Warning: Permanently added '[localhost]:50010' (ECDSA) to the list of known hosts. 2025/08/29 12:19:41 fuzzer started 2025/08/29 12:19:41 dialing manager at localhost:43077 syzkaller login: [ 51.040875] cgroup: Unknown subsys name 'net' [ 51.117778] cgroup: Unknown subsys name 'cpuset' [ 51.131564] cgroup: Unknown subsys name 'rlimit' 2025/08/29 12:19:53 syscalls: 2214 2025/08/29 12:19:53 code coverage: enabled 2025/08/29 12:19:53 comparison tracing: enabled 2025/08/29 12:19:53 extra coverage: enabled 2025/08/29 12:19:53 setuid sandbox: enabled 2025/08/29 12:19:53 namespace sandbox: enabled 2025/08/29 12:19:53 Android sandbox: enabled 2025/08/29 12:19:53 fault injection: enabled 2025/08/29 12:19:53 leak checking: enabled 2025/08/29 12:19:53 net packet injection: enabled 2025/08/29 12:19:53 net device setup: enabled 2025/08/29 12:19:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 12:19:53 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 12:19:53 USB emulation: enabled 2025/08/29 12:19:53 hci packet injection: enabled 2025/08/29 12:19:53 wifi device emulation: enabled 2025/08/29 12:19:53 802.15.4 emulation: enabled 2025/08/29 12:19:53 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 12:19:53 fetching corpus: 50, signal 17126/20763 (executing program) 2025/08/29 12:19:53 fetching corpus: 100, signal 28656/33760 (executing program) 2025/08/29 12:19:53 fetching corpus: 150, signal 36141/42626 (executing program) 2025/08/29 12:19:53 fetching corpus: 200, signal 43195/50901 (executing program) 2025/08/29 12:19:53 fetching corpus: 250, signal 50399/59212 (executing program) 2025/08/29 12:19:53 fetching corpus: 300, signal 54658/64637 (executing program) 2025/08/29 12:19:53 fetching corpus: 350, signal 58318/69442 (executing program) 2025/08/29 12:19:53 fetching corpus: 400, signal 62166/74368 (executing program) 2025/08/29 12:19:53 fetching corpus: 450, signal 65542/78846 (executing program) 2025/08/29 12:19:54 fetching corpus: 500, signal 69479/83710 (executing program) 2025/08/29 12:19:54 fetching corpus: 550, signal 71298/86598 (executing program) 2025/08/29 12:19:54 fetching corpus: 600, signal 74492/90625 (executing program) 2025/08/29 12:19:54 fetching corpus: 650, signal 77923/94715 (executing program) 2025/08/29 12:19:54 fetching corpus: 700, signal 80432/97981 (executing program) 2025/08/29 12:19:54 fetching corpus: 750, signal 83316/101612 (executing program) 2025/08/29 12:19:54 fetching corpus: 800, signal 85164/104326 (executing program) 2025/08/29 12:19:54 fetching corpus: 850, signal 86918/106901 (executing program) 2025/08/29 12:19:54 fetching corpus: 900, signal 88778/109487 (executing program) 2025/08/29 12:19:54 fetching corpus: 950, signal 90642/112060 (executing program) 2025/08/29 12:19:55 fetching corpus: 1000, signal 92050/114237 (executing program) 2025/08/29 12:19:55 fetching corpus: 1050, signal 93768/116605 (executing program) 2025/08/29 12:19:55 fetching corpus: 1100, signal 96656/119785 (executing program) 2025/08/29 12:19:55 fetching corpus: 1150, signal 98519/122229 (executing program) 2025/08/29 12:19:55 fetching corpus: 1199, signal 100486/124679 (executing program) 2025/08/29 12:19:55 fetching corpus: 1249, signal 102390/126995 (executing program) 2025/08/29 12:19:55 fetching corpus: 1299, signal 103658/128851 (executing program) 2025/08/29 12:19:55 fetching corpus: 1349, signal 105007/130724 (executing program) 2025/08/29 12:19:55 fetching corpus: 1399, signal 106308/132548 (executing program) 2025/08/29 12:19:55 fetching corpus: 1449, signal 108192/134776 (executing program) 2025/08/29 12:19:56 fetching corpus: 1499, signal 109611/136596 (executing program) 2025/08/29 12:19:56 fetching corpus: 1549, signal 110805/138312 (executing program) 2025/08/29 12:19:56 fetching corpus: 1598, signal 111844/139860 (executing program) 2025/08/29 12:19:56 fetching corpus: 1648, signal 113263/141708 (executing program) 2025/08/29 12:19:56 fetching corpus: 1698, signal 114892/143554 (executing program) 2025/08/29 12:19:56 fetching corpus: 1748, signal 116703/145491 (executing program) 2025/08/29 12:19:56 fetching corpus: 1798, signal 117633/146849 (executing program) 2025/08/29 12:19:56 fetching corpus: 1848, signal 118475/148229 (executing program) 2025/08/29 12:19:56 fetching corpus: 1898, signal 120095/150019 (executing program) 2025/08/29 12:19:57 fetching corpus: 1948, signal 120876/151247 (executing program) 2025/08/29 12:19:57 fetching corpus: 1998, signal 121970/152650 (executing program) 2025/08/29 12:19:57 fetching corpus: 2048, signal 123760/154416 (executing program) 2025/08/29 12:19:57 fetching corpus: 2098, signal 124798/155715 (executing program) 2025/08/29 12:19:57 fetching corpus: 2148, signal 125738/156927 (executing program) 2025/08/29 12:19:57 fetching corpus: 2198, signal 126455/157980 (executing program) 2025/08/29 12:19:57 fetching corpus: 2248, signal 127362/159171 (executing program) 2025/08/29 12:19:57 fetching corpus: 2298, signal 128087/160207 (executing program) 2025/08/29 12:19:57 fetching corpus: 2348, signal 128888/161310 (executing program) 2025/08/29 12:19:57 fetching corpus: 2398, signal 129768/162454 (executing program) 2025/08/29 12:19:58 fetching corpus: 2448, signal 130977/163683 (executing program) 2025/08/29 12:19:58 fetching corpus: 2498, signal 133479/165465 (executing program) 2025/08/29 12:19:58 fetching corpus: 2548, signal 135161/166846 (executing program) 2025/08/29 12:19:58 fetching corpus: 2598, signal 135886/167792 (executing program) 2025/08/29 12:19:58 fetching corpus: 2648, signal 136344/168607 (executing program) 2025/08/29 12:19:58 fetching corpus: 2698, signal 137294/169647 (executing program) 2025/08/29 12:19:58 fetching corpus: 2748, signal 137824/170537 (executing program) 2025/08/29 12:19:58 fetching corpus: 2797, signal 138351/171364 (executing program) 2025/08/29 12:19:58 fetching corpus: 2847, signal 138978/172180 (executing program) 2025/08/29 12:19:58 fetching corpus: 2897, signal 139820/173079 (executing program) 2025/08/29 12:19:59 fetching corpus: 2947, signal 140258/173824 (executing program) 2025/08/29 12:19:59 fetching corpus: 2997, signal 140942/174621 (executing program) 2025/08/29 12:19:59 fetching corpus: 3047, signal 141665/175470 (executing program) 2025/08/29 12:19:59 fetching corpus: 3097, signal 142337/176237 (executing program) 2025/08/29 12:19:59 fetching corpus: 3147, signal 143071/177007 (executing program) 2025/08/29 12:19:59 fetching corpus: 3197, signal 144256/177927 (executing program) 2025/08/29 12:19:59 fetching corpus: 3247, signal 144868/178668 (executing program) 2025/08/29 12:19:59 fetching corpus: 3297, signal 145359/179356 (executing program) 2025/08/29 12:19:59 fetching corpus: 3347, signal 145712/179975 (executing program) 2025/08/29 12:19:59 fetching corpus: 3397, signal 146087/180577 (executing program) 2025/08/29 12:20:00 fetching corpus: 3447, signal 146696/181215 (executing program) 2025/08/29 12:20:00 fetching corpus: 3497, signal 147387/181892 (executing program) 2025/08/29 12:20:00 fetching corpus: 3547, signal 147885/182474 (executing program) 2025/08/29 12:20:00 fetching corpus: 3597, signal 148287/183061 (executing program) 2025/08/29 12:20:00 fetching corpus: 3647, signal 148762/183658 (executing program) 2025/08/29 12:20:00 fetching corpus: 3697, signal 149191/184254 (executing program) 2025/08/29 12:20:00 fetching corpus: 3747, signal 149925/184851 (executing program) 2025/08/29 12:20:00 fetching corpus: 3797, signal 150577/185451 (executing program) 2025/08/29 12:20:00 fetching corpus: 3847, signal 151293/186031 (executing program) 2025/08/29 12:20:00 fetching corpus: 3897, signal 151802/186559 (executing program) 2025/08/29 12:20:00 fetching corpus: 3947, signal 152236/187040 (executing program) 2025/08/29 12:20:01 fetching corpus: 3997, signal 152639/187534 (executing program) 2025/08/29 12:20:01 fetching corpus: 4047, signal 153218/188043 (executing program) 2025/08/29 12:20:01 fetching corpus: 4097, signal 154049/188644 (executing program) 2025/08/29 12:20:01 fetching corpus: 4147, signal 154512/189139 (executing program) 2025/08/29 12:20:01 fetching corpus: 4197, signal 154810/189576 (executing program) 2025/08/29 12:20:01 fetching corpus: 4247, signal 155267/190046 (executing program) 2025/08/29 12:20:01 fetching corpus: 4297, signal 155733/190516 (executing program) 2025/08/29 12:20:01 fetching corpus: 4347, signal 156248/190959 (executing program) 2025/08/29 12:20:01 fetching corpus: 4397, signal 156860/191379 (executing program) 2025/08/29 12:20:01 fetching corpus: 4447, signal 157262/191793 (executing program) 2025/08/29 12:20:01 fetching corpus: 4497, signal 157978/192220 (executing program) 2025/08/29 12:20:02 fetching corpus: 4547, signal 158726/192626 (executing program) 2025/08/29 12:20:02 fetching corpus: 4597, signal 159179/192989 (executing program) 2025/08/29 12:20:02 fetching corpus: 4647, signal 159658/193384 (executing program) 2025/08/29 12:20:02 fetching corpus: 4697, signal 160508/193436 (executing program) 2025/08/29 12:20:02 fetching corpus: 4747, signal 160872/193439 (executing program) 2025/08/29 12:20:02 fetching corpus: 4797, signal 161359/193479 (executing program) 2025/08/29 12:20:02 fetching corpus: 4847, signal 161720/193482 (executing program) 2025/08/29 12:20:02 fetching corpus: 4897, signal 162025/193485 (executing program) 2025/08/29 12:20:02 fetching corpus: 4947, signal 162326/193487 (executing program) 2025/08/29 12:20:02 fetching corpus: 4997, signal 162915/193488 (executing program) 2025/08/29 12:20:02 fetching corpus: 5047, signal 163343/193491 (executing program) 2025/08/29 12:20:02 fetching corpus: 5097, signal 163730/193510 (executing program) 2025/08/29 12:20:03 fetching corpus: 5147, signal 164164/193514 (executing program) 2025/08/29 12:20:03 fetching corpus: 5197, signal 164972/193521 (executing program) 2025/08/29 12:20:03 fetching corpus: 5247, signal 165448/193536 (executing program) 2025/08/29 12:20:03 fetching corpus: 5297, signal 166101/193562 (executing program) 2025/08/29 12:20:03 fetching corpus: 5347, signal 166546/193565 (executing program) 2025/08/29 12:20:03 fetching corpus: 5397, signal 166979/193620 (executing program) 2025/08/29 12:20:03 fetching corpus: 5447, signal 167732/193638 (executing program) 2025/08/29 12:20:03 fetching corpus: 5497, signal 168456/193642 (executing program) 2025/08/29 12:20:03 fetching corpus: 5547, signal 168879/193690 (executing program) 2025/08/29 12:20:04 fetching corpus: 5597, signal 169249/193744 (executing program) 2025/08/29 12:20:04 fetching corpus: 5647, signal 169610/193758 (executing program) 2025/08/29 12:20:04 fetching corpus: 5697, signal 170053/193773 (executing program) 2025/08/29 12:20:04 fetching corpus: 5747, signal 170434/193797 (executing program) 2025/08/29 12:20:04 fetching corpus: 5797, signal 170835/193801 (executing program) 2025/08/29 12:20:04 fetching corpus: 5847, signal 171124/193813 (executing program) 2025/08/29 12:20:04 fetching corpus: 5897, signal 171512/193829 (executing program) 2025/08/29 12:20:04 fetching corpus: 5947, signal 171966/193936 (executing program) 2025/08/29 12:20:04 fetching corpus: 5997, signal 172280/193938 (executing program) 2025/08/29 12:20:05 fetching corpus: 6047, signal 172615/193949 (executing program) 2025/08/29 12:20:05 fetching corpus: 6097, signal 173013/193963 (executing program) 2025/08/29 12:20:05 fetching corpus: 6147, signal 173373/194060 (executing program) 2025/08/29 12:20:05 fetching corpus: 6197, signal 173827/194069 (executing program) 2025/08/29 12:20:05 fetching corpus: 6247, signal 174115/194086 (executing program) 2025/08/29 12:20:05 fetching corpus: 6297, signal 174457/194142 (executing program) 2025/08/29 12:20:05 fetching corpus: 6347, signal 174688/194146 (executing program) 2025/08/29 12:20:05 fetching corpus: 6397, signal 174993/194150 (executing program) 2025/08/29 12:20:05 fetching corpus: 6447, signal 175363/194164 (executing program) 2025/08/29 12:20:05 fetching corpus: 6497, signal 175908/194181 (executing program) 2025/08/29 12:20:05 fetching corpus: 6547, signal 176361/194196 (executing program) 2025/08/29 12:20:06 fetching corpus: 6597, signal 176805/194196 (executing program) 2025/08/29 12:20:06 fetching corpus: 6647, signal 177048/194204 (executing program) 2025/08/29 12:20:06 fetching corpus: 6697, signal 177333/194208 (executing program) 2025/08/29 12:20:06 fetching corpus: 6747, signal 177775/194208 (executing program) 2025/08/29 12:20:06 fetching corpus: 6797, signal 178023/194219 (executing program) 2025/08/29 12:20:06 fetching corpus: 6847, signal 178346/194222 (executing program) 2025/08/29 12:20:06 fetching corpus: 6897, signal 178551/194239 (executing program) 2025/08/29 12:20:06 fetching corpus: 6947, signal 178895/194246 (executing program) 2025/08/29 12:20:06 fetching corpus: 6997, signal 179239/194257 (executing program) 2025/08/29 12:20:06 fetching corpus: 7047, signal 179569/194259 (executing program) 2025/08/29 12:20:06 fetching corpus: 7097, signal 180035/194268 (executing program) 2025/08/29 12:20:07 fetching corpus: 7147, signal 180242/194271 (executing program) 2025/08/29 12:20:07 fetching corpus: 7197, signal 180614/194290 (executing program) 2025/08/29 12:20:07 fetching corpus: 7247, signal 180947/194300 (executing program) 2025/08/29 12:20:07 fetching corpus: 7297, signal 181319/194321 (executing program) 2025/08/29 12:20:07 fetching corpus: 7347, signal 181701/194340 (executing program) 2025/08/29 12:20:07 fetching corpus: 7397, signal 181928/194346 (executing program) 2025/08/29 12:20:07 fetching corpus: 7447, signal 182179/194347 (executing program) 2025/08/29 12:20:07 fetching corpus: 7497, signal 182483/194354 (executing program) 2025/08/29 12:20:07 fetching corpus: 7547, signal 182774/194385 (executing program) 2025/08/29 12:20:07 fetching corpus: 7597, signal 183087/194389 (executing program) 2025/08/29 12:20:08 fetching corpus: 7647, signal 183298/194394 (executing program) 2025/08/29 12:20:08 fetching corpus: 7697, signal 183583/194394 (executing program) 2025/08/29 12:20:08 fetching corpus: 7747, signal 183881/194404 (executing program) 2025/08/29 12:20:08 fetching corpus: 7797, signal 184192/194447 (executing program) 2025/08/29 12:20:08 fetching corpus: 7847, signal 184579/194449 (executing program) 2025/08/29 12:20:08 fetching corpus: 7897, signal 184815/194456 (executing program) 2025/08/29 12:20:08 fetching corpus: 7947, signal 185149/194462 (executing program) 2025/08/29 12:20:08 fetching corpus: 7997, signal 185403/194477 (executing program) 2025/08/29 12:20:08 fetching corpus: 8047, signal 185709/194477 (executing program) 2025/08/29 12:20:08 fetching corpus: 8097, signal 185966/194478 (executing program) 2025/08/29 12:20:08 fetching corpus: 8147, signal 186199/194489 (executing program) 2025/08/29 12:20:08 fetching corpus: 8197, signal 186465/194512 (executing program) 2025/08/29 12:20:09 fetching corpus: 8247, signal 186726/194512 (executing program) 2025/08/29 12:20:09 fetching corpus: 8297, signal 186995/194517 (executing program) 2025/08/29 12:20:09 fetching corpus: 8347, signal 187261/194519 (executing program) 2025/08/29 12:20:09 fetching corpus: 8397, signal 187548/194522 (executing program) 2025/08/29 12:20:09 fetching corpus: 8447, signal 187877/194522 (executing program) 2025/08/29 12:20:09 fetching corpus: 8497, signal 188231/194525 (executing program) 2025/08/29 12:20:09 fetching corpus: 8547, signal 188457/194527 (executing program) 2025/08/29 12:20:09 fetching corpus: 8597, signal 188808/194528 (executing program) 2025/08/29 12:20:09 fetching corpus: 8647, signal 189035/194534 (executing program) 2025/08/29 12:20:09 fetching corpus: 8697, signal 189270/194548 (executing program) 2025/08/29 12:20:09 fetching corpus: 8747, signal 189463/194554 (executing program) 2025/08/29 12:20:10 fetching corpus: 8797, signal 189625/194576 (executing program) 2025/08/29 12:20:10 fetching corpus: 8847, signal 189877/194578 (executing program) 2025/08/29 12:20:10 fetching corpus: 8897, signal 190116/194582 (executing program) 2025/08/29 12:20:10 fetching corpus: 8947, signal 190332/194605 (executing program) 2025/08/29 12:20:10 fetching corpus: 8997, signal 190635/194609 (executing program) 2025/08/29 12:20:10 fetching corpus: 9011, signal 190694/194611 (executing program) 2025/08/29 12:20:10 fetching corpus: 9011, signal 190694/194611 (executing program) 2025/08/29 12:20:12 starting 8 fuzzer processes 12:20:12 executing program 0: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) getsockopt$sock_int(r0, 0x1, 0x22, 0x0, &(0x7f0000000080)) 12:20:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000000200)=0x5, 0x4) 12:20:12 executing program 1: clone3(&(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000001400), 0x0, 0x0, &(0x7f0000001580)=[0xffffffffffffffff], 0x1}, 0x58) 12:20:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x5}]}, 0x30}}, 0x0) 12:20:12 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0) 12:20:12 executing program 5: ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0) 12:20:12 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) [ 82.133640] audit: type=1400 audit(1756470012.938:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:20:12 executing program 6: ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18}, './file0\x00'}) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000080), 