/08/29 12:13:20 fetching corpus: 3544, signal 146021/181456 (executing program) 2025/08/29 12:13:20 fetching corpus: 3594, signal 146490/182059 (executing program) 2025/08/29 12:13:20 fetching corpus: 3644, signal 147165/182718 (executing program) 2025/08/29 12:13:20 fetching corpus: 3694, signal 147804/183328 (executing program) 2025/08/29 12:13:21 fetching corpus: 3744, signal 148337/183892 (executing program) 2025/08/29 12:13:21 fetching corpus: 3794, signal 148962/184521 (executing program) 2025/08/29 12:13:21 fetching corpus: 3844, signal 149437/185074 (executing program) 2025/08/29 12:13:21 fetching corpus: 3894, signal 149858/185603 (executing program) 2025/08/29 12:13:21 fetching corpus: 3944, signal 150532/186162 (executing program) 2025/08/29 12:13:21 fetching corpus: 3994, signal 151029/186637 (executing program) 2025/08/29 12:13:21 fetching corpus: 4044, signal 151604/187202 (executing program) 2025/08/29 12:13:21 fetching corpus: 4094, signal 151986/187758 (executing program) 2025/08/29 12:13:21 fetching corpus: 4144, signal 152747/188228 (executing program) 2025/08/29 12:13:21 fetching corpus: 4194, signal 153206/188789 (executing program) 2025/08/29 12:13:21 fetching corpus: 4244, signal 153694/189248 (executing program) 2025/08/29 12:13:22 fetching corpus: 4294, signal 154124/189701 (executing program) 2025/08/29 12:13:22 fetching corpus: 4344, signal 154619/190183 (executing program) 2025/08/29 12:13:22 fetching corpus: 4394, signal 155207/190638 (executing program) 2025/08/29 12:13:22 fetching corpus: 4444, signal 155651/191095 (executing program) 2025/08/29 12:13:22 fetching corpus: 4494, signal 156104/191497 (executing program) 2025/08/29 12:13:22 fetching corpus: 4544, signal 156584/191934 (executing program) 2025/08/29 12:13:22 fetching corpus: 4594, signal 157151/192299 (executing program) 2025/08/29 12:13:22 fetching corpus: 4644, signal 159103/192588 (executing program) 2025/08/29 12:13:22 fetching corpus: 4694, signal 159387/192601 (executing program) 2025/08/29 12:13:22 fetching corpus: 4744, signal 159969/192656 (executing program) 2025/08/29 12:13:22 fetching corpus: 4794, signal 160332/192662 (executing program) 2025/08/29 12:13:23 fetching corpus: 4844, signal 160751/192668 (executing program) 2025/08/29 12:13:23 fetching corpus: 4894, signal 161071/192694 (executing program) 2025/08/29 12:13:23 fetching corpus: 4944, signal 161639/192698 (executing program) 2025/08/29 12:13:23 fetching corpus: 4994, signal 162224/192762 (executing program) 2025/08/29 12:13:23 fetching corpus: 5044, signal 162777/192766 (executing program) 2025/08/29 12:13:23 fetching corpus: 5094, signal 163402/192844 (executing program) 2025/08/29 12:13:23 fetching corpus: 5144, signal 163665/192859 (executing program) 2025/08/29 12:13:23 fetching corpus: 5194, signal 164029/192867 (executing program) 2025/08/29 12:13:23 fetching corpus: 5244, signal 164706/192888 (executing program) 2025/08/29 12:13:23 fetching corpus: 5294, signal 165112/192893 (executing program) 2025/08/29 12:13:24 fetching corpus: 5344, signal 165543/192896 (executing program) 2025/08/29 12:13:24 fetching corpus: 5394, signal 165843/192905 (executing program) 2025/08/29 12:13:24 fetching corpus: 5444, signal 166232/192908 (executing program) 2025/08/29 12:13:24 fetching corpus: 5494, signal 166725/192917 (executing program) 2025/08/29 12:13:24 fetching corpus: 5544, signal 167247/192928 (executing program) 2025/08/29 12:13:24 fetching corpus: 5594, signal 167810/192996 (executing program) 2025/08/29 12:13:24 fetching corpus: 5644, signal 168158/193000 (executing program) 2025/08/29 12:13:24 fetching corpus: 5694, signal 168463/193012 (executing program) 2025/08/29 12:13:24 fetching corpus: 5744, signal 168773/193016 (executing program) 2025/08/29 12:13:24 fetching corpus: 5794, signal 169162/193133 (executing program) 2025/08/29 12:13:25 fetching corpus: 5844, signal 169615/193174 (executing program) 2025/08/29 12:13:25 fetching corpus: 5894, signal 170023/193178 (executing program) 2025/08/29 12:13:25 fetching corpus: 5944, signal 170498/193196 (executing program) 2025/08/29 12:13:25 fetching corpus: 5994, signal 170837/193198 (executing program) 2025/08/29 12:13:25 fetching corpus: 6044, signal 171247/193206 (executing program) 2025/08/29 12:13:25 fetching corpus: 6094, signal 171792/193297 (executing program) 2025/08/29 12:13:25 fetching corpus: 6144, signal 172164/193300 (executing program) 2025/08/29 12:13:25 fetching corpus: 6194, signal 172507/193301 (executing program) 2025/08/29 12:13:25 fetching corpus: 6244, signal 172889/193302 (executing program) 2025/08/29 12:13:26 fetching corpus: 6294, signal 173287/193350 (executing program) 2025/08/29 12:13:26 fetching corpus: 6344, signal 173491/193368 (executing program) 2025/08/29 12:13:26 fetching corpus: 6394, signal 174038/193375 (executing program) 2025/08/29 12:13:26 fetching corpus: 6444, signal 174348/193383 (executing