Warning: Permanently added '[localhost]:34963' (ECDSA) to the list of known hosts. 2025/08/29 12:26:49 fuzzer started 2025/08/29 12:26:49 dialing manager at localhost:43077 syzkaller login: [ 51.186760] cgroup: Unknown subsys name 'net' [ 51.258831] cgroup: Unknown subsys name 'cpuset' [ 51.274092] cgroup: Unknown subsys name 'rlimit' 2025/08/29 12:27:00 syscalls: 2214 2025/08/29 12:27:00 code coverage: enabled 2025/08/29 12:27:00 comparison tracing: enabled 2025/08/29 12:27:00 extra coverage: enabled 2025/08/29 12:27:00 setuid sandbox: enabled 2025/08/29 12:27:00 namespace sandbox: enabled 2025/08/29 12:27:00 Android sandbox: enabled 2025/08/29 12:27:00 fault injection: enabled 2025/08/29 12:27:00 leak checking: enabled 2025/08/29 12:27:00 net packet injection: enabled 2025/08/29 12:27:00 net device setup: enabled 2025/08/29 12:27:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 12:27:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 12:27:00 USB emulation: enabled 2025/08/29 12:27:00 hci packet injection: enabled 2025/08/29 12:27:00 wifi device emulation: enabled 2025/08/29 12:27:00 802.15.4 emulation: enabled 2025/08/29 12:27:00 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 12:27:00 fetching corpus: 50, signal 22550/26076 (executing program) 2025/08/29 12:27:00 fetching corpus: 100, signal 31370/36359 (executing program) 2025/08/29 12:27:00 fetching corpus: 150, signal 38571/44951 (executing program) 2025/08/29 12:27:01 fetching corpus: 200, signal 45187/52893 (executing program) 2025/08/29 12:27:01 fetching corpus: 250, signal 51978/60797 (executing program) 2025/08/29 12:27:01 fetching corpus: 300, signal 58683/68467 (executing program) 2025/08/29 12:27:01 fetching corpus: 350, signal 61341/72310 (executing program) 2025/08/29 12:27:01 fetching corpus: 400, signal 63245/75408 (executing program) 2025/08/29 12:27:01 fetching corpus: 450, signal 65940/79155 (executing program) 2025/08/29 12:27:01 fetching corpus: 500, signal 71998/85843 (executing program) 2025/08/29 12:27:01 fetching corpus: 550, signal 75709/90350 (executing program) 2025/08/29 12:27:01 fetching corpus: 600, signal 77751/93326 (executing program) 2025/08/29 12:27:01 fetching corpus: 650, signal 80074/96530 (executing program) 2025/08/29 12:27:01 fetching corpus: 700, signal 82636/99933 (executing program) 2025/08/29 12:27:01 fetching corpus: 750, signal 84012/102261 (executing program) 2025/08/29 12:27:02 fetching corpus: 800, signal 85671/104762 (executing program) 2025/08/29 12:27:02 fetching corpus: 850, signal 88897/108547 (executing program) 2025/08/29 12:27:02 fetching corpus: 900, signal 91466/111671 (executing program) 2025/08/29 12:27:02 fetching corpus: 950, signal 94661/115285 (executing program) 2025/08/29 12:27:02 fetching corpus: 1000, signal 96343/117674 (executing program) 2025/08/29 12:27:02 fetching corpus: 1050, signal 98617/120446 (executing program) 2025/08/29 12:27:02 fetching corpus: 1100, signal 100311/122763 (executing program) 2025/08/29 12:27:02 fetching corpus: 1150, signal 101912/124961 (executing program) 2025/08/29 12:27:02 fetching corpus: 1200, signal 104077/127526 (executing program) 2025/08/29 12:27:03 fetching corpus: 1250, signal 105568/129556 (executing program) 2025/08/29 12:27:03 fetching corpus: 1300, signal 107071/131564 (executing program) 2025/08/29 12:27:03 fetching corpus: 1350, signal 108758/133672 (executing program) 2025/08/29 12:27:03 fetching corpus: 1400, signal 109808/135274 (executing program) 2025/08/29 12:27:03 fetching corpus: 1450, signal 110764/136781 (executing program) 2025/08/29 12:27:03 fetching corpus: 1500, signal 111944/138612 (executing program) 2025/08/29 12:27:03 fetching corpus: 1550, signal 113663/140618 (executing program) 2025/08/29 12:27:03 fetching corpus: 1600, signal 115249/142428 (executing program) 2025/08/29 12:27:03 fetching corpus: 1650, signal 117393/144700 (executing program) 2025/08/29 12:27:03 fetching corpus: 1700, signal 118692/146412 (executing program) 2025/08/29 12:27:03 fetching corpus: 1750, signal 119679/147843 (executing program) 2025/08/29 12:27:04 fetching corpus: 1800, signal 120856/149399 (executing program) 2025/08/29 12:27:04 fetching corpus: 1850, signal 121907/150764 (executing program) 2025/08/29 12:27:04 fetching corpus: 1900, signal 122876/152096 (executing program) 2025/08/29 12:27:04 fetching corpus: 1950, signal 123918/153482 (executing program) 2025/08/29 12:27:04 fetching corpus: 2000, signal 124694/154680 (executing program) 2025/08/29 12:27:04 fetching corpus: 2050, signal 125416/155847 (executing program) 2025/08/29 12:27:04 fetching corpus: 2100, signal 126155/157027 (executing program) 2025/08/29 12:27:04 fetching corpus: 2150, signal 128225/158900 (executing program) 2025/08/29 12:27:04 fetching corpus: 2200, signal 128890/159984 (executing program) 2025/08/29 12:27:04 fetching corpus: 2250, signal 129875/161205 (executing program) 2025/08/29 12:27:05 fetching corpus: 2300, signal 130706/162306 (executing program) 2025/08/29 12:27:05 fetching corpus: 2350, signal 131581/163438 (executing program) 2025/08/29 12:27:05 fetching corpus: 2400, signal 132217/164404 (executing program) 2025/08/29 12:27:05 fetching corpus: 2450, signal 132989/165448 (executing program) 2025/08/29 12:27:05 fetching corpus: 2500, signal 133640/166387 (executing program) 2025/08/29 12:27:05 fetching corpus: 2550, signal 134670/167514 (executing program) 2025/08/29 12:27:05 fetching corpus: 2600, signal 135714/168626 (executing program) 2025/08/29 12:27:05 fetching corpus: 2650, signal 136429/169577 (executing program) 2025/08/29 12:27:05 fetching corpus: 2700, signal 136897/170404 (executing program) 2025/08/29 12:27:05 fetching corpus: 2750, signal 137846/171396 (executing program) 2025/08/29 12:27:06 fetching corpus: 2800, signal 138494/172268 (executing program) 2025/08/29 12:27:06 fetching corpus: 2850, signal 139066/173083 (executing program) 2025/08/29 12:27:06 fetching corpus: 2900, signal 139700/173920 (executing program) 2025/08/29 12:27:06 fetching corpus: 2950, signal 140279/174717 (executing program) 2025/08/29 12:27:06 fetching corpus: 3000, signal 140871/175519 (executing program) 2025/08/29 12:27:06 fetching corpus: 3050, signal 141457/176348 (executing program) 2025/08/29 12:27:06 fetching corpus: 3100, signal 142209/177234 (executing program) 2025/08/29 12:27:06 fetching corpus: 3150, signal 142690/177967 (executing program) 2025/08/29 12:27:06 fetching corpus: 3200, signal 143586/178784 (executing program) 2025/08/29 12:27:06 fetching corpus: 3250, signal 144071/179516 (executing program) 2025/08/29 12:27:06 fetching corpus: 3300, signal 144848/180384 (executing program) 2025/08/29 12:27:06 fetching corpus: 3350, signal 145357/181085 (executing program) 2025/08/29 12:27:06 fetching corpus: 3400, signal 145886/181760 (executing program) 2025/08/29 12:27:07 fetching corpus: 3450, signal 146238/182371 (executing program) 2025/08/29 12:27:07 fetching corpus: 3500, signal 146789/183014 (executing program) 2025/08/29 12:27:07 fetching corpus: 3550, signal 147221/183646 (executing program) 2025/08/29 12:27:07 fetching corpus: 3600, signal 147796/184291 (executing