0x0, 0x0) [ 83.369612] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.371466] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.374023] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.377342] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.381824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.384407] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.386146] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.390308] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.393104] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.394522] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.427399] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.437693] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.439471] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.442488] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.443756] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.445744] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.449004] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.455700] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 83.455751] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.458723] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.460729] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.466057] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.469549] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.470743] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.476185] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 83.479639] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.489262] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 83.491640] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 83.510542] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 83.510807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 83.512240] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 83.513664] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 83.517511] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 83.519817] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 83.536246] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.538536] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 83.538813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 83.542059] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 83.614162] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 83.622180] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 85.457423] Bluetooth: hci1: command tx timeout [ 85.457457] Bluetooth: hci0: command tx timeout [ 85.521107] Bluetooth: hci2: command tx timeout [ 85.521200] Bluetooth: hci4: command tx timeout [ 85.522003] Bluetooth: hci3: command tx timeout [ 85.585028] Bluetooth: hci6: command tx timeout [ 85.650249] Bluetooth: hci5: command tx timeout [ 85.713333] Bluetooth: hci7: command tx timeout [ 87.505077] Bluetooth: hci0: command tx timeout [ 87.505511] Bluetooth: hci1: command tx timeout [ 87.569834] Bluetooth: hci2: command tx timeout [ 87.569980] Bluetooth: hci4: command tx timeout [ 87.570273] Bluetooth: hci3: command tx timeout [ 87.634014] Bluetooth: hci6: command tx timeout [ 87.698001] Bluetooth: hci5: command tx timeout [ 87.760940] Bluetooth: hci7: command tx timeout [ 89.553083] Bluetooth: hci0: command tx timeout [ 89.555746] Bluetooth: hci1: command tx timeout [ 89.616930] Bluetooth: hci4: command tx timeout [ 89.618032] Bluetooth: hci2: command tx timeout [ 89.618419] Bluetooth: hci3: command tx timeout [ 89.681001] Bluetooth: hci6: command tx timeout [ 89.746154] Bluetooth: hci5: command tx timeout [ 89.810553] Bluetooth: hci7: command tx timeout [ 91.602549] Bluetooth: hci1: command tx timeout [ 91.603019] Bluetooth: hci0: command tx timeout [ 91.667068] Bluetooth: hci2: command tx timeout [ 91.667479] Bluetooth: hci3: command tx timeout [ 91.668205] Bluetooth: hci4: command tx timeout [ 91.729904] Bluetooth: hci6: command tx timeout [ 91.793673] Bluetooth: hci5: command tx timeout [ 91.856997] Bluetooth: hci7: command tx timeout [ 118.890992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.891658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.093505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.094157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.702311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.702985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:20:50 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r0, &(0x7f0000001900)=ANY=[], 0xffd3) write$P9_RSTAT(r0, &(0x7f0000000080)={0x52, 0x7d, 0x0, {0x0, 0x4b, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x5, '&*:\x90.', 0x7, '\\W!#^/*', 0x6, '^@#%[$', 0x6, '$[#[$@'}}, 0x52) [ 119.764570] audit: type=1400 audit(1756470050.569:8): avc: denied { open } for pid=3753 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.773131] audit: type=1400 audit(1756470050.569:9): avc: denied { kernel } for pid=3753 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.890535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.891510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:20:51 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x68, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) [ 120.262707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.263534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.320381] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 12:20:51 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x68, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) [ 120.417322] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 120.455838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.457122] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:20:51 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x68, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) [ 120.531524] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 12:20:51 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x68, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0) [ 120.607977] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 12:20:51 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00)={0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) [ 120.718527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.719152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:20:51 executing program 6: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8000000, 0x4) 12:20:51 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) listen(r0, 0x0) [ 120.855537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.856275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.244662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.245301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.303526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.304256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.432929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.433560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.472180] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 121.473620] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 121.516749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.517384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.568472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.569146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.623245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.623856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.789410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.790209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.830066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.830645] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:20:52 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 12:20:52 executing program 6: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8000000, 0x4) 12:20:52 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x3a, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="ee72af93", 0x4}], 0x1}, 0x0) 12:20:52 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0) 12:20:52 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000800)={&(0x7f0000000600)=@l2tp={0x2, 0x0, @empty}, 0x80, 0x0}, 0x0) 12:20:52 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4c000, 0x0) sendfile(r0, r1, 0x0, 0x68e146a1) 12:20:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1101}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 12:20:52 executing program 5: ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0) [ 122.053565] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 