program) 2025/08/29 12:13:26 fetching corpus: 6494, signal 174846/193396 (executing program) 2025/08/29 12:13:26 fetching corpus: 6544, signal 175137/193406 (executing program) 2025/08/29 12:13:26 fetching corpus: 6594, signal 175634/193413 (executing program) 2025/08/29 12:13:26 fetching corpus: 6644, signal 175939/193428 (executing program) 2025/08/29 12:13:26 fetching corpus: 6694, signal 176264/193440 (executing program) 2025/08/29 12:13:26 fetching corpus: 6744, signal 176656/193489 (executing program) 2025/08/29 12:13:26 fetching corpus: 6794, signal 177030/193493 (executing program) 2025/08/29 12:13:26 fetching corpus: 6844, signal 177411/193502 (executing program) 2025/08/29 12:13:27 fetching corpus: 6894, signal 177671/193505 (executing program) 2025/08/29 12:13:27 fetching corpus: 6944, signal 177995/193505 (executing program) 2025/08/29 12:13:27 fetching corpus: 6994, signal 179200/193513 (executing program) 2025/08/29 12:13:27 fetching corpus: 7044, signal 179600/193514 (executing program) 2025/08/29 12:13:27 fetching corpus: 7094, signal 179920/193515 (executing program) 2025/08/29 12:13:27 fetching corpus: 7144, signal 180232/193564 (executing program) 2025/08/29 12:13:27 fetching corpus: 7194, signal 180563/193571 (executing program) 2025/08/29 12:13:27 fetching corpus: 7244, signal 180959/193584 (executing program) 2025/08/29 12:13:27 fetching corpus: 7294, signal 181261/193591 (executing program) 2025/08/29 12:13:27 fetching corpus: 7344, signal 181636/193604 (executing program) 2025/08/29 12:13:27 fetching corpus: 7394, signal 181968/193624 (executing program) 2025/08/29 12:13:27 fetching corpus: 7444, signal 182179/193637 (executing program) 2025/08/29 12:13:28 fetching corpus: 7494, signal 182629/193637 (executing program) 2025/08/29 12:13:28 fetching corpus: 7544, signal 183021/193645 (executing program) 2025/08/29 12:13:28 fetching corpus: 7594, signal 183322/193706 (executing program) 2025/08/29 12:13:28 fetching corpus: 7644, signal 183531/193714 (executing program) 2025/08/29 12:13:28 fetching corpus: 7694, signal 183760/193752 (executing program) 2025/08/29 12:13:28 fetching corpus: 7744, signal 184057/193759 (executing program) 2025/08/29 12:13:28 fetching corpus: 7794, signal 184289/193762 (executing program) 2025/08/29 12:13:28 fetching corpus: 7844, signal 184478/193775 (executing program) 2025/08/29 12:13:28 fetching corpus: 7894, signal 184714/193784 (executing program) 2025/08/29 12:13:28 fetching corpus: 7944, signal 184966/193784 (executing program) 2025/08/29 12:13:28 fetching corpus: 7994, signal 185286/193796 (executing program) 2025/08/29 12:13:28 fetching corpus: 8044, signal 185561/193796 (executing program) 2025/08/29 12:13:29 fetching corpus: 8094, signal 185805/193805 (executing program) 2025/08/29 12:13:29 fetching corpus: 8144, signal 186088/193821 (executing program) 2025/08/29 12:13:29 fetching corpus: 8194, signal 186697/193854 (executing program) 2025/08/29 12:13:29 fetching corpus: 8244, signal 186961/193856 (executing program) 2025/08/29 12:13:29 fetching corpus: 8294, signal 187276/193857 (executing program) 2025/08/29 12:13:29 fetching corpus: 8344, signal 187468/193876 (executing program) 2025/08/29 12:13:29 fetching corpus: 8394, signal 187672/193882 (executing program) 2025/08/29 12:13:29 fetching corpus: 8444, signal 187999/193884 (executing program) 2025/08/29 12:13:29 fetching corpus: 8494, signal 188350/193896 (executing program) 2025/08/29 12:13:29 fetching corpus: 8544, signal 188521/193910 (executing program) 2025/08/29 12:13:29 fetching corpus: 8594, signal 188718/193921 (executing program) 2025/08/29 12:13:30 fetching corpus: 8644, signal 188844/193923 (executing program) 2025/08/29 12:13:30 fetching corpus: 8694, signal 189118/193925 (executing program) 2025/08/29 12:13:30 fetching corpus: 8744, signal 189398/193943 (executing program) 2025/08/29 12:13:30 fetching corpus: 8794, signal 189579/193950 (executing program) 2025/08/29 12:13:30 fetching corpus: 8844, signal 189751/193957 (executing program) 2025/08/29 12:13:30 fetching corpus: 8894, signal 189926/193962 (executing program) 2025/08/29 12:13:30 fetching corpus: 8939, signal 190258/193966 (executing program) 2025/08/29 12:13:30 fetching corpus: 8939, signal 190258/193966 (executing program) 2025/08/29 12:13:32 starting 8 fuzzer processes 12:13:32 executing program 0: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) 12:13:32 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) lseek(r0, 0x331d, 0x1) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x81) write(r2, &(0x7f0000000900)='^', 0x1) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xfdef) fcntl$setstatus(r0, 0x4, 0x44000) sendfile(r0, r1, 0x0, 0xfdef) 12:13:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x38, 0x0, &(0x7f00000018c0)) [ 80.343270] audit: type=1400 audit(1756469612.707:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:13:32 