program) 2025/08/29 12:27:07 fetching corpus: 3650, signal 148394/184983 (executing program) 2025/08/29 12:27:07 fetching corpus: 3700, signal 149292/185785 (executing program) 2025/08/29 12:27:07 fetching corpus: 3750, signal 149864/186446 (executing program) 2025/08/29 12:27:07 fetching corpus: 3800, signal 150478/187048 (executing program) 2025/08/29 12:27:07 fetching corpus: 3850, signal 151082/187602 (executing program) 2025/08/29 12:27:07 fetching corpus: 3900, signal 151517/188099 (executing program) 2025/08/29 12:27:07 fetching corpus: 3950, signal 152426/188751 (executing program) 2025/08/29 12:27:08 fetching corpus: 4000, signal 152813/189277 (executing program) 2025/08/29 12:27:08 fetching corpus: 4050, signal 153378/189836 (executing program) 2025/08/29 12:27:08 fetching corpus: 4100, signal 153715/190345 (executing program) 2025/08/29 12:27:08 fetching corpus: 4150, signal 154541/190900 (executing program) 2025/08/29 12:27:08 fetching corpus: 4200, signal 154982/191382 (executing program) 2025/08/29 12:27:08 fetching corpus: 4250, signal 155386/191836 (executing program) 2025/08/29 12:27:08 fetching corpus: 4300, signal 155786/192329 (executing program) 2025/08/29 12:27:08 fetching corpus: 4350, signal 156581/192853 (executing program) 2025/08/29 12:27:08 fetching corpus: 4400, signal 156979/193320 (executing program) 2025/08/29 12:27:08 fetching corpus: 4450, signal 157351/193810 (executing program) 2025/08/29 12:27:08 fetching corpus: 4500, signal 157856/194249 (executing program) 2025/08/29 12:27:08 fetching corpus: 4550, signal 158300/194650 (executing program) 2025/08/29 12:27:09 fetching corpus: 4600, signal 158840/195068 (executing program) 2025/08/29 12:27:09 fetching corpus: 4650, signal 159498/195441 (executing program) 2025/08/29 12:27:09 fetching corpus: 4700, signal 160068/195832 (executing program) 2025/08/29 12:27:09 fetching corpus: 4750, signal 160550/196039 (executing program) 2025/08/29 12:27:09 fetching corpus: 4800, signal 161183/196048 (executing program) 2025/08/29 12:27:09 fetching corpus: 4850, signal 161972/196176 (executing program) 2025/08/29 12:27:09 fetching corpus: 4900, signal 162377/196184 (executing program) 2025/08/29 12:27:09 fetching corpus: 4950, signal 162681/196196 (executing program) 2025/08/29 12:27:09 fetching corpus: 5000, signal 163146/196208 (executing program) 2025/08/29 12:27:09 fetching corpus: 5050, signal 163578/196219 (executing program) 2025/08/29 12:27:09 fetching corpus: 5100, signal 164000/196256 (executing program) 2025/08/29 12:27:09 fetching corpus: 5150, signal 164927/196274 (executing program) 2025/08/29 12:27:10 fetching corpus: 5200, signal 165290/196275 (executing program) 2025/08/29 12:27:10 fetching corpus: 5250, signal 165687/196320 (executing program) 2025/08/29 12:27:10 fetching corpus: 5300, signal 166016/196324 (executing program) 2025/08/29 12:27:10 fetching corpus: 5350, signal 166557/196326 (executing program) 2025/08/29 12:27:10 fetching corpus: 5400, signal 166930/196332 (executing program) 2025/08/29 12:27:10 fetching corpus: 5450, signal 167571/196345 (executing program) 2025/08/29 12:27:10 fetching corpus: 5500, signal 167874/196348 (executing program) 2025/08/29 12:27:10 fetching corpus: 5550, signal 168185/196360 (executing program) 2025/08/29 12:27:10 fetching corpus: 5600, signal 168534/196417 (executing program) 2025/08/29 12:27:10 fetching corpus: 5650, signal 168811/196420 (executing program) 2025/08/29 12:27:10 fetching corpus: 5700, signal 169402/196458 (executing program) 2025/08/29 12:27:11 fetching corpus: 5750, signal 169726/196459 (executing program) 2025/08/29 12:27:11 fetching corpus: 5800, signal 170148/196466 (executing program) 2025/08/29 12:27:11 fetching corpus: 5850, signal 170556/196478 (executing program) 2025/08/29 12:27:11 fetching corpus: 5900, signal 171169/196501 (executing program) 2025/08/29 12:27:11 fetching corpus: 5950, signal 171575/196509 (executing program) 2025/08/29 12:27:11 fetching corpus: 6000, signal 171827/196514 (executing program) 2025/08/29 12:27:11 fetching corpus: 6050, signal 172138/196521 (executing program) 2025/08/29 12:27:11 fetching corpus: 6100, signal 172538/196522 (executing program) 2025/08/29 12:27:11 fetching corpus: 6150, signal 172903/196526 (executing program) 2025/08/29 12:27:11 fetching corpus: 6200, signal 173204/196556 (executing program) 2025/08/29 12:27:11 fetching corpus: 6250, signal 173537/196562 (executing program) 2025/08/29 12:27:11 fetching corpus: 6300, signal 173865/196567 (executing program) 2025/08/29 12:27:11 fetching corpus: 6350, signal 174093/196583 (executing program) 2025/08/29 12:27:11 fetching corpus: 6400, signal 174349/196587 (executing program) 2025/08/29 12:27:12 fetching corpus: 6450, signal 174641/196588 (executing program) 2025/08/29 12:27:12 fetching corpus: 6500, signal 175042/196601 (executing program) 2025/08/29 12:27:12 fetching corpus: 6550, signal 175314/196610 (executing program) 2025/08/29 12:27:12 fetching corpus: 6600, signal 175645/196617 (executing program) 2025/08/29 12:27:12 fetching corpus: 6650, signal 175939/196620 (executing program) 2025/08/29 12:27:12 fetching corpus: 6700, signal 176392/196628 (executing program) 2025/08/29 12:27:12 fetching corpus: 6750, signal 176686/196647 (executing program) 2025/08/29 12:27:12 fetching corpus: 6800, signal 176962/196649 (executing program) 2025/08/29 12:27:12 fetching corpus: 6850, signal 177348/196668 (executing program) 2025/08/29 12:27:12 fetching corpus: 6900, signal 177692/196677 (executing program) 2025/08/29 12:27:12 fetching corpus: 6950, signal 178074/196691 (executing program) 2025/08/29 12:27:12 fetching corpus: 7000, signal 178416/196697 (executing program) 2025/08/29 12:27:13 fetching corpus: 7050, signal 178788/196721 (executing program) 2025/08/29 12:27:13 fetching corpus: 7100, signal 179127/196722 (executing program) 2025/08/29 12:27:13 fetching corpus: 7150, signal 179423/196727 (executing program) 2025/08/29 12:27:13 fetching corpus: 7200, signal 179718/196790 (executing program) 2025/08/29 12:27:13 fetching corpus: 7250, signal 179985/196843 (executing program) 2025/08/29 12:27:13 fetching corpus: 7300, signal 180336/196879 (executing program) 2025/08/29 12:27:13 fetching corpus: 7350, signal 180625/196887 (executing program) 2025/08/29 12:27:13 fetching corpus: 7400, signal 180953/196892 (executing program) 2025/08/29 12:27:13 fetching corpus: 7450, signal 181256/196895 (executing program) 2025/08/29 12:27:13 fetching corpus: 7500, signal 181568/196910 (executing program) 2025/08/29 12:27:13 fetching corpus: 7550, signal 181833/196911 (executing program) 2025/08/29 12:27:13 fetching corpus: 7600, signal 182159/196914 (executing program) 2025/08/29 12:27:14 fetching corpus: 7650, signal 182438/196918 (executing program) 2025/08/29 12:27:14 fetching corpus: 7700, signal 182801/196955 (executing program) 2025/08/29 12:27:14 fetching corpus: 7750, signal 183067/196981 (executing program) 2025/08/29 12:27:14 fetching corpus: 7800, signal 183370/196983 (executing program) 2025/08/29 12:27:14 fetching corpus: 7850, signal 183767/196991 (executing program) 2025/08/29 12:27:14 fetching corpus: 