122.065834] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 122.068269] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 12:20:52 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x3a, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="ee72af93", 0x4}], 0x1}, 0x0) 12:20:52 executing program 6: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8000000, 0x4) 12:20:52 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0) 12:20:52 executing program 5: ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0) [ 122.153914] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 12:20:53 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x3a, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="ee72af93", 0x4}], 0x1}, 0x0) 12:20:53 executing program 3: syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000010c0)='./file0\x00', &(0x7f0000001100), &(0x7f0000001140), 0x18, 0x0) 12:20:53 executing program 6: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8000000, 0x4) 12:20:53 executing program 0: ioperm(0x0, 0x7, 0x1) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000001300)=[{0x0}], 0x0, 0x0) 12:20:53 executing program 5: ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0) 12:20:53 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0) 12:20:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1101}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 12:20:53 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000800)={&(0x7f0000000600)=@l2tp={0x2, 0x0, @empty}, 0x80, 0x0}, 0x0) 12:20:53 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x3a, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="ee72af93", 0x4}], 0x1}, 0x0) 12:20:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1101}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 12:20:53 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000400)={0xca}) 12:20:53 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x0, @empty}, {0x304, @multicast}, 0x0, {0x2, 0x0, @remote}}) 12:20:53 executing program 4: capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) 12:20:53 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000800)={&(0x7f0000000600)=@l2tp={0x2, 0x0, @empty}, 0x80, 0x0}, 0x0) 12:20:53 executing program 3: syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000010c0)='./file0\x00', &(0x7f0000001100), &(0x7f0000001140), 0x18, 0x0) 12:20:53 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000080)={{0x2, 0x0, @remote}, {0x6, @link_local}, 0x68, {0x2, 0x0, @empty}, 'lo\x00'}) [ 122.386314] capability: warning: `syz-executor.4' uses deprecated v2 capabilities in a way that may be insecure 12:20:53 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000140), 0x4, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x5460) 12:20:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1101}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 12:20:53 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000800)={&(0x7f0000000600)=@l2tp={0x2, 0x0, @empty}, 0x80, 0x0}, 0x0) 12:20:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000017c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="820395b3262f"}, 0x14) sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 12:20:53 executing program 3: syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000010c0)='./file0\x00', &(0x7f0000001100), &(0x7f0000001140), 0x18, 0x0) 12:20:53 executing program 4: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, r1+10000000}}, 0x0) r2 = dup(r0) timerfd_gettime(r2, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 12:20:53 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5) lseek(r0, 0x0, 0x0) 12:20:53 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000018c0), 0x14) 12:20:53 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000140), 0x4, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x5460) [ 122.547354] kmemleak: Found object by alias at 0x607f1a63954c [ 122.547377] CPU: 1 UID: 0 PID: 3991 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.547396] Tainted: [W]=WARN [ 122.547400] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.547407] Call Trace: [ 122.547412] [ 122.547417] dump_stack_lvl+0xca/0x120 [ 122.547446] __lookup_object+0x94/0xb0 [ 122.547464] delete_object_full+0x27/0x70 [ 122.547480] free_percpu+0x30/0x1160 [ 122.547497] ? arch_uprobe_clear_state+0x16/0x140 [ 122.547517] futex_hash_free+0x38/0xc0 [ 122.547533] mmput+0x2d3/0x390 [ 122.547552] do_exit+0x79d/0x2970 [ 122.547569] ? __pfx_do_exit+0x10/0x10 [ 122.547583] ? find_held_lock+0x2b/0x80 [ 122.547601] ? get_signal+0x835/0x2340 [ 122.547621] do_group_exit+0xd3/0x2a0 [ 122.547636] get_signal+0x2315/0x2340 [ 122.547652] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.547665] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 122.547684] ? __pfx_get_signal+0x10/0x10 [ 122.547700] ? __schedule+0xe91/0x3590 [ 122.547720] arch_do_signal_or_restart+0x80/0x790 [ 122.547738] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.547753] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.547766] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.547786] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.547804] exit_to_user_mode_loop+0x8b/0x110 [ 122.547817] do_syscall_64+0x2f7/0x360 [ 122.547829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.547842] RIP: 0033:0x7f05a3738b19 [ 122.547851] Code: Unable to access opcode bytes at 0x7f05a3738aef. [ 122.547856] RSP: 002b:00007f05a0c8d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.547867] RAX: 0000000000000001 RBX: 00007f05a384c028 RCX: 00007f05a3738b19 [ 122.547875] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f05a384c02c [ 122.547882] RBP: 00007f05a384c020 R08: 000000000000000e R09: 0000000000000000 [ 122.547889] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f05a384c02c [ 122.547896] R13: 00007ffeec9764ff R14: 00007f05a0c8d300 R15: 0000000000022000 [ 122.547912] [ 122.547916] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 122.547922] kmemleak: comm "syz-executor.5", pid 3988, jiffies 4294789331 [ 122.547930] kmemleak: min_count = 1 [ 122.547934] kmemleak: count = 0 [ 122.547937] kmemleak: flags = 0x21 [ 122.547941] kmemleak: checksum = 0 [ 122.547945] kmemleak: backtrace: [ 122.547949] pcpu_alloc_noprof+0x87a/0x1170 [ 122.547964] perf_trace_event_init+0x366/0xa10 [ 122.547977] perf_trace_init+0x1a4/0x2f0 [ 122.547988] perf_tp_event_init+0xa6/0x120 [ 122.548004] perf_try_init_event+0x140/0x9f0 [ 122.548017] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.548033] __do_sys_perf_event_open+0x719/0x2c20 [ 122.548046] do_syscall_64+0xbf/0x360 [ 122.548054] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:20:53 executing program 3: syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000010c0)='./file0\x00', &(0x7f0000001100), &(0x7f0000001140), 0x18, 0x0) 12:20:53 executing program 4: accept(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() ioprio_get$pid(0x2, 0x0) 12:20:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="90", 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x10}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c575", 0x6f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894) 12:20:53 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000100)={0x0, {}, {{0x2, 0x0, @remote}}}, 0x108) 12:20:53 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5) lseek(r0, 0x0, 0x0) 12:20:53 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000140), 0x4, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x5460) 12:20:53 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000017c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="820395b3262f"}, 0x14) sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) [ 122.668136] audit: type=1400 audit(1756470053.472:10): avc: denied { watch_reads } for pid=4006 comm="syz-executor.7" path="/syzkaller-testdir902903611/syzkaller.3rFL9b/6" dev="sda" ino=15975 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 12:20:53 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000140), 0x4, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x5460) 12:20:53 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:20:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="90", 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x10}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c575", 0x6f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894) 12:20:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000017c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="820395b3262f"}, 0x14) sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 12:20:53 