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000140)={{0x0, 0x3, 0x0, 0x0, 0x1}, 0xed37}) 12:13:32 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 12:13:32 executing program 4: prctl$PR_SET_IO_FLUSHER(0x4a, 0x0) 12:13:32 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 12:13:32 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x1f, 0x0, &(0x7f00000000c0)) [ 81.511291] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.515690] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.517628] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.521146] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.523768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.592092] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.595764] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.597154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.602659] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.604494] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.713954] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.717393] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.719269] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.724500] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.725897] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.730355] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.732975] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.755578] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.765110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.768299] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.772545] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.775256] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.781395] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.787060] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.788763] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.840700] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.844062] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.845866] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.857754] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.860219] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.866827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.877778] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.898004] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.903904] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.906078] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.907994] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.909685] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.922225] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.939273] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.949633] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.542016] Bluetooth: hci0: command tx timeout [ 83.668519] Bluetooth: hci1: command tx timeout [ 83.796507] Bluetooth: hci2: command tx timeout [ 83.861945] Bluetooth: hci3: command tx timeout [ 83.862774] Bluetooth: hci4: command tx timeout [ 83.990523] Bluetooth: hci7: command tx timeout [ 83.990657] Bluetooth: hci6: command tx timeout [ 83.991895] Bluetooth: hci5: command tx timeout [ 85.589468] Bluetooth: hci0: command tx timeout [ 85.716522] Bluetooth: hci1: command tx timeout [ 85.845484] Bluetooth: hci2: command tx timeout [ 85.908634] Bluetooth: hci3: command tx timeout [ 85.908669] Bluetooth: hci4: command tx timeout [ 86.038564] Bluetooth: hci6: command tx timeout [ 86.038588] Bluetooth: hci5: command tx timeout [ 86.038643] Bluetooth: hci7: command tx timeout [ 87.637458] Bluetooth: hci0: command tx timeout [ 87.764626] Bluetooth: hci1: command tx timeout [ 87.892767] Bluetooth: hci2: command tx timeout [ 87.956549] Bluetooth: hci3: command tx timeout [ 87.957504] Bluetooth: hci4: command tx timeout [ 88.084513] Bluetooth: hci6: command tx timeout [ 88.085545] Bluetooth: hci7: command tx timeout [ 88.086227] Bluetooth: hci5: command tx timeout [ 89.685520] Bluetooth: hci0: command tx timeout [ 89.813482] Bluetooth: hci1: command tx timeout [ 89.941544] Bluetooth: hci2: command tx timeout [ 90.006582] Bluetooth: hci4: command tx timeout [ 90.007024] Bluetooth: hci3: command tx timeout [ 90.135543] Bluetooth: hci5: command tx timeout [ 90.135977] Bluetooth: hci7: command tx timeout [ 90.136330] Bluetooth: hci6: command tx timeout [ 121.096781] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.098185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.311042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.311744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:14:14 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "650ac59d7fd48f6fb115f9bd9fe8adbf9b6e0725db8f79217e7bbab7e87db2bfb12f6f64867713e21aaf1095236a7fe5bd0439a1f8fe215a2a012ef944793617bd809fd54e0b17ea2da7c0321d5cd9f5"}, 0xd8) 12:14:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) 