7900, signal 184048/196994 (executing program) 2025/08/29 12:27:14 fetching corpus: 7950, signal 184283/196994 (executing program) 2025/08/29 12:27:14 fetching corpus: 8000, signal 184584/196999 (executing program) 2025/08/29 12:27:14 fetching corpus: 8050, signal 184786/197004 (executing program) 2025/08/29 12:27:14 fetching corpus: 8100, signal 185037/197015 (executing program) 2025/08/29 12:27:14 fetching corpus: 8150, signal 185331/197037 (executing program) 2025/08/29 12:27:14 fetching corpus: 8200, signal 185704/197049 (executing program) 2025/08/29 12:27:15 fetching corpus: 8250, signal 186013/197059 (executing program) 2025/08/29 12:27:15 fetching corpus: 8300, signal 186255/197089 (executing program) 2025/08/29 12:27:15 fetching corpus: 8350, signal 186559/197104 (executing program) 2025/08/29 12:27:15 fetching corpus: 8400, signal 186774/197132 (executing program) 2025/08/29 12:27:15 fetching corpus: 8450, signal 187049/197138 (executing program) 2025/08/29 12:27:15 fetching corpus: 8500, signal 187328/197140 (executing program) 2025/08/29 12:27:15 fetching corpus: 8550, signal 187687/197152 (executing program) 2025/08/29 12:27:15 fetching corpus: 8600, signal 188055/197163 (executing program) 2025/08/29 12:27:15 fetching corpus: 8650, signal 188366/197168 (executing program) 2025/08/29 12:27:15 fetching corpus: 8700, signal 188631/197169 (executing program) 2025/08/29 12:27:15 fetching corpus: 8750, signal 189011/197182 (executing program) 2025/08/29 12:27:15 fetching corpus: 8800, signal 189342/197188 (executing program) 2025/08/29 12:27:16 fetching corpus: 8850, signal 189655/197195 (executing program) 2025/08/29 12:27:16 fetching corpus: 8900, signal 189871/197199 (executing program) 2025/08/29 12:27:16 fetching corpus: 8950, signal 190183/197223 (executing program) 2025/08/29 12:27:16 fetching corpus: 9000, signal 190482/197225 (executing program) 2025/08/29 12:27:16 fetching corpus: 9050, signal 190845/197234 (executing program) 2025/08/29 12:27:16 fetching corpus: 9100, signal 191145/197240 (executing program) 2025/08/29 12:27:16 fetching corpus: 9150, signal 191681/197241 (executing program) 2025/08/29 12:27:16 fetching corpus: 9200, signal 192057/197329 (executing program) 2025/08/29 12:27:16 fetching corpus: 9250, signal 192355/197335 (executing program) 2025/08/29 12:27:17 fetching corpus: 9300, signal 192552/197343 (executing program) 2025/08/29 12:27:17 fetching corpus: 9350, signal 192824/197349 (executing program) 2025/08/29 12:27:17 fetching corpus: 9400, signal 193046/197352 (executing program) 2025/08/29 12:27:17 fetching corpus: 9450, signal 193244/197355 (executing program) 2025/08/29 12:27:17 fetching corpus: 9500, signal 193438/197363 (executing program) 2025/08/29 12:27:17 fetching corpus: 9526, signal 193632/197445 (executing program) 2025/08/29 12:27:17 fetching corpus: 9526, signal 193632/197445 (executing program) 2025/08/29 12:27:19 starting 8 fuzzer processes 12:27:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0xb341daa0822653b3, 0x0, 0x0, {0x15}}, 0x14}}, 0x0) 12:27:19 executing program 1: delete_module(0x0, 0x0) 12:27:19 executing program 2: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x40187014, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x0, 0x0, 0x1b}}) 12:27:19 executing program 3: openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) pipe2$9p(0x0, 0x0) syz_io_uring_setup(0x363e, &(0x7f0000000640)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0, 0x0) 12:27:19 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) kcmp(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/anycast6\x00') lseek(r0, 0x0, 0x1) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) 12:27:19 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') mknodat$null(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x103) 12:27:19 executing program 6: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) readv(r0, 0x0, 0x0) [ 80.772068] audit: type=1400 audit(1756470439.742:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:27:19 executing program 7: r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) [ 81.996207] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.998190] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.000287] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.010026] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.016959] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.119935] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.122054] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.123902] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.126704] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.128056] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.131289] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.137728] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.139283] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.146694] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.159688] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.193790] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.205572] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.212289] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 82.215619] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 82.217463] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 82.218259] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.218852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.225761] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 82.229354] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 82.233113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.237029] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.238836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.242925] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 82.245349] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 82.246921] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 82.249292] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 82.249723] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 82.254336] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.254836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.260360] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 82.262332] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.268701] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 82.272345] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.276762] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.279574] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 84.088452] Bluetooth: hci0: command tx timeout [ 84.151463] Bluetooth: hci1: command tx timeout [ 84.215445] Bluetooth: hci2: command tx timeout [ 84.343582] Bluetooth: hci4: command tx timeout [ 84.344171] Bluetooth: hci6: command tx timeout [ 84.344717] Bluetooth: hci3: command tx timeout [ 84.407488] Bluetooth: hci5: command tx timeout [ 84.407514] Bluetooth: hci7: command tx timeout [ 86.135551] Bluetooth: hci0: command tx timeout [ 86.199515] Bluetooth: hci1: command tx timeout [ 86.264437] Bluetooth: hci2: command tx timeout [ 86.391520] Bluetooth: hci6: command tx timeout [ 86.393062] Bluetooth: hci3: command tx timeout [ 86.393123] Bluetooth: hci4: command tx timeout [ 86.455530] Bluetooth: hci7: command tx timeout [ 86.456763] Bluetooth: hci5: command tx timeout [ 88.183476] Bluetooth: hci0: command tx timeout [ 88.247461] Bluetooth: hci1: command tx timeout [ 88.312201] Bluetooth: hci2: command tx timeout [ 88.439463] Bluetooth: hci4: command tx timeout [ 88.439489] Bluetooth: hci3: command tx timeout [ 88.439923] Bluetooth: hci6: command tx timeout [ 88.505669] Bluetooth: hci5: command tx timeout [ 88.506054] Bluetooth: hci7: command tx timeout [ 90.231524] Bluetooth: hci0: command tx timeout [ 90.297439] Bluetooth: hci1: command tx timeout [ 90.360460] Bluetooth: hci2: command tx timeout [ 90.487491] Bluetooth: hci6: command tx timeout [ 90.487806] Bluetooth: hci3: command tx timeout [ 90.487934] Bluetooth: hci4: command tx timeout [ 90.551473] Bluetooth: hci7: command tx timeout [ 90.551871] Bluetooth: hci5: command tx timeout [ 120.335841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.337315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.468884] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.469549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.745468] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.746100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.061132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.062051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.435007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.435954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.486350] audit: type=1400 audit(1756470480.454:8): avc: denied { open } for pid=3836 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.500871] audit: type=1400 audit(1756470480.455:9): avc: denied { kernel } for pid=3836 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.633025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.633654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.669300] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.670423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.854155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.854794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.968410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.969035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.023879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.024569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.169186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.170473] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.228603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.229261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.363102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.364415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.418770] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.419451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.927961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.929131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.971347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.972575] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:28:02 executing program 0: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r1, 0x89f6, &(0x7f0000000100)={'sit0\x00', 0x0}) 12:28:02 executing program 5: syz_emit_ethernet(0x36, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @timestamp}}}}, 0x0) 12:28:02 executing program 6: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, {[], @echo_request}}}}}, 0x0) 12:28:02 executing program 7: r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 12:28:02 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 12:28:02 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00') pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34) 12:28:02 executing program 4: sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x15c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_LINK={0x110, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x15c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="fbffffff00000000001501"], 0x3c}}, 0x0) 12:28:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x36, &(0x7f0000000000)={@remote}, 0x20) 12:28:02 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) [ 123.300550] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. 12:28:02 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/module/snd_intel_sdw_acpi', 0x0, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000180)) 12:28:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x36, &(0x7f0000000000)={@remote}, 0x20) 12:28:02 executing program 7: r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 12:28:02 executing program 6: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, {[], @echo_request}}}}}, 0x0) 12:28:02 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {0x3}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x4}]}, 0x1c}}, 0x0) 12:28:02 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00') pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34) 12:28:02 executing program 4: sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x15c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_LINK={0x110, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x15c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="fbffffff00000000001501"], 0x3c}}, 0x0) 12:28:02 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)={0x20, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r1}, @nested={0x5, 0x0, 0x0, 0x1, [@generic="d5"]}]}, 0x20}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) [ 123.433296] kmemleak: Found object by alias at 0x607f1a639b4c [ 123.433316] CPU: 0 UID: 0 PID: 3929 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.433334] Tainted: [W]=WARN [ 123.433337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.433344] Call Trace: [ 123.433348] [ 123.433352] dump_stack_lvl+0xca/0x120 [ 123.433380] __lookup_object+0x94/0xb0 [ 123.433396] delete_object_full+0x27/0x70 [ 123.433412] free_percpu+0x30/0x1160 [ 123.433428] ? arch_uprobe_clear_state+0x16/0x140 [ 123.433447] futex_hash_free+0x38/0xc0 [ 123.433461] mmput+0x2d3/0x390 [ 123.433479] do_exit+0x79d/0x2970 [ 123.433496] ? __pfx_do_exit+0x10/0x10 [ 123.433510] ? find_held_lock+0x2b/0x80 [ 123.433527] ? get_signal+0x835/0x2340 [ 123.433546] do_group_exit+0xd3/0x2a0 [ 123.433560] get_signal+0x2315/0x2340 [ 123.433580] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.433598] ? __pfx_get_signal+0x10/0x10 [ 123.433614] ? __schedule+0xe91/0x3590 [ 123.433633] arch_do_signal_or_restart+0x80/0x790 [ 123.433650] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 123.433666] ? __x64_sys_futex+0x1c9/0x4d0 [ 123.433678] ? __x64_sys_futex+0x1d2/0x4d0 [ 123.433691] ? fput+0x6a/0x100 [ 123.433705] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.433717] ? ksys_write+0x1a3/0x240 [ 123.433733] exit_to_user_mode_loop+0x8b/0x110 [ 123.433746] do_syscall_64+0x2f7/0x360 [ 123.433757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.433768] RIP: 0033:0x7f1164e2cb19 [ 123.433777] Code: Unable to access opcode bytes at 0x7f1164e2caef. [ 123.433782] RSP: 