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5) lseek(r0, 0x0, 0x0) 12:20:53 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r0, 0x8, 0x0) getdents64(r0, &(0x7f0000000080)=""/127, 0x7f) 12:20:53 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 4: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x6, &(0x7f0000000040)=0x7, 0x5db) syz_open_dev$tty20(0xc, 0x4, 0x0) [ 122.820062] kmemleak: Found object by alias at 0x607f1a63954c [ 122.820083] CPU: 1 UID: 0 PID: 4019 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.820101] Tainted: [W]=WARN [ 122.820105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.820112] Call Trace: [ 122.820116] [ 122.820121] dump_stack_lvl+0xca/0x120 [ 122.820145] __lookup_object+0x94/0xb0 [ 122.820162] delete_object_full+0x27/0x70 [ 122.820177] free_percpu+0x30/0x1160 [ 122.820194] ? arch_uprobe_clear_state+0x16/0x140 [ 122.820213] futex_hash_free+0x38/0xc0 [ 122.820228] mmput+0x2d3/0x390 [ 122.820246] do_exit+0x79d/0x2970 [ 122.820264] ? __pfx_do_exit+0x10/0x10 [ 122.820277] ? trace_irq_enable.constprop.0+0x26/0x100 [ 122.820290] ? _raw_spin_unlock_irq+0x23/0x40 [ 122.820309] do_group_exit+0xd3/0x2a0 [ 122.820323] __x64_sys_exit_group+0x3e/0x50 [ 122.820336] x64_sys_call+0x18c5/0x18d0 [ 122.820352] do_syscall_64+0xbf/0x360 [ 122.820363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.820374] RIP: 0033:0x7f05a3738b19 [ 122.820383] Code: Unable to access opcode bytes at 0x7f05a3738aef. 12:20:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="90", 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x10}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c575", 0x6f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894) [ 122.820388] RSP: 002b:00007ffeec976728 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.820399] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f05a3738b19 [ 122.820407] RDX: 00007f05a36eb72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.820413] RBP: 0000000000000000 R08: 0000001b2d22700c R09: 0000000000000000 [ 122.820420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.820427] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffeec976810 [ 122.820442] [ 122.820445] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 122.820452] kmemleak: comm "syz-executor.2", pid 4028, jiffies 4294789609 [ 122.820459] kmemleak: min_count = 1 [ 122.820463] kmemleak: count = 0 [ 122.820466] kmemleak: flags = 0x21 [ 122.820470] kmemleak: checksum = 0 [ 122.820474] kmemleak: backtrace: [ 122.820477] pcpu_alloc_noprof+0x87a/0x1170 [ 122.820492] perf_trace_event_init+0x366/0xa10 [ 122.820505] perf_trace_init+0x1a4/0x2f0 [ 122.820516] perf_tp_event_init+0xa6/0x120 [ 122.820541] perf_try_init_event+0x140/0x9f0 [ 122.820554] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.820570] __do_sys_perf_event_open+0x719/0x2c20 [ 122.820582] do_syscall_64+0xbf/0x360 12:20:53 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5) lseek(r0, 0x0, 0x0) [ 122.820591] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:20:53 executing program 4: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) syz_emit_ethernet(0x6c, &(0x7f00000003c0)=ANY=[], 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000100), 0x0, 0x0) 12:20:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000017c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="820395b3262f"}, 0x14) sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 12:20:53 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_adj\x00') write$P9_RREAD(r0, 0x0, 0x0) 12:20:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="90", 0x1, 0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x10}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c575", 0x6f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894) 12:20:53 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) syz_emit_ethernet(0x6c, &(0x7f00000003c0)=ANY=[], 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000100), 0x0, 0x0) 12:20:53 executing program 7: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 4: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) close_range(r0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 12:20:53 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e0a0309"], 0xd) 12:20:53 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getresgid(&(0x7f0000000000), &(0x7f00000190c0), &(0x7f0000019100)) 12:20:53 executing program 6: r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xe) 12:20:53 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) 12:20:53 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) setresuid(0x0, 0xee01, 0x0) ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000000)) 12:20:53 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0xf90}) 12:20:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$nfs4(0x0, &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4000, 0x0) 12:20:53 executing program 0: capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000000)) mq_open(&(0x7f0000000240)='\',-\r$.\x00', 0x40, 0x0, &(0x7f0000000280)={0x7fff, 0x8001, 0x4, 0x68}) [ 123.169269] kmemleak: Found object by alias at 0x607f1a63954c [ 123.169287] CPU: 1 UID: 0 PID: 4073 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.169305] Tainted: [W]=WARN [ 123.169308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.169316] Call Trace: [ 123.169320] [ 123.169325] dump_stack_lvl+0xca/0x120 [ 123.169353] __lookup_object+0x94/0xb0 [ 123.169371] delete_object_full+0x27/0x70 [ 123.169387] free_percpu+0x30/0x1160 [ 123.169405] ? arch_uprobe_clear_state+0x16/0x140 [ 123.169428] futex_hash_free+0x38/0xc0 [ 123.169443] mmput+0x2d3/0x390 [ 123.169461] do_exit+0x79d/0x2970 [ 123.169479] ? __pfx_do_exit+0x10/0x10 [ 123.169493] ? find_held_lock+0x2b/0x80 [ 123.169511] ? get_signal+0x835/0x2340 [ 123.169531] do_group_exit+0xd3/0x2a0 [ 123.169546] get_signal+0x2315/0x2340 [ 123.169563] ? put_task_stack+0xd2/0x240 [ 123.169577] ? __pfx_get_signal+0x10/0x10 [ 123.169593] ? __schedule+0xe91/0x3590 [ 123.169613] arch_do_signal_or_restart+0x80/0x790 [ 123.169631] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 123.169646] ? __x64_sys_futex+0x1c9/0x4d0 [ 123.169659] ? __x64_sys_futex+0x1d2/0x4d0 [ 123.169672] ? __fget_files+0x20d/0x3b0 [ 123.169684] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.169703] exit_to_user_mode_loop+0x8b/0x110 [ 123.169716] do_syscall_64+0x2f7/0x360 [ 123.169728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.169741] RIP: 0033:0x7f05a3738b19 [ 123.169749] Code: Unable to access opcode bytes at 0x7f05a3738aef. [ 123.169754] RSP: 002b:00007f05a0c8d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.169766] RAX: 0000000000000001 RBX: 00007f05a384c028 RCX: 00007f05a3738b19 [ 123.169773] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f05a384c02c [ 123.169780] RBP: 00007f05a384c020 R08: 0000000000000009 R09: 0000000000000000 [ 123.169787] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f05a384c02c [ 123.169794] R13: 00007ffeec9764ff R14: 00007f05a0c8d300 R15: 0000000000022000 [ 123.169809] [ 123.169813] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 123.169819] kmemleak: comm "syz-executor.1", pid 4067, jiffies 4294789955 [ 123.169826] kmemleak: min_count = 1 [ 123.169830] kmemleak: count = 0 [ 123.169833] kmemleak: flags = 0x21 [ 123.169837] kmemleak: checksum = 0 [ 123.169841] kmemleak: backtrace: [ 123.169844] pcpu_alloc_noprof+0x87a/0x1170 [ 123.169859] perf_trace_event_init+0x366/0xa10 [ 123.169877] perf_trace_init+0x1a4/0x2f0 [ 123.169888] perf_tp_event_init+0xa6/0x120 [ 123.169904] perf_try_init_event+0x140/0x9f0 [ 123.169917] perf_event_alloc.part.0+0x118e/0x45f0 [ 123.169933] __do_sys_perf_event_open+0x719/0x2c20 [ 123.169946] do_syscall_64+0xbf/0x360 [ 123.169955] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:20:54 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getpeername(0xffffffffffffffff, 0x0, 0x0) 12:20:54 executing program 6: r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xe) 12:20:54 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)={0x0, 0x1e, '\x00', [@generic={0x8, 0xd4, "e6150e99102b6e28f7858de4b7b9a9a0bebcef6d26958da8b9071f3d2f8d37b9705d0be9e8d07307ee5668b3ae21f15ff542cef754cb8080d6c337b0b00b79f0ae7ddee046c45f7669f24eaf323d9d114132dc47c93b1d5a2eb34104f4dafd10d5215795e2a0cc8d1f7f14a543caa3fac8d90f88653800ae1b1fe9c20067aa07bb923067db4db6bb7838b5a916a45efc087b763005f1ba10b66c120b55525c9122ab609c4db7df35d62622c8d7a64dcaae101ac061f7e556c3642f5ce24251fe5e9a1ce009e1f7bc667e0e4cafe75509c7009159"}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}]}, 0xf8) setsockopt$inet6_opts(r0, 0x29, 0x36, 0x0, 0x0) 12:20:54 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0xf90}) 