12:14:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) [ 122.326994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.327722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:14:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) [ 122.378545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.379178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.514537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.515191] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:14:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) [ 122.645935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.647195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.742607] audit: type=1400 audit(1756469655.106:8): avc: denied { open } for pid=3856 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.752549] audit: type=1400 audit(1756469655.106:9): avc: denied { kernel } for pid=3856 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 12:14:15 executing program 4: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) [ 122.794688] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.795334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:14:15 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x80108906, 0x0) 12:14:15 executing program 4: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) [ 122.953867] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.954522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.073467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.074079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.078039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.078669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.215543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.216160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.247362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.248253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.362133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.362825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.385618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.386216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.445462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.446069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.481867] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.482493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:14:16 executing program 6: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 12:14:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 12:14:16 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000), 0x4) 12:14:16 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) 12:14:16 executing program 0: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) 12:14:16 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) lseek(r0, 0x331d, 0x1) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x81) write(r2, &(0x7f0000000900)='^', 0x1) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xfdef) fcntl$setstatus(r0, 0x4, 0x44000) sendfile(r0, r1, 0x0, 0xfdef) 12:14:16 executing program 4: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 12:14:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x38, 0x0, &(0x7f00000018c0)) 12:14:16 executing program 0: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) 12:14:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 12:14:16 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) 12:14:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x38, 0x0, &(0x7f00000018c0)) [ 123.856316] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 123.857271] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.857958] CPU: 1 UID: 0 PID: 3938 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.859532] Tainted: [W]=WARN [ 123.861258] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.864526] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.865683] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.867917] RSP: 0018:ffff8880470b7780 EFLAGS: 00010012 [ 123.868410] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a62a000 [ 123.869090] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.869765] RBP: ffff8880470b79f0 R08: ffff88806cf31340 R09: ffffe8ffffd076b8 [ 123.870410] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.871062] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.871724] FS: 00007f3a1f432700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.872486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.873033] CR2: 00007f3a21fd0018 CR3: 00000000440bb000 CR4: 0000000000350ef0 [ 123.873707] Call Trace: [ 123.873960] [ 123.874186] ? lock_release+0xc8/0x290 [ 123.874564] ? __pfx_perf_tp_event+0x10/0x10 [ 123.874986] ? unwind_get_return_address+0x59/0xa0 [ 123.875484] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 123.876011] ? arch_stack_walk+0x9c/0xf0 [ 123.876394] ? __lock_acquire+0x694/0x1b70 [ 123.876808] ? __lock_acquire+0x694/0x1b70 [ 