002b:00007f11623a2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.433794] RAX: 0000000000000001 RBX: 00007f1164f3ff68 RCX: 00007f1164e2cb19 [ 123.433801] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1164f3ff6c [ 123.433807] RBP: 00007f1164f3ff60 R08: 000000000000000e R09: 0000000000000000 [ 123.433814] R10: 000000000000003e R11: 0000000000000246 R12: 00007f1164f3ff6c [ 123.433821] R13: 00007ffece3d347f R14: 00007f11623a2300 R15: 0000000000022000 [ 123.433836] [ 123.433840] kmemleak: Object (percpu) 0x607f1a639b48 (size 8): [ 123.433846] kmemleak: comm "syz-executor.7", pid 3933, jiffies 4294790245 [ 123.433853] kmemleak: min_count = 1 [ 123.433856] kmemleak: count = 0 [ 123.433860] kmemleak: flags = 0x21 [ 123.433863] kmemleak: checksum = 0 [ 123.433867] kmemleak: backtrace: [ 123.433870] pcpu_alloc_noprof+0x87a/0x1170 [ 123.433885] alloc_vfsmnt+0x135/0x6e0 [ 123.433898] vfs_create_mount.part.0+0x40/0x440 [ 123.433912] __do_sys_fsmount+0x43e/0x950 [ 123.433922] do_syscall_64+0xbf/0x360 [ 123.433931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.458197] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. 12:28:02 executing program 7: r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) [ 123.488304] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.497734] kmemleak: Found object by alias at 0x607f1a639704 [ 123.497748] CPU: 0 UID: 0 PID: 3932 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.497766] Tainted: [W]=WARN [ 123.497769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.497777] Call Trace: [ 123.497781] [ 123.497785] dump_stack_lvl+0xca/0x120 [ 123.497812] __lookup_object+0x94/0xb0 [ 123.497828] delete_object_full+0x27/0x70 [ 123.497843] free_percpu+0x30/0x1160 [ 123.497859] ? arch_uprobe_clear_state+0x16/0x140 [ 123.497878] futex_hash_free+0x38/0xc0 [ 123.497891] mmput+0x2d3/0x390 [ 123.497909] do_exit+0x79d/0x2970 [ 123.497922] ? lock_release+0xc8/0x290 [ 123.497939] ? __pfx_do_exit+0x10/0x10 [ 123.497952] ? find_held_lock+0x2b/0x80 [ 123.497969] ? get_signal+0x835/0x2340 [ 123.497988] do_group_exit+0xd3/0x2a0 [ 123.498002] get_signal+0x2315/0x2340 [ 123.498019] ? __sys_recvfrom+0x266/0x310 [ 123.498037] ? __pfx___sys_recvfrom+0x10/0x10 [ 123.498054] ? __pfx_get_signal+0x10/0x10 [ 123.498069] ? do_futex+0x135/0x370 [ 123.498082] ? __pfx_do_futex+0x10/0x10 [ 123.498097] arch_do_signal_or_restart+0x80/0x790 [ 123.498114] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 123.498129] ? __x64_sys_futex+0x1c9/0x4d0 [ 123.498141] ? __x64_sys_futex+0x1d2/0x4d0 [ 123.498155] ? fput_close_sync+0x114/0x240 [ 123.498170] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.498182] ? __pfx_fput_close_sync+0x10/0x10 [ 123.498197] ? dnotify_flush+0x79/0x4c0 [ 123.498207] ? xfd_validate_state+0x55/0x180 [ 123.498227] exit_to_user_mode_loop+0x8b/0x110 [ 123.498239] do_syscall_64+0x2f7/0x360 [ 123.498250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.498262] RIP: 0033:0x7f38c5ee3b19 [ 123.498270] Code: Unable to access opcode bytes at 0x7f38c5ee3aef. [ 123.498275] RSP: 002b:00007f38c3459218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.498286] RAX: fffffffffffffe00 RBX: 00007f38c5ff6f68 RCX: 00007f38c5ee3b19 [ 123.498293] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f38c5ff6f68 [ 123.498300] RBP: 00007f38c5ff6f60 R08: 0000000000000000 R09: 0000000000000000 [ 123.498307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38c5ff6f6c [ 123.498313] R13: 00007ffc019bdfbf R14: 00007f38c3459300 R15: 0000000000022000 [ 123.498329] [ 123.498332] kmemleak: Object (percpu) 0x607f1a639700 (size 8): [ 123.498339] kmemleak: comm "syz-executor.0", pid 3939, jiffies 4294790298 [ 123.498345] kmemleak: min_count = 1 [ 123.498349] kmemleak: count = 0 [ 123.498352] kmemleak: flags = 0x21 [ 123.498356] kmemleak: checksum = 0 [ 123.498360] kmemleak: backtrace: [ 123.498363] pcpu_alloc_noprof+0x87a/0x1170 [ 123.498377] perf_trace_event_init+0x366/0xa10 [ 123.498390] perf_trace_init+0x1a4/0x2f0 [ 123.498401] perf_tp_event_init+0xa6/0x120 [ 123.498416] perf_try_init_event+0x140/0x9f0 [ 123.498429] perf_event_alloc.part.0+0x118e/0x45f0 [ 123.498445] __do_sys_perf_event_open+0x719/0x2c20 [ 123.498457] do_syscall_64+0xbf/0x360 [ 123.498465] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:28:02 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 12:28:02 executing program 4: sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x15c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_LINK={0x110, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x15c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="fbffffff00000000001501"], 0x3c}}, 0x0) 12:28:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x36, &(0x7f0000000000)={@remote}, 0x20) 12:28:02 executing program 6: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, {[], @echo_request}}}}}, 0x0) 12:28:02 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00') pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34) 12:28:02 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x80}, 0xc) 12:28:02 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80044584, &(0x7f0000000040)={0x0, 0x0, 0x0}) 12:28:02 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)={0x20, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r1}, @nested={0x5, 0x0, 0x0, 0x1, [@generic="d5"]}]}, 0x20}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) 12:28:02 executing program 6: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, {[], @echo_request}}}}}, 0x0) [ 123.646132] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.647142] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.647804] CPU: 1 UID: 0 PID: 3956 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.649270] Tainted: [W]=WARN [ 123.650292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.652220] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.652598] kmemleak: Found object by alias at 0x607f1a639704 [ 123.652650] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.652668] Tainted: [W]=WARN [ 123.652672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.652679] Call Trace: [ 123.652683] [ 123.652688] dump_stack_lvl+0xca/0x120 [ 123.652712] __lookup_object+0x94/0xb0 [ 123.652728] delete_object_full+0x27/0x70 [ 123.652743] free_percpu+0x30/0x1160 [ 123.652759] ? arch_uprobe_clear_state+0x16/0x140 [ 123.652777] futex_hash_free+0x38/0xc0 [ 123.652790] mmput+0x2d3/0x390 [ 123.652808] do_exit+0x79d/0x2970 [ 123.652823] ? __pfx_do_exit+0x10/0x10 [ 123.652836] ? find_held_lock+0x2b/0x80 [ 123.652853] ? get_signal+0x835/0x2340 [ 123.652872] do_group_exit+0xd3/0x2a0 [ 123.652885] get_signal+0x2315/0x2340 [ 123.652902] ? put_task_stack+0xd2/0x240 [ 123.652914] ? __pfx_get_signal+0x10/0x10 [ 123.652930] ? __schedule+0xe91/0x3590 [ 123.652947] arch_do_signal_or_restart+0x80/0x790 [ 123.652963] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 123.652979] ? __x64_sys_futex+0x1c9/0x4d0 [ 123.652991] ? __x64_sys_futex+0x1d2/0x4d0 [ 123.653004] ? fput_close_sync+0x114/0x240 [ 123.653019] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.653031] ? __pfx_fput_close_sync+0x10/0x10 [ 123.653045] ? dnotify_flush+0x79/0x4c0 [ 