12:20:54 executing program 7: set_mempolicy(0xc000, 0x0, 0x0) 12:20:54 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) syz_emit_ethernet(0x6c, &(0x7f00000003c0)=ANY=[], 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000100), 0x0, 0x0) 12:20:54 executing program 0: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) [ 123.248046] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 12:20:54 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) syz_emit_ethernet(0x6c, &(0x7f00000003c0)=ANY=[], 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000100), 0x0, 0x0) 12:20:54 executing program 6: r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xe) 12:20:54 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0xf90}) 12:20:54 executing program 7: set_mempolicy(0xc000, 0x0, 0x0) 12:20:54 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getpeername(0xffffffffffffffff, 0x0, 0x0) 12:20:54 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)={0x0, 0x1e, '\x00', [@generic={0x8, 0xd4, "e6150e99102b6e28f7858de4b7b9a9a0bebcef6d26958da8b9071f3d2f8d37b9705d0be9e8d07307ee5668b3ae21f15ff542cef754cb8080d6c337b0b00b79f0ae7ddee046c45f7669f24eaf323d9d114132dc47c93b1d5a2eb34104f4dafd10d5215795e2a0cc8d1f7f14a543caa3fac8d90f88653800ae1b1fe9c20067aa07bb923067db4db6bb7838b5a916a45efc087b763005f1ba10b66c120b55525c9122ab609c4db7df35d62622c8d7a64dcaae101ac061f7e556c3642f5ce24251fe5e9a1ce009e1f7bc667e0e4cafe75509c7009159"}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}]}, 0xf8) setsockopt$inet6_opts(r0, 0x29, 0x36, 0x0, 0x0) 12:20:54 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x2a, 0x0, "6c7abb3e9a9a691096b5eb47d00faa3f87c4977f0e265c767bc4efcf846530ace2b9d3f684a50d0b1e7c136a28dfcd2b470e6904d7208e05d688f255b9df442a8090a173937522cbeb7c2948aede5252"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4) 12:20:54 executing program 0: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 12:20:54 executing program 6: r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xe) 12:20:54 executing program 6: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 12:20:54 executing program 7: set_mempolicy(0xc000, 0x0, 0x0) 12:20:54 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)={0x0, 0x1e, '\x00', [@generic={0x8, 0xd4, "e6150e99102b6e28f7858de4b7b9a9a0bebcef6d26958da8b9071f3d2f8d37b9705d0be9e8d07307ee5668b3ae21f15ff542cef754cb8080d6c337b0b00b79f0ae7ddee046c45f7669f24eaf323d9d114132dc47c93b1d5a2eb34104f4dafd10d5215795e2a0cc8d1f7f14a543caa3fac8d90f88653800ae1b1fe9c20067aa07bb923067db4db6bb7838b5a916a45efc087b763005f1ba10b66c120b55525c9122ab609c4db7df35d62622c8d7a64dcaae101ac061f7e556c3642f5ce24251fe5e9a1ce009e1f7bc667e0e4cafe75509c7009159"}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}]}, 0xf8) setsockopt$inet6_opts(r0, 0x29, 0x36, 0x0, 0x0) 12:20:54 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getpeername(0xffffffffffffffff, 0x0, 0x0) 12:20:54 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x2a, 0x0, "6c7abb3e9a9a691096b5eb47d00faa3f87c4977f0e265c767bc4efcf846530ace2b9d3f684a50d0b1e7c136a28dfcd2b470e6904d7208e05d688f255b9df442a8090a173937522cbeb7c2948aede5252"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4) 12:20:54 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0xf90}) 12:20:54 executing program 0: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 12:20:54 executing program 3: syz_emit_ethernet(0x36, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @igmp={{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @private=0xa010100, @rand_addr=0x64010102, {[@timestamp_addr={0x44, 0xc, 0x5, 0x1, 0x0, [{@empty}]}]}}, {0x0, 0x0, 0x0, @loopback}}}}}, 0x0) [ 123.540594] kmemleak: Found object by alias at 0x607f1a63954c [ 123.540617] CPU: 1 UID: 0 PID: 4114 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.540636] Tainted: [W]=WARN [ 123.540640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.540647] Call Trace: [ 123.540651] [ 123.540656] dump_stack_lvl+0xca/0x120 [ 123.540682] __lookup_object+0x94/0xb0 [ 123.540699] delete_object_full+0x27/0x70 [ 123.540715] free_percpu+0x30/0x1160 [ 123.540732] ? arch_uprobe_clear_state+0x16/0x140 [ 123.540752] futex_hash_free+0x38/0xc0 [ 123.540766] mmput+0x2d3/0x390 [ 123.540785] do_exit+0x79d/0x2970 [ 123.540799] ? signal_wake_up_state+0x85/0x120 [ 123.540815] ? zap_other_threads+0x2b9/0x3a0 [ 123.540830] ? __pfx_do_exit+0x10/0x10 [ 123.540843] ? do_group_exit+0x1c3/0x2a0 [ 123.540856] ? lock_release+0xc8/0x290 [ 123.540877] do_group_exit+0xd3/0x2a0 [ 123.540892] __x64_sys_exit_group+0x3e/0x50 [ 123.540905] x64_sys_call+0x18c5/0x18d0 [ 123.540921] do_syscall_64+0xbf/0x360 [ 123.540933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.540944] RIP: 0033:0x7f05a3738b19 [ 123.540952] Code: Unable to access opcode bytes at 0x7f05a3738aef. [ 123.540958] RSP: 002b:00007ffeec976728 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 123.540969] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f05a3738b19 [ 123.540977] RDX: 00007f05a36eb72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 123.540984] RBP: 0000000000000000 R08: 0000001b2d22001c R09: 0000000000000000 [ 123.540991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.540997] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffeec976810 [ 123.541013] [ 123.541017] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 123.541023] kmemleak: comm "syz-executor.4", pid 4123, jiffies 4294790321 [ 123.541030] kmemleak: min_count = 1 [ 123.541034] kmemleak: count = 0 [ 123.541037] kmemleak: flags = 0x21 [ 123.541041] kmemleak: checksum = 0 [ 123.541045] kmemleak: backtrace: [ 123.541048] pcpu_alloc_noprof+0x87a/0x1170 [ 123.541063] perf_trace_event_init+0x366/0xa10 [ 123.541077] perf_trace_init+0x1a4/0x2f0 [ 123.541088] perf_tp_event_init+0xa6/0x120 [ 123.541103] perf_try_init_event+0x140/0x9f0 [ 123.541117] perf_event_alloc.part.0+0x118e/0x45f0 [ 123.541133] __do_sys_perf_event_open+0x719/0x2c20 [ 123.541145] do_syscall_64+0xbf/0x360 [ 123.541154] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:20:54 executing program 6: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 12:20:54 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)={0x0, 0x1e, '\x00', [@generic={0x8, 0xd4, "e6150e99102b6e28f7858de4b7b9a9a0bebcef6d26958da8b9071f3d2f8d37b9705d0be9e8d07307ee5668b3ae21f15ff542cef754cb8080d6c337b0b00b79f0ae7ddee046c45f7669f24eaf323d9d114132dc47c93b1d5a2eb34104f4dafd10d5215795e2a0cc8d1f7f14a543caa3fac8d90f88653800ae1b1fe9c20067aa07bb923067db4db6bb7838b5a916a45efc087b763005f1ba10b66c120b55525c9122ab609c4db7df35d62622c8d7a64dcaae101ac061f7e556c3642f5ce24251fe5e9a1ce009e1f7bc667e0e4cafe75509c7009159"}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}]}, 0xf8) setsockopt$inet6_opts(r0, 0x29, 0x36, 0x0, 0x0) 12:20:54 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005}) creat(&(0x7f00000003c0)='./file0\x00', 0x0) 12:20:54 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getpeername(0xffffffffffffffff, 0x0, 0x0) 12:20:54 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x2a, 0x0, "6c7abb3e9a9a691096b5eb47d00faa3f87c4977f0e265c767bc4efcf846530ace2b9d3f684a50d0b1e7c136a28dfcd2b470e6904d7208e05d688f255b9df442a8090a173937522cbeb7c2948aede5252"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4) 12:20:54 executing program 0: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 12:20:54 executing program 7: set_mempolicy(0xc000, 0x0, 0x0) 12:20:54 executing program 3: r0 = syz_io_uring_setup(0x1722, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) ppoll(&(0x7f0000000940)=[{r0}], 0x1, &(0x7f00000009c0)={0x0, 0x3938700}, &(0x7f0000000a00), 0x8) [ 123.688593] kmemleak: Found object by alias at 0x607f1a63954c [ 123.688619] CPU: 1 UID: 0 PID: 4139 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.688637] Tainted: [W]=WARN [ 123.688641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.688649] Call Trace: [ 123.688653] [ 123.688659] dump_stack_lvl+0xca/0x120 [ 123.688687] __lookup_object+0x94/0xb0 [ 123.688705] delete_object_full+0x27/0x70 [ 123.688721] free_percpu+0x30/0x1160 [ 123.688738] ? arch_uprobe_clear_state+0x16/0x140 [ 123.688758] futex_hash_free+0x38/0xc0 [ 123.688772] mmput+0x2d3/0x390 [ 123.688791] do_exit+0x79d/0x2970 [ 123.688809] ? __pfx_do_exit+0x10/0x10 [ 123.688823] ? find_held_lock+0x2b/0x80 [ 123.688841] ? get_signal+0x835/0x2340 [ 123.688861] do_group_exit+0xd3/0x2a0 [ 123.688876] get_signal+0x2315/0x2340 [ 123.688893] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.688910] ? __pfx_get_signal+0x10/0x10 [ 123.688926] ? __schedule+0xe91/0x3590 [ 123.688946] arch_do_signal_or_restart+0x80/0x790 [ 