123.877231] ? lock_acquire+0x15e/0x2f0 [ 123.877613] ? __is_insn_slot_addr+0x2e/0x290 [ 123.878043] ? find_held_lock+0x2b/0x80 [ 123.878444] ? __is_insn_slot_addr+0x136/0x290 [ 123.878899] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.879381] perf_trace_run_bpf_submit+0xef/0x180 [ 123.879858] perf_trace_preemptirq_template+0x259/0x430 [ 123.880380] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 123.880898] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.881450] ? __pfx___resched_curr+0x10/0x10 [ 123.881885] ? find_held_lock+0x2b/0x80 [ 123.882282] ? try_to_wake_up+0x8ae/0x11d0 [ 123.882692] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.883201] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.883706] trace_hardirqs_on+0x26/0x40 [ 123.884104] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.884583] try_to_wake_up+0x8ae/0x11d0 [ 123.884986] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.885426] ? plist_del+0x122/0x270 [ 123.885797] ? find_held_lock+0x2b/0x80 [ 123.886196] ? futex_wake+0x474/0x540 [ 123.886575] wake_up_q+0xa1/0x130 [ 123.886924] futex_wake+0x47e/0x540 [ 123.887557] ? __pfx_futex_wake+0x10/0x10 [ 123.888306] ? __lock_acquire+0x694/0x1b70 [ 123.889063] ? file_init_path+0x506/0x770 [ 123.889805] do_futex+0x26d/0x370 [ 123.890428] ? __pfx_do_futex+0x10/0x10 [ 123.891162] ? lock_release+0xc8/0x290 [ 123.891829] __x64_sys_futex+0x1c9/0x4d0 [ 123.892478] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.893416] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.894149] do_syscall_64+0xbf/0x360 [ 123.894758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.895579] RIP: 0033:0x7f3a21ebcb19 [ 123.896166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.898829] RSP: 002b:00007f3a1f432218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.899935] RAX: ffffffffffffffda RBX: 00007f3a21fcff68 RCX: 00007f3a21ebcb19 [ 123.900954] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3a21fcff6c [ 123.902008] RBP: 00007f3a21fcff60 R08: 000000000000000e R09: 0000000000000000 [ 123.903042] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f3a21fcff6c [ 123.904093] R13: 00007ffd8c674b7f R14: 00007f3a1f432300 R15: 0000000000022000 [ 123.905130] [ 123.905473] Modules linked in: [ 123.905943] ---[ end trace 0000000000000000 ]--- [ 123.906611] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.907297] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.909884] RSP: 0018:ffff8880470b7780 EFLAGS: 00010012 [ 123.910645] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a62a000 [ 123.911665] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.912676] RBP: ffff8880470b79f0 R08: ffff88806cf31340 R09: ffffe8ffffd076b8 [ 123.913686] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.914695] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.915722] FS: 00007f3a1f432700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.916862] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.917694] CR2: 00007f3a21fd0018 CR3: 00000000440bb000 CR4: 0000000000350ef0 [ 123.918713] note: syz-executor.7[3938] exited with irqs disabled [ 123.921090] note: syz-executor.7[3938] exited with preempt_count 3 12:14:16 executing program 4: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 12:14:17 executing program 6: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 12:14:17 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) 12:14:17 executing program 0: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) 12:14:17 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) lseek(r0, 0x331d, 0x1) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x81) write(r2, &(0x7f0000000900)='^', 0x1) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xfdef) fcntl$setstatus(r0, 0x4, 0x44000) sendfile(r0, r1, 0x0, 0xfdef) 12:14:17 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000), 0x4) 12:14:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000000)=0x8000, 0x4) 12:14:17 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 12:14:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x38, 0x0, &(0x7f00000018c0)) 12:14:17 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x0, 0x0) 12:14:17 executing program 6: r0 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 12:14:17 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000), 0x4) 12:14:17 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x12}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40) syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0) 12:14:17 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x0, 0x0) 12:14:17 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) pkey_alloc(0x0, 0x0) 12:14:17 executing program 7: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x13, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) [ 125.097136] kmemleak: Found object by alias at 0x607f1a62a6bc [ 125.097161] CPU: 0 UID: 0 PID: 3988 