123.653059] exit_to_user_mode_loop+0x8b/0x110 [ 123.653071] do_syscall_64+0x2f7/0x360 [ 123.653082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.653094] RIP: 0033:0x7f38c5ee3b19 [ 123.653102] Code: Unable to access opcode bytes at 0x7f38c5ee3aef. [ 123.653107] RSP: 002b:00007f38c3459218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.653118] RAX: 0000000000000001 RBX: 00007f38c5ff6f68 RCX: 00007f38c5ee3b19 [ 123.653125] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f38c5ff6f6c [ 123.653132] RBP: 00007f38c5ff6f60 R08: 000000000000000e R09: 0000000000000000 [ 123.653139] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f38c5ff6f6c [ 123.653145] R13: 00007ffc019bdfbf R14: 00007f38c3459300 R15: 0000000000022000 [ 123.653157] [ 123.653161] kmemleak: Object (percpu) 0x607f1a639700 (size 8): [ 123.653167] kmemleak: comm "syz-executor.7", pid 3954, jiffies 4294790469 [ 123.653174] kmemleak: min_count = 1 [ 123.653178] kmemleak: count = 0 [ 123.653181] kmemleak: flags = 0x21 [ 123.653185] kmemleak: checksum = 0 [ 123.653188] kmemleak: backtrace: [ 123.653192] pcpu_alloc_noprof+0x87a/0x1170 [ 123.653206] perf_trace_event_init+0x366/0xa10 [ 123.653219] perf_trace_init+0x1a4/0x2f0 [ 123.653231] perf_tp_event_init+0xa6/0x120 [ 123.653246] perf_try_init_event+0x140/0x9f0 [ 123.653259] perf_event_alloc.part.0+0x118e/0x45f0 [ 123.653275] __do_sys_perf_event_open+0x719/0x2c20 [ 123.653412] do_syscall_64+0xbf/0x360 [ 123.653420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.679224] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.680773] RSP: 0018:ffff888048047800 EFLAGS: 00010212 [ 123.681230] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006831000 [ 123.681832] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.682425] RBP: ffff888048047a70 R08: ffff88806cf31340 R09: ffffe8ffffd16700 [ 123.683038] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.683644] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.684251] FS: 00007f6caa2b5700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.684948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.685437] CR2: 0000001b2ce23000 CR3: 000000000d87c000 CR4: 0000000000350ef0 [ 123.686034] Call Trace: [ 123.686256] [ 123.686457] ? perf_trace_lock+0xb5/0x5d0 [ 123.686824] ? __pfx_perf_tp_event+0x10/0x10 [ 123.687217] ? lock_acquire+0x15e/0x2f0 [ 123.687562] ? __is_insn_slot_addr+0x2e/0x290 [ 123.687957] ? find_held_lock+0x2b/0x80 [ 123.688305] ? __is_insn_slot_addr+0x136/0x290 [ 123.688721] ? lock_release+0xc8/0x290 [ 123.689059] ? __is_insn_slot_addr+0x140/0x290 [ 123.689454] ? kernel_text_address+0x5b/0xc0 [ 123.689841] ? __kernel_text_address+0xd/0x40 [ 123.690224] ? unwind_get_return_address+0x59/0xa0 [ 123.690653] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 123.691110] ? arch_stack_walk+0x9c/0xf0 [ 123.691465] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.691893] perf_trace_run_bpf_submit+0xef/0x180 [ 123.692312] perf_trace_lock+0x337/0x5d0 [ 123.692691] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.693094] ? lock_acquire+0x15e/0x2f0 [ 123.693437] ? futex_ref_get+0x48/0x300 [ 123.693782] ? futex_ref_get+0x114/0x300 [ 123.694130] ? futex_hash+0x15c/0x390 [ 123.694457] lock_release+0x1ab/0x290 [ 123.694787] ? futex_hash+0x15c/0x390 [ 123.695118] futex_ref_get+0x119/0x300 [ 123.695449] ? futex_hash+0x15c/0x390 [ 123.695772] futex_hash+0x70/0x390 [ 123.696080] futex_wake+0x143/0x540 [ 123.696398] ? lock_release+0xc8/0x290 [ 123.696755] ? __pfx_futex_wake+0x10/0x10 [ 123.697122] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.697571] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 123.698043] do_futex+0x26d/0x370 [ 123.698353] ? __pfx_do_futex+0x10/0x10 [ 123.698702] ? __fput+0x67b/0xb50 [ 123.699009] __x64_sys_futex+0x1c9/0x4d0 [ 123.699375] ? fput_close_sync+0x114/0x240 [ 123.699739] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.700131] ? __pfx_fput_close_sync+0x10/0x10 [ 123.700521] ? dnotify_flush+0x79/0x4c0 [ 123.700874] ? xfd_validate_state+0x55/0x180 [ 123.701263] do_syscall_64+0xbf/0x360 [ 123.701590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.702023] RIP: 0033:0x7f6cacd3fb19 [ 123.702336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.703832] RSP: 002b:00007f6caa2b5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.704457] RAX: ffffffffffffffda RBX: 00007f6cace52f68 RCX: 00007f6cacd3fb19 [ 123.705075] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6cace52f6c [ 123.705662] RBP: 00007f6cace52f60 R08: 000000000000000e R09: 0000000000000000 [ 123.706258] R10: 000000000000001e R11: 0000000000000246 R12: 00007f6cace52f6c [ 123.706853] R13: 00007ffe2cfedd9f R14: 00007f6caa2b5300 R15: 0000000000022000 [ 123.707462] [ 123.707660] Modules linked in: [ 123.708804] ---[ end trace 0000000000000000 ]--- [ 123.709216] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.710105] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.711619] RSP: 0018:ffff888048047800 EFLAGS: 00010212 [ 123.712073] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006831000 [ 123.712707] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.713295] RBP: ffff888048047a70 R08: ffff88806cf31340 R09: ffffe8ffffd16700 [ 123.713895] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.714493] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.715080] FS: 00007f6caa2b5700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.715750] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.716234] CR2: 0000001b2ce23000 CR3: 000000000d87c000 CR4: 0000000000350ef0 [ 123.716859] note: syz-executor.4[3956] exited with preempt_count 1 [ 123.717374] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 123.718121] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3956, name: syz-executor.4 [ 123.718830] preempt_count: 0, expected: 0 [ 123.719165] RCU nest depth: 2, expected: 0 [ 123.719524] INFO: lockdep is turned off. [ 123.719858] CPU: 1 UID: 0 PID: 3956 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.719878] Tainted: [D]=DIE, [W]=WARN [ 123.719882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.719889] Call Trace: [ 123.719893] [ 123.719897] dump_stack_lvl+0xfa/0x120 [ 123.719919] __might_resched+0x2f3/0x510 [ 123.719934] exit_signals+0x25/0x940 [ 123.719953] do_exit+0x2db/0x2970 [ 123.719968] ? _printk+0xbe/0xf0 [ 123.719982] ? __pfx__printk+0x10/0x10 [ 123.719994] ? fput_close_sync+0x114/0x240 [ 123.720010] ? __pfx_do_exit+0x10/0x10 [ 123.720025] make_task_dead+0x174/0x3b0 [ 123.720039] ? do_syscall_64+0xbf/0x360 [ 123.720049] rewind_stack_and_make_dead+0x16/0x20 [ 123.720065] RIP: 0033:0x7f6cacd3fb19 [ 123.720074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.720085] RSP: 002b:00007f6caa2b5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.720096] RAX: ffffffffffffffda RBX: 00007f6cace52f68 RCX: 00007f6cacd3fb19 [ 123.720104] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6cace52f6c [ 123.720112] RBP: 00007f6cace52f60 R08: 000000000000000e R09: 0000000000000000 [ 123.720119] R10: 000000000000001e R11: 0000000000000246 R12: 00007f6cace52f6c [ 123.720126] R13: 00007ffe2cfedd9f R14: 00007f6caa2b5300 R15: 0000000000022000 [ 123.720137] 