123.688964] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 123.688980] ? __x64_sys_futex+0x1c9/0x4d0 [ 123.688992] ? __x64_sys_futex+0x1d2/0x4d0 [ 123.689005] ? exc_page_fault+0xb0/0x180 [ 123.689021] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.689039] exit_to_user_mode_loop+0x8b/0x110 [ 123.689053] do_syscall_64+0x2f7/0x360 [ 123.689065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.689077] RIP: 0033:0x7f05a3738b19 [ 123.689087] Code: Unable to access opcode bytes at 0x7f05a3738aef. [ 123.689092] RSP: 002b:00007f05a0cae218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.689103] RAX: 0000000000000001 RBX: 00007f05a384bf68 RCX: 00007f05a3738b19 [ 123.689111] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f05a384bf6c [ 123.689118] RBP: 00007f05a384bf60 R08: 0000000000000016 R09: 0000000000000000 [ 123.689125] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f05a384bf6c [ 123.689133] R13: 00007ffeec9764ff R14: 00007f05a0cae300 R15: 0000000000022000 [ 123.689149] [ 123.689152] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 123.689159] kmemleak: comm "syz-executor.3", pid 4141, jiffies 4294790473 [ 123.689166] kmemleak: min_count = 1 [ 123.689170] kmemleak: count = 0 [ 123.689174] kmemleak: flags = 0x21 [ 123.689177] kmemleak: checksum = 0 [ 123.689181] kmemleak: backtrace: [ 123.689184] pcpu_alloc_noprof+0x87a/0x1170 [ 123.689199] percpu_ref_init+0x37/0x400 [ 123.689217] io_uring_setup+0x44c/0x2000 [ 123.689228] __x64_sys_io_uring_setup+0xc8/0x170 [ 123.689239] do_syscall_64+0xbf/0x360 [ 123.689247] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:20:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020601000240008000f8", 0x16}], 0x0, &(0x7f0000010d00)) 12:20:54 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x2a, 0x0, "6c7abb3e9a9a691096b5eb47d00faa3f87c4977f0e265c767bc4efcf846530ace2b9d3f684a50d0b1e7c136a28dfcd2b470e6904d7208e05d688f255b9df442a8090a173937522cbeb7c2948aede5252"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4) 12:20:54 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x9, 0x0, 0x25, "b210f8e6a5c7a9bdb0"}) [ 123.755625] FAT-fs (loop1): bogus sectors per cluster 6 [ 123.756206] FAT-fs (loop1): Can't find a valid FAT filesystem 12:20:54 executing program 7: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendfile(r1, r0, 0x0, 0x8001) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000140), 0x4) 12:20:54 executing program 6: r0 = semget$private(0x0, 0x5, 0x0) semtimedop(r0, &(0x7f0000000100)=[{}, {0x0, 0xff81}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) [ 123.780934] FAT-fs (loop1): bogus sectors per cluster 6 [ 123.781344] FAT-fs (loop1): Can't find a valid FAT filesystem 12:20:54 executing program 3: r0 = syz_io_uring_setup(0x1722, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) ppoll(&(0x7f0000000940)=[{r0}], 0x1, &(0x7f00000009c0)={0x0, 0x3938700}, &(0x7f0000000a00), 0x8) 12:20:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001a000100000000000000000002a50043e29664b3223e"], 0x1c}], 0x1}, 0x0) [ 123.807901] program syz-executor.5 is using a deprecated SCSI ioctl, please convert it to SG_IO 12:20:54 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x31e, &(0x7f0000000400)) 12:20:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000100)=@ethtool_per_queue_op={0x4b, 0xe}}) 12:20:54 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) 12:20:54 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x9, 0x0, 0x25, "b210f8e6a5c7a9bdb0"}) 12:20:54 executing program 7: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendfile(r1, r0, 0x0, 0x8001) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000140), 0x4) 12:20:54 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendfile(r1, r0, 0x0, 0x8001) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000140), 0x4) 12:20:54 executing program 1: request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, 0xfffffffffffffffd, 0x0) [ 123.954097] program syz-executor.5 is using a deprecated SCSI ioctl, please convert it to SG_IO 12:20:54 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x4, 0x8004}, 0x0) dup(r0) 12:20:54 executing program 3: r0 = syz_io_uring_setup(0x1722, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) ppoll(&(0x7f0000000940)=[{r0}], 0x1, &(0x7f00000009c0)={0x0, 0x3938700}, &(0x7f0000000a00), 0x8) 12:20:54 executing program 6: write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @void, @llc={@snap={0x0, 0x0, "1e", "74408d", 0x0, "a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"}}}, 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'wlan0\x00'}) [ 123.996333] Oops: general protection fault, probably for non-canonical address 0xe8fffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.997253] KASAN: maybe wild-memory-access in range [0x4800000000000190-0x4800000000000197] [ 123.997926] CPU: 0 UID: 0 PID: 4182 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.998864] Tainted: [W]=WARN [ 123.999114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.003012] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.003407] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.004860] RSP: 0018:ffff888018d77780 EFLAGS: 00010012 [ 124.005290] RAX: 0900000000000032 RBX: 47ffffffffffffa0 RCX: ffffc900013ff000 [ 124.005862] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 4800000000000190 [ 124.006433] RBP: ffff888018d779f0 R08: ffff88806ce31340 R09: ffffe8ffffc16548 [ 124.007000] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.007568] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.008140] FS: 00007fb049c0c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 124.008794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.009257] CR2: 00007fb04c7aa018 CR3: 0000000013a08000 CR4: 0000000000350ef0 [ 124.009791] Call Trace: [ 124.009987] [ 124.010161] ? __pfx_perf_tp_event+0x10/0x10 [ 124.010499] ? __asan_memcpy+0x3d/0x60 [ 124.010798] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 124.011278] ? lock_is_held_type+0x9e/0x120 [ 124.011611] ? ctx_sched_in+0x134/0x9b0 [ 124.011911] ? __lock_acquire+0x694/0x1b70 [ 124.012234] ? perf_trace_run_bpf_submit+0xef/0x180 [ 124.012617] ? find_held_lock+0x2b/0x80 [ 124.012923] perf_trace_run_bpf_submit+0xef/0x180 [ 124.013290] perf_trace_preemptirq_template+0x259/0x430 [ 124.013702] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.014144] ? __pfx___smp_call_single_queue+0x10/0x10 [ 124.014545] ? find_held_lock+0x2b/0x80 [ 124.014849] ? try_to_wake_up+0x8ae/0x11d0 [ 124.015173] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 124.015556] trace_irq_enable.constprop.0+0xa6/0x100 [ 124.015933] trace_hardirqs_on+0x26/0x40 [ 124.016236] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 124.016625] try_to_wake_up+0x8ae/0x11d0 [ 124.016937] ? __pfx_try_to_wake_up+0x10/0x10 [ 124.017277] ? plist_del+0x122/0x270 [ 124.017563] ? find_held_lock+0x2b/0x80 [ 124.017867] ? futex_wake+0x474/0x540 [ 124.018159] wake_up_q+0xa1/0x130 [ 124.018428] futex_wake+0x47e/0x540 [ 124.018708] ? __pfx_futex_wake+0x10/0x10 [ 124.019024] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 124.019403] ? lock_release+0xc8/0x290 [ 124.019698] do_futex+0x26d/0x370 [ 124.019965] ? __pfx_do_futex+0x10/0x10 [ 124.020265] __x64_sys_futex+0x1c9/0x4d0 [ 124.020578] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.021023] ? __pfx___x64_sys_futex+0x10/0x10 [ 124.021367] ? xfd_validate_state+0x55/0x180 [ 124.021707] do_syscall_64+0xbf/0x360 [ 124.021994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.022377] RIP: 0033:0x7fb04c696b19 [ 124.022655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.023982] RSP: 002b:00007fb049c0c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.024541] RAX: ffffffffffffffda RBX: 00007fb04c7a9f68 RCX: 00007fb04c696b19 [ 124.025074] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb04c7a9f6c [ 124.025600] RBP: 00007fb04c7a9f60 R08: 000000000000000e R09: 0000000000000000 [ 124.026123] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb04c7a9f6c [ 124.026646] R13: 00007ffcd7eb01ff R14: 00007fb049c0c300 R15: 0000000000022000 [ 124.027174] [ 124.027352] Modules linked in: [ 124.027595] ---[ end trace 0000000000000000 ]--- [ 124.027943] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.028294] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.029631] RSP: 0018:ffff888018d77780 EFLAGS: 00010012 [ 124.030023] RAX: 0900000000000032 RBX: 47ffffffffffffa0 RCX: ffffc900013ff000 [ 124.030547] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 4800000000000190 [ 124.031073] RBP: ffff888018d779f0 R08: ffff88806ce31340 R09: ffffe8ffffc16548 [ 