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.097190] Tainted: [D]=DIE, [W]=WARN [ 125.097196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.097205] Call Trace: [ 125.097211] [ 125.097217] dump_stack_lvl+0xca/0x120 [ 125.097249] __lookup_object+0x94/0xb0 [ 125.097272] delete_object_full+0x27/0x70 [ 125.097294] free_percpu+0x30/0x1160 [ 125.097318] ? arch_uprobe_clear_state+0x16/0x140 [ 125.097343] futex_hash_free+0x38/0xc0 [ 125.097362] mmput+0x2d3/0x390 [ 125.097388] do_exit+0x79d/0x2970 [ 125.097412] ? lock_acquire+0x18c/0x2f0 [ 125.097434] ? __pfx_do_exit+0x10/0x10 [ 125.097452] ? do_raw_spin_lock+0x123/0x260 [ 125.097474] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.097495] ? lock_release+0x1c7/0x290 [ 125.097514] do_group_exit+0xd3/0x2a0 [ 125.097534] get_signal+0x2315/0x2340 [ 125.097559] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 125.097577] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 125.097600] ? __pfx_get_signal+0x10/0x10 [ 125.097623] ? __schedule+0xe91/0x3590 [ 125.097647] arch_do_signal_or_restart+0x80/0x790 [ 125.097672] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 125.097694] ? __x64_sys_futex+0x1c9/0x4d0 [ 125.097713] ? __x64_sys_futex+0x1d2/0x4d0 [ 125.097732] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.097754] exit_to_user_mode_loop+0x8b/0x110 [ 125.097771] do_syscall_64+0x2f7/0x360 [ 125.097787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.097804] RIP: 0033:0x7f3a21ebcb19 [ 125.097816] Code: Unable to access opcode bytes at 0x7f3a21ebcaef. [ 125.097824] RSP: 002b:00007f3a1f411218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.097841] RAX: 0000000000000001 RBX: 00007f3a21fd0028 RCX: 00007f3a21ebcb19 [ 125.097851] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3a21fd002c [ 125.097862] RBP: 00007f3a21fd0020 R08: 000000000000000e R09: 0000000000000000 [ 125.097872] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f3a21fd002c [ 125.097882] R13: 00007ffd8c674b7f R14: 00007f3a1f411300 R15: 0000000000022000 [ 125.097898] [ 125.097903] kmemleak: Object (percpu) 0x607f1a62a6b8 (size 8): [ 125.097913] kmemleak: comm "syz-executor.4", pid 3983, jiffies 4294791984 [ 125.097923] kmemleak: min_count = 1 [ 125.097929] kmemleak: count = 0 [ 125.097934] kmemleak: flags = 0x21 [ 125.097940] kmemleak: checksum = 0 [ 125.097945] kmemleak: backtrace: [ 125.097950] pcpu_alloc_noprof+0x87a/0x1170 [ 125.097971] alloc_vfsmnt+0x135/0x6e0 [ 125.097990] vfs_create_mount.part.0+0x40/0x440 [ 125.098012] path_mount+0x1637/0x1dd0 [ 125.098029] __x64_sys_mount+0x27b/0x300 [ 125.098045] do_syscall_64+0xbf/0x360 [ 125.098057] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:14:17 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) lseek(r0, 0x331d, 0x1) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x81) write(r2, &(0x7f0000000900)='^', 0x1) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xfdef) fcntl$setstatus(r0, 0x4, 0x44000) sendfile(r0, r1, 0x0, 0xfdef) 12:14:17 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000), 0x4) 12:14:17 executing program 3: setuid(0xee01) prctl$PR_SET_SECUREBITS(0x1c, 0xf) 12:14:17 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/pm_trace', 0x28001, 0x0) write$snapshot(r0, &(0x7f0000000080)="9f", 0x1) 12:14:17 executing program 7: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x13, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) 12:14:17 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x0, 0x0) 12:14:17 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x5414, &(0x7f00000000c0)) 12:14:17 executing program 2: prctl$PR_SET_MM_MAP(0x4d, 0xe, &(0x7f0000000380)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0xc000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff4000/0x2000)=nil, 0x0}, 0x68) [ 125.180291] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 125.181627] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 125.182505] CPU: 0 UID: 60929 PID: 3994 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.183931] Tainted: [D]=DIE, [W]=WARN [ 125.184377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.185329] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.185891] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.187996] RSP: 0018:ffff888046d4f780 EFLAGS: 00010012 [ 125.188617] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004dfe000 [ 125.189439] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 125.190259] RBP: ffff888046d4f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc076b8 [ 125.191097] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 125.191925] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 125.192756] FS: 00007f9c5cf8e700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.193689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.194369] CR2: 00007f9c5fb2c018 CR3: 0000000043fcc000 CR4: 0000000000350ef0 [ 125.195206] Call Trace: [ 125.195514] [ 125.195788] ? __pfx_perf_tp_event+0x10/0x10 [ 125.196310] ? lock_acquire+0x18c/0x2f0 [ 125.196782] ? lock_release+0x1c7/0x290 [ 125.197251] ? lock_acquire+0x18c/0x2f0 [ 125.197718] ? lock_acquire+0x18c/0x2f0 [ 125.198185] ? lock_release+0x1c7/0x290 [ 125.198654] ? __is_insn_slot_addr+0x140/0x290 [ 125.199207] ? kernel_text_address+0x5b/0xc0 [ 125.199727] ? __kernel_text_address+0xd/0x40 [ 125.200256] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.200945] ? do_raw_spin_lock+0x123/0x260 [ 125.201455] ? lock_acquire+0x18c/0x2f0 [ 125.201920] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.202466] ? lock_acquire+0x18c/0x2f0 [ 125.202934] ? lock_release+0x1c7/0x290 [ 125.203410] ? lock_acquire+0x18c/0x2f0 [ 125.203881] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.204474] ? __is_insn_slot_addr+0x140/0x290 [ 125.205016] perf_trace_run_bpf_submit+0xef/0x180 [ 125.205604] perf_trace_preemptirq_template+0x259/0x430 [ 125.206234] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 125.206886] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.207588] ? __pfx___resched_curr+0x10/0x10 [ 125.208126] ? check_preempt_wakeup_fair+0x406/0x950 [ 125.208723] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 125.209333] trace_irq_enable.constprop.0+0xa6/0x100 [ 125.209930] trace_hardirqs_on+0x26/0x40 [ 125.210405] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 125.210980] try_to_wake_up+0x8ae/0x11d0 [ 125.211479] ? __pfx_try_to_wake_up+0x10/0x10 [ 125.212031] ? plist_del+0x122/0x270 [ 125.212495] ? __futex_unqueue+0xda/0x1c0 [ 125.212994] wake_up_q+0xa1/0x130 [ 125.213425] futex_wake+0x47e/0x540 [ 125.213860] ? __pfx_futex_wake+0x10/0x10 [ 125.214352] ? lock_acquire+0x18c/0x2f0 [ 125.214819] ? lock_release+0x1c7/0x290 [ 125.215301] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.215991] do_futex+0x26d/0x370 [ 125.216409] ? __pfx_do_futex+0x10/0x10 [ 125.216881] ? set_dumpable+0x106/0x170 [ 125.217356] ? __pfx_set_dumpable+0x10/0x10 [ 125.217858] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 125.218475] __x64_sys_futex+0x1c9/0x4d0 [ 125.218958] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.219663] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.220213] do_syscall_64+0xbf/0x360 [ 125.220661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.221269] RIP: 0033:0x7f9c5fa18b19 [ 125.221707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.223829] RSP: 002b:00007f9c5cf8e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.224694] RAX: ffffffffffffffda RBX: 00007f9c5fb2bf68 RCX: 00007f9c5fa18b19 [ 125.225539] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9c5fb2bf6c [ 125.226385] RBP: 00007f9c5fb2bf60 R08: 000000000000000e R09: 0000000000000000 [ 125.227224] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c5fb2bf6c [ 125.228049] R13: 00007ffe8fb39f1f R14: 00007f9c5cf8e300 R15: 0000000000022000 [ 125.228875] [ 125.229152] Modules linked in: [ 125.229539] ---[ end trace 0000000000000000 ]--- [ 125.230094] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.230662] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.232764] RSP: 0018:ffff8880470b7780 EFLAGS: 00010012 [ 125.233387] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a62a000 [ 125.234207] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 125.235041] RBP: ffff8880470b79f0 R08: ffff88806cf31340 R09: ffffe8ffffd076b8 [ 125.235886] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 125.236716] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 125.237583] FS: 00007f9c5cf8e700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.238506] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.239188] CR2: 00007f9c5fb2c018 CR3: 0000000043fcc000 CR4: 0000000000350ef0 [ 125.240010] note: syz-executor.3[3994] exited with irqs disabled [ 125.240803] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 125.242086] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 125.242963] CPU: 0 UID: 60929 PID: 3994 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.244381] Tainted: [D]=DIE, [W]=WARN [ 125.244824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.245787] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.246337] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.248430] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 125.248447] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 125.248459] RDX: ffff8880456f0000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 125.248471] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc076b8 [ 125.248483] R10: 0000000000000000 R11: ffff88801df14098 R12: dffffc0000000000 [ 125.248495] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 125.248509] FS: 00007f9c5cf8e700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.248526] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.248538] CR2: 00007f9c5fb2c018 CR3: 0000000043fcc000 CR4: 0000000000350ef0 [ 125.248550] Call Trace: [ 125.248556] [ 125.248566] ? __pfx_perf_tp_event+0x10/0x10 [ 125.248593] ? enqueue_task_fair+0xded/0x1e00 [ 125.248616] ? do_raw_spin_lock+0x123/0x260 [ 125.248640] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.248664] ? lock_acquire+0x18c/0x2f0 [ 125.248685] ? lock_release+0x1c7/0x290 [ 125.248705] ? do_raw_spin_unlock+0x53/0x220 [ 125.248730] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 125.248754] ? try_to_wake_up+0x128/0x11d0 [ 125.248780] ? do_raw_spin_lock+0x123/0x260 [ 125.248804] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.248830] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.248855] perf_trace_run_bpf_submit+0xef/0x180 [ 125.248882] perf_trace_preemptirq_template+0x259/0x430 [ 125.248913] ? read_tsc+0x9/0x20 [ 125.248936] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 125.248967] ? clockevents_program_event+0x135/0x360 [ 125.248992] ? tick_program_event+0xac/0x140 [ 125.249010] ? handle_softirqs+0x16e/0x770 [ 125.249039] trace_irq_enable.constprop.0+0xa6/0x100 [ 125.249057] trace_hardirqs_on+0x26/0x40 [ 125.249073] handle_softirqs+0x16e/0x770 [ 125.249103] __irq_exit_rcu+0xc4/0x100 [ 125.249130] irq_exit_rcu+0x9/0x20 [ 125.249146] sysvec_apic_timer_interrupt+0x70/0x80 [ 125.249173] [ 125.249178] [ 125.249185] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 125.249207] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 125.249232] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 125.249249] RSP: 0018:ffff888046d4ff28 EFLAGS: 00000246 [ 125.249263] RAX: 0000000000000001 RBX: ffff8880456f0000 RCX: ffffffff817c2b86 [ 125.249275] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 125.249287] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 125.249298] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880456f0000 [ 125.249310] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 125.249324] ? trace_irq_enable.constprop.0+0x26/0x100 [ 125.249343] ? make_task_dead+0x214/0x3b0 [ 125.249365] ? make_task_dead+0x214/0x3b0 [ 125.249385] ? do_syscall_64+0xbf/0x360 [ 125.249402] rewind_stack_and_make_dead+0x16/0x20 [ 125.249427] RIP: 0033:0x7f9c5fa18b19 [ 125.249440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.249457] RSP: 002b:00007f9c5cf8e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.249474] RAX: ffffffffffffffda RBX: 00007f9c5fb2bf68 RCX: 00007f9c5fa18b19 [ 125.249486] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9c5fb2bf6c [ 125.249498] RBP: 00007f9c5fb2bf60 R08: 000000000000000e R09: 0000000000000000 [ 125.249509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c5fb2bf6c [ 125.249521] R13: 00007ffe8fb39f1f R14: 00007f9c5cf8e300 R15: 0000000000022000 [ 125.249538] [ 125.249544] Modules linked in: [ 125.249555] ---[ end trace 0000000000000000 ]--- [ 125.249563] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.249587] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.249604] RSP: 0018:ffff8880470b7780 EFLAGS: 00010012 [ 125.249618] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a62a000 [ 125.249631] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 125.249642] RBP: ffff8880470b79f0 R08: ffff88806cf31340 R09: ffffe8ffffd076b8 [ 125.249655] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 125.249666] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 125.249681] FS: 00007f9c5cf8e700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.249698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.249710] CR2: 00007f9c5fb2c018 CR3: 0000000043fcc000 CR4: 0000000000350ef0 [ 125.249724] Kernel panic - not syncing: Fatal exception in interrupt [ 125.250077] Kernel Offset: disabled [ 125.300471] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:14:16 Registers: info registers vcpu 0 RAX=000000519070c368 RBX=0000000000000000 RCX=00000000000006e0 RDX=0000000000000051 RSI=ffff88806ce238c0 RDI=00000000000524e1 RBP=ffff88806ce238c0 RSP=ffff88806ce08ed8 R8 =0000000000000001 R9 =0000000000000000 R10=00000000000eb996 R11=0000000000000000 R12=00000000000524e1 R13=0000000000000000 R14=0000000000000000 R15=ffff88806ce28080 RIP=ffffffff81327f55 RFL=00000013 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555555a08400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc810a2a718 CR3=0000000043f38000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc8135bc7c000007fc8135bc7c8 XMM02=00007fc8135bc7e000007fc8135bc7c0 XMM03=00007fc8135bc7c800007fc8135bc7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880470b7050 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000065646f43 R12=0000000000000000 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400 RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3a1f432700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3a21fd0018 CR3=00000000440bb000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f3a21fa37c000007f3a21fa37c8 XMM02=00007f3a21fa37e000007f3a21fa37c0 XMM03=00007f3a21fa37c800007f3a21fa37c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000