12:28:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x36, &(0x7f0000000000)={@remote}, 0x20) 12:28:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00010000000000000000000c000000010000000000000000000000000000aa"], 0x34}], 0x1}, 0x0) [ 123.758331] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 123.761714] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 12:28:02 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00') pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34) 12:28:02 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x0, 0x0, 0x0) [ 123.778972] kmemleak: Found object by alias at 0x607f1a639704 [ 123.778987] CPU: 0 UID: 0 PID: 3965 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.779006] Tainted: [D]=DIE, [W]=WARN [ 123.779010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.779017] Call Trace: [ 123.779020] [ 123.779024] dump_stack_lvl+0xca/0x120 [ 123.779046] __lookup_object+0x94/0xb0 [ 123.779062] delete_object_full+0x27/0x70 [ 123.779077] free_percpu+0x30/0x1160 [ 123.779093] ? arch_uprobe_clear_state+0x16/0x140 [ 123.779110] futex_hash_free+0x38/0xc0 [ 123.779123] mmput+0x2d3/0x390 [ 123.779140] do_exit+0x79d/0x2970 [ 123.779153] ? lock_release+0x1c7/0x290 [ 123.779167] ? __pfx_do_exit+0x10/0x10 [ 123.779179] ? do_raw_spin_lock+0x123/0x260 [ 123.779194] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.779209] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 123.779224] do_group_exit+0xd3/0x2a0 [ 123.779237] get_signal+0x2315/0x2340 [ 123.779254] ? errseq_sample+0x5a/0x70 [ 123.779270] ? __pfx_get_signal+0x10/0x10 [ 123.779286] ? do_futex+0x135/0x370 [ 123.779298] ? __pfx_do_futex+0x10/0x10 [ 123.779315] arch_do_signal_or_restart+0x80/0x790 [ 123.779331] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 123.779346] ? __x64_sys_futex+0x1c9/0x4d0 [ 123.779358] ? __x64_sys_futex+0x1d2/0x4d0 [ 123.779371] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.779386] exit_to_user_mode_loop+0x8b/0x110 [ 123.779397] do_syscall_64+0x2f7/0x360 [ 123.779408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.779420] RIP: 0033:0x7f38c5ee3b19 [ 123.779428] Code: Unable to access opcode bytes at 0x7f38c5ee3aef. [ 123.779433] RSP: 002b:00007f38c3459218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.779444] RAX: fffffffffffffe00 RBX: 00007f38c5ff6f68 RCX: 00007f38c5ee3b19 [ 123.779451] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f38c5ff6f68 [ 123.779458] RBP: 00007f38c5ff6f60 R08: 0000000000000000 R09: 0000000000000000 [ 123.779465] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38c5ff6f6c [ 123.779471] R13: 00007ffc019bdfbf R14: 00007f38c3459300 R15: 0000000000022000 [ 123.779482] [ 123.779485] kmemleak: Object (percpu) 0x607f1a639700 (size 8): [ 123.779491] kmemleak: comm "syz-executor.7", pid 3954, jiffies 4294790469 [ 123.779498] kmemleak: min_count = 1 [ 123.779502] kmemleak: count = 0 [ 123.779505] kmemleak: flags = 0x21 [ 123.779509] kmemleak: checksum = 0 [ 123.779513] kmemleak: backtrace: [ 123.779516] pcpu_alloc_noprof+0x87a/0x1170 [ 123.779531] perf_trace_event_init+0x366/0xa10 [ 123.779544] perf_trace_init+0x1a4/0x2f0 [ 123.779555] perf_tp_event_init+0xa6/0x120 [ 123.779570] perf_try_init_event+0x140/0x9f0 [ 123.779582] perf_event_alloc.part.0+0x118e/0x45f0 [ 123.779598] __do_sys_perf_event_open+0x719/0x2c20 [ 123.779610] do_syscall_64+0xbf/0x360 [ 123.779619] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:28:02 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 12:28:02 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040)) fchmodat(0xffffffffffffffff, 0x0, 0x0) [ 123.849840] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 123.850763] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.851450] CPU: 1 UID: 0 PID: 3971 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.852382] Tainted: [D]=DIE, [W]=WARN [ 123.852703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.853388] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.853776] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.855231] RSP: 0018:ffff8880173bf780 EFLAGS: 00010012 [ 123.855658] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005226000 [ 123.856237] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.856839] RBP: ffff8880173bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b48 [ 123.857404] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 123.857983] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.858547] FS: 00007f11623a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.859185] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.859654] CR2: 00007f2c8220e3a4 CR3: 0000000046dfb000 CR4: 0000000000350ef0 [ 123.860226] Call Trace: [ 123.860438] [ 123.860635] ? perf_trace_lock+0xb5/0x5d0 [ 123.860991] ? __pfx_perf_tp_event+0x10/0x10 [ 123.861355] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 123.861852] ? lock_release+0x1c7/0x290 [ 123.862179] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 123.862697] ? kvm_sched_clock_read+0x16/0x30 [ 123.863069] ? local_clock_noinstr+0xf/0xc0 [ 123.863422] ? perf_trace_lock+0xb5/0x5d0 [ 123.863760] ? perf_trace_lock+0xb5/0x5d0 [ 123.864096] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.864468] ? perf_trace_lock+0xb5/0x5d0 [ 123.864818] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.865190] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.865565] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.865970] ? select_task_rq_fair+0x48c/0x38b0 [ 123.866346] perf_trace_run_bpf_submit+0xef/0x180 [ 123.866739] perf_trace_preemptirq_template+0x259/0x430 [ 123.867173] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.867547] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.868024] ? __pfx___smp_call_single_queue+0x10/0x10 [ 123.868453] ? try_to_wake_up+0x8ae/0x11d0 [ 123.868818] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.869227] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.869635] trace_hardirqs_on+0x26/0x40 [ 123.869965] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.870367] try_to_wake_up+0x8ae/0x11d0 [ 123.870701] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.871070] ? plist_del+0x122/0x270 [ 123.871374] ? futex_wake+0x474/0x540 [ 123.871689] wake_up_q+0xa1/0x130 [ 123.871981] futex_wake+0x47e/0x540 [ 123.872283] ? __pfx_futex_wake+0x10/0x10 [ 123.872649] ? lock_release+0x1c7/0x290 [ 123.872988] ? fd_install+0x1f0/0x660 [ 123.873305] do_futex+0x26d/0x370 [ 123.873597] ? __pfx_do_futex+0x10/0x10 [ 123.873919] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 123.874336] ? count_memcg_events+0x32b/0x420 [ 123.874702] __x64_sys_futex+0x1c9/0x4d0 [ 123.875035] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.875502] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.875873] ? xfd_validate_state+0x55/0x180 [ 123.876237] do_syscall_64+0xbf/0x360 [ 123.876544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.876973] RIP: 0033:0x7f1164e2cb19 [ 123.877273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.878709] RSP: 002b:00007f11623a2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.879312] RAX: ffffffffffffffda RBX: 00007f1164f3ff68 RCX: 00007f1164e2cb19 [ 