124.031596] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.032119] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.032650] FS: 00007fb049c0c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 124.033240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.033670] CR2: 00007fb04c7aa018 CR3: 0000000013a08000 CR4: 0000000000350ef0 [ 124.034197] note: syz-executor.0[4182] exited with irqs disabled [ 124.034695] Oops: general protection fault, probably for non-canonical address 0xe8fffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 124.035509] KASAN: maybe wild-memory-access in range [0x4800000000000190-0x4800000000000197] [ 124.036124] CPU: 0 UID: 0 PID: 4182 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 124.037001] Tainted: [D]=DIE, [W]=WARN [ 124.037285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.037886] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.038087] kmemleak: Found object by alias at 0x607f1a63954c [ 124.038111] CPU: 1 UID: 0 PID: 4176 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 124.038131] Tainted: [D]=DIE, [W]=WARN [ 124.038135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.038143] Call Trace: [ 124.038147] [ 124.038152] dump_stack_lvl+0xca/0x120 [ 124.038180] __lookup_object+0x94/0xb0 [ 124.038198] delete_object_full+0x27/0x70 [ 124.038213] free_percpu+0x30/0x1160 [ 124.038230] ? arch_uprobe_clear_state+0x16/0x140 [ 124.038248] futex_hash_free+0x38/0xc0 [ 124.038262] mmput+0x2d3/0x390 [ 124.038280] do_exit+0x79d/0x2970 [ 124.038294] ? signal_wake_up_state+0x85/0x120 [ 124.038309] ? zap_other_threads+0x2b9/0x3a0 [ 124.038324] ? __pfx_do_exit+0x10/0x10 [ 124.038336] ? do_group_exit+0x1c3/0x2a0 [ 124.038349] ? lock_release+0xc8/0x290 [ 124.038363] do_group_exit+0xd3/0x2a0 [ 124.038377] __x64_sys_exit_group+0x3e/0x50 [ 124.038390] x64_sys_call+0x18c5/0x18d0 [ 124.038406] do_syscall_64+0xbf/0x360 [ 124.038417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.038429] RIP: 0033:0x7f05a3738b19 [ 124.038438] Code: Unable to access opcode bytes at 0x7f05a3738aef. [ 124.038443] RSP: 002b:00007ffeec976728 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.038455] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f05a3738b19 [ 124.038462] RDX: 00007f05a36eb72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 124.038470] RBP: 0000000000000000 R08: 0000001b2d225fc4 R09: 0000000000000000 [ 124.038477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.038484] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffeec976810 [ 124.038495] [ 124.038499] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 124.038506] kmemleak: comm "syz-executor.0", pid 4182, jiffies 4294790795 [ 124.038513] kmemleak: min_count = 1 [ 124.038517] kmemleak: count = 0 [ 124.038521] kmemleak: flags = 0x21 [ 124.038525] kmemleak: checksum = 0 [ 124.038529] kmemleak: backtrace: [ 124.038533] pcpu_alloc_noprof+0x87a/0x1170 [ 124.038548] perf_trace_event_init+0x366/0xa10 [ 124.038562] perf_trace_init+0x1a4/0x2f0 [ 124.038573] perf_tp_event_init+0xa6/0x120 [ 124.038589] perf_try_init_event+0x140/0x9f0 [ 124.038601] perf_event_alloc.part.0+0x118e/0x45f0 [ 124.038623] __do_sys_perf_event_open+0x719/0x2c20 [ 124.038635] do_syscall_64+0xbf/0x360 [ 124.038644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.055273] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.056721] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 124.057149] RAX: 0900000000000032 RBX: 47ffffffffffffa0 RCX: ffffffff81898973 [ 124.057715] RDX: ffff88800f3a3700 RSI: ffffffff818995b7 RDI: 4800000000000190 [ 124.058277] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16548 [ 124.058840] R10: 0000000000000000 R11: ffff888017629c98 R12: dffffc0000000000 [ 124.059397] R13: 0000000000000000 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 124.059959] FS: 00007fb049c0c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 124.060605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.061070] CR2: 00007fb04c7aa018 CR3: 0000000013a08000 CR4: 0000000000350ef0 [ 124.061634] Call Trace: [ 124.061842] [ 124.062020] ? __pfx_perf_tp_event+0x10/0x10 [ 124.062383] ? update_load_avg+0x17d/0x1ef0 [ 124.062729] ? place_entity+0x1c/0x410 [ 124.063047] ? check_preempt_wakeup_fair+0x6e/0x950 [ 124.063446] ? lock_release+0x1c7/0x290 [ 124.063764] ? lock_release+0x1c7/0x290 [ 124.064088] ? do_raw_spin_unlock+0x53/0x220 [ 124.064450] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 124.064872] ? try_to_wake_up+0x8ae/0x11d0 [ 124.065220] ? do_raw_spin_lock+0x123/0x260 [ 124.065568] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 124.065952] ? perf_trace_run_bpf_submit+0xef/0x180 [ 124.066359] perf_trace_run_bpf_submit+0xef/0x180 [ 124.066755] perf_trace_preemptirq_template+0x259/0x430 [ 124.067183] ? read_tsc+0x9/0x20 [ 124.067468] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.067941] ? clockevents_program_event+0x135/0x360 [ 124.068352] ? tick_program_event+0xac/0x140 [ 124.068713] ? handle_softirqs+0x16e/0x770 [ 124.069065] trace_irq_enable.constprop.0+0xa6/0x100 [ 124.069465] trace_hardirqs_on+0x26/0x40 [ 124.069792] handle_softirqs+0x16e/0x770 [ 124.070125] __irq_exit_rcu+0xc4/0x100 [ 124.070448] irq_exit_rcu+0x9/0x20 [ 124.070736] sysvec_apic_timer_interrupt+0x70/0x80 [ 124.071129] [ 124.071313] [ 124.071498] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 124.071920] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 124.072300] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 124.073736] RSP: 0018:ffff888018d77f28 EFLAGS: 00000246 [ 124.074158] RAX: 0000000000000001 RBX: ffff88800f3a3700 RCX: ffffffff817c2b86 [ 124.074717] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 124.075282] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 124.075842] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800f3a3700 [ 124.076407] R13: 0000000000000000 R14: e8fffc0000000032 R15: 0000000000000000 [ 124.076977] ? trace_irq_enable.constprop.0+0x26/0x100 [ 124.077397] ? make_task_dead+0x214/0x3b0 [ 124.077733] ? make_task_dead+0x214/0x3b0 [ 124.078068] ? do_syscall_64+0xbf/0x360 [ 124.078388] rewind_stack_and_make_dead+0x16/0x20 [ 124.078779] RIP: 0033:0x7fb04c696b19 [ 124.079075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.080509] RSP: 002b:00007fb049c0c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.081120] RAX: ffffffffffffffda RBX: 00007fb04c7a9f68 RCX: 00007fb04c696b19 [ 124.081684] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb04c7a9f6c [ 124.082246] RBP: 00007fb04c7a9f60 R08: 000000000000000e R09: 0000000000000000 [ 124.082806] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb04c7a9f6c [ 124.083369] R13: 00007ffcd7eb01ff R14: 00007fb049c0c300 R15: 0000000000022000 [ 124.083937] [ 124.084125] Modules linked in: [ 124.084385] ---[ end trace 0000000000000000 ]--- [ 124.084764] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.085145] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.086576] RSP: 0018:ffff888018d77780 EFLAGS: 00010012 [ 124.086999] RAX: 0900000000000032 RBX: 47ffffffffffffa0 RCX: ffffc900013ff000 [ 124.087561] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 4800000000000190 [ 124.088121] RBP: ffff888018d779f0 R08: ffff88806ce31340 R09: ffffe8ffffc16548 [ 124.088685] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.089242] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.089808] FS: 00007fb049c0c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 124.090443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.090910] CR2: 00007fb04c7aa018 CR3: 0000000013a08000 CR4: 0000000000350ef0 [ 124.091478] Kernel panic - not syncing: Fatal exception in interrupt [ 124.092067] Kernel Offset: disabled [ 124.092355] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:20:54 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888018d77118 R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000020 R11=6572617764726148 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb049c0c700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb04c7aa018 CR3=0000000013a08000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fb04c77d7c000007fb04c77d7c8 XMM02=00007fb04c77d7e000007fb04c77d7c0 XMM03=00007fb04c77d7c800007fb04c77d7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81a029db RDX=ffff88801739d280 RSI=ffffffff81a029e9 RDI=0000000000000004 RBP=0000000000000001 RSP=ffff888016e37880 R8 =0000000000000000 R9 =fffff940001f3608 R10=00000000000001fd R11=1ffff1100d9e6f7b R12=0000000000000001 R13=00007f05a34ed000 R14=ffff888016e37ce0 R15=800000003e6c1067 RIP=ffffffff819cee0d RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055558f193708 CR3=000000003f724000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000