123.879875] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1164f3ff6c [ 123.880441] RBP: 00007f1164f3ff60 R08: 000000000000000e R09: 0000000000000000 [ 123.881028] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1164f3ff6c [ 123.881594] R13: 00007ffece3d347f R14: 00007f11623a2300 R15: 0000000000022000 [ 123.882162] [ 123.882355] Modules linked in: [ 123.882615] ---[ end trace 0000000000000000 ]--- [ 123.882986] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.883363] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.884820] RSP: 0018:ffff888048047800 EFLAGS: 00010212 [ 123.885263] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006831000 [ 123.885832] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.886388] RBP: ffff888048047a70 R08: ffff88806cf31340 R09: ffffe8ffffd16700 [ 123.886946] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.887503] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.888064] FS: 00007f11623a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.888713] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.889166] CR2: 00007f2c8220e3a4 CR3: 0000000046dfb000 CR4: 0000000000350ef0 [ 123.889727] note: syz-executor.6[3971] exited with irqs disabled [ 123.890275] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 123.891147] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.891825] CPU: 1 UID: 0 PID: 3971 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.892778] Tainted: [D]=DIE, [W]=WARN [ 123.893080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.893717] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.894093] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.895500] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 123.895917] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.896472] RDX: ffff888016595280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.897050] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16b48 [ 123.897607] R10: 0000000000000000 R11: ffff88800d2c5c98 R12: dffffc0000000000 [ 123.898158] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 123.898712] FS: 00007f11623a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.899338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.899793] CR2: 00007f2c8220e3a4 CR3: 0000000046dfb000 CR4: 0000000000350ef0 [ 123.900357] Call Trace: [ 123.900569] [ 123.900772] ? __pfx_perf_tp_event+0x10/0x10 [ 123.901135] ? trace_pelt_se_tp+0xdf/0x130 [ 123.901475] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.901845] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.902217] ? place_entity+0x300/0x410 [ 123.902544] ? perf_event_task_tick+0x18b/0x360 [ 123.902926] ? lock_release+0x1c7/0x290 [ 123.903249] ? trace_softirq_raise+0xbe/0x100 [ 123.903622] ? run_posix_cpu_timers+0x160/0x7d0 [ 123.903997] ? __raise_softirq_irqoff+0x5f/0x90 [ 123.904373] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 123.904794] ? sched_balance_trigger+0x1ac/0xcb0 [ 123.905183] ? perf_trace_lock+0xb5/0x5d0 [ 123.905519] ? do_raw_spin_lock+0x123/0x260 [ 123.905869] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.906242] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.906644] perf_trace_run_bpf_submit+0xef/0x180 [ 123.907039] perf_trace_preemptirq_template+0x259/0x430 [ 123.907470] ? read_tsc+0x9/0x20 [ 123.907754] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.908226] ? clockevents_program_event+0x135/0x360 [ 123.908652] ? tick_program_event+0xac/0x140 [ 123.909009] ? handle_softirqs+0x16e/0x770 [ 123.909356] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.909760] trace_hardirqs_on+0x26/0x40 [ 123.910082] handle_softirqs+0x16e/0x770 [ 123.910419] __irq_exit_rcu+0xc4/0x100 [ 123.910739] irq_exit_rcu+0x9/0x20 [ 123.911027] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.911428] [ 123.911614] [ 123.911799] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.912211] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.912584] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 123.914007] RSP: 0018:ffff8880173bff28 EFLAGS: 00000246 [ 123.914427] RAX: 0000000000000001 RBX: ffff888016595280 RCX: ffffffff817c2b86 [ 123.914982] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.915537] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 123.916091] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016595280 [ 123.916663] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 123.917229] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.917648] ? make_task_dead+0x214/0x3b0 [ 123.917984] ? make_task_dead+0x214/0x3b0 [ 123.918314] ? do_syscall_64+0xbf/0x360 [ 123.918633] rewind_stack_and_make_dead+0x16/0x20 [ 123.919022] RIP: 0033:0x7f1164e2cb19 [ 123.919318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.920746] RSP: 002b:00007f11623a2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.921336] RAX: ffffffffffffffda RBX: 00007f1164f3ff68 RCX: 00007f1164e2cb19 [ 123.921891] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1164f3ff6c [ 123.922444] RBP: 00007f1164f3ff60 R08: 000000000000000e R09: 0000000000000000 [ 123.922998] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1164f3ff6c [ 123.923553] R13: 00007ffece3d347f R14: 00007f11623a2300 R15: 0000000000022000 [ 123.924118] [ 123.924307] Modules linked in: [ 123.924570] ---[ end trace 0000000000000000 ]--- [ 123.924957] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.925333] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.926736] RSP: 0018:ffff888048047800 EFLAGS: 00010212 [ 123.927152] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006831000 [ 123.927706] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.928262] RBP: ffff888048047a70 R08: ffff88806cf31340 R09: ffffe8ffffd16700 [ 123.928835] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.929388] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.929943] FS: 00007f11623a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.930576] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.931035] CR2: 00007f2c8220e3a4 CR3: 0000000046dfb000 CR4: 0000000000350ef0 [ 123.931599] Kernel panic - not syncing: Fatal exception in interrupt [ 123.932190] Kernel Offset: disabled [ 123.932481] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:28:02 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=fffffffffffcf708 RCX=ffffffff815540ae RDX=ffff888017d30000 RSI=ffffffff815540cb RDI=0000000000000000 RBP=ffffffff85b2f3c0 RSP=ffff8880472b75a0 R8 =0000000000000000 R9 =fffffbfff0b65e80 R10=00003fffffffffff R11=0000000000000001 R12=00003fffffffffff R13=ffffffff85b2f400 R14=0000000000000000 R15=fffffffffff8f708 RIP=ffffffff815540da RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1165e793a4 CR3=0000000043b50000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000023 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888048047158 R8 =0000000000000000 R9 =ffffed100165a046 R10=0000000000000023 R11=552030203a555043 R12=0000000000000023 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6caa2b5700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ce23000 CR3=000000000d87c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffff00000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000