Warning: Permanently added '[localhost]:3356' (ECDSA) to the list of known hosts. 2025/08/29 12:35:52 fuzzer started 2025/08/29 12:35:52 dialing manager at localhost:43077 syzkaller login: [ 49.733667] cgroup: Unknown subsys name 'net' [ 49.793104] cgroup: Unknown subsys name 'cpuset' [ 49.812274] cgroup: Unknown subsys name 'rlimit' 2025/08/29 12:36:03 syscalls: 2214 2025/08/29 12:36:03 code coverage: enabled 2025/08/29 12:36:03 comparison tracing: enabled 2025/08/29 12:36:03 extra coverage: enabled 2025/08/29 12:36:03 setuid sandbox: enabled 2025/08/29 12:36:03 namespace sandbox: enabled 2025/08/29 12:36:03 Android sandbox: enabled 2025/08/29 12:36:03 fault injection: enabled 2025/08/29 12:36:03 leak checking: enabled 2025/08/29 12:36:03 net packet injection: enabled 2025/08/29 12:36:03 net device setup: enabled 2025/08/29 12:36:03 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 12:36:03 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 12:36:03 USB emulation: enabled 2025/08/29 12:36:03 hci packet injection: enabled 2025/08/29 12:36:03 wifi device emulation: enabled 2025/08/29 12:36:03 802.15.4 emulation: enabled 2025/08/29 12:36:03 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 12:36:03 fetching corpus: 50, signal 21889/25457 (executing program) 2025/08/29 12:36:04 fetching corpus: 100, signal 33015/38006 (executing program) 2025/08/29 12:36:04 fetching corpus: 150, signal 42614/48878 (executing program) 2025/08/29 12:36:04 fetching corpus: 200, signal 50992/58385 (executing program) 2025/08/29 12:36:04 fetching corpus: 250, signal 55406/63990 (executing program) 2025/08/29 12:36:04 fetching corpus: 300, signal 58102/67956 (executing program) 2025/08/29 12:36:04 fetching corpus: 350, signal 60760/71804 (executing program) 2025/08/29 12:36:04 fetching corpus: 400, signal 63852/75979 (executing program) 2025/08/29 12:36:04 fetching corpus: 450, signal 70198/83062 (executing program) 2025/08/29 12:36:04 fetching corpus: 500, signal 74020/87706 (executing program) 2025/08/29 12:36:04 fetching corpus: 550, signal 76195/90837 (executing program) 2025/08/29 12:36:04 fetching corpus: 600, signal 78144/93810 (executing program) 2025/08/29 12:36:05 fetching corpus: 650, signal 81662/98036 (executing program) 2025/08/29 12:36:05 fetching corpus: 700, signal 82999/100318 (executing program) 2025/08/29 12:36:05 fetching corpus: 750, signal 85717/103740 (executing program) 2025/08/29 12:36:05 fetching corpus: 800, signal 87486/106354 (executing program) 2025/08/29 12:36:05 fetching corpus: 850, signal 90604/110034 (executing program) 2025/08/29 12:36:05 fetching corpus: 900, signal 93895/113710 (executing program) 2025/08/29 12:36:05 fetching corpus: 950, signal 95685/116233 (executing program) 2025/08/29 12:36:05 fetching corpus: 1000, signal 97865/118984 (executing program) 2025/08/29 12:36:05 fetching corpus: 1050, signal 99760/121456 (executing program) 2025/08/29 12:36:05 fetching corpus: 1100, signal 100945/123355 (executing program) 2025/08/29 12:36:06 fetching corpus: 1150, signal 103205/126062 (executing program) 2025/08/29 12:36:06 fetching corpus: 1200, signal 104806/128212 (executing program) 2025/08/29 12:36:06 fetching corpus: 1250, signal 106553/130463 (executing program) 2025/08/29 12:36:06 fetching corpus: 1300, signal 107875/132322 (executing program) 2025/08/29 12:36:06 fetching corpus: 1350, signal 109061/134029 (executing program) 2025/08/29 12:36:06 fetching corpus: 1400, signal 110064/135618 (executing program) 2025/08/29 12:36:06 fetching corpus: 1450, signal 111963/137913 (executing program) 2025/08/29 12:36:06 fetching corpus: 1500, signal 113694/139941 (executing program) 2025/08/29 12:36:06 fetching corpus: 1550, signal 114576/141371 (executing program) 2025/08/29 12:36:06 fetching corpus: 1600, signal 116686/143591 (executing program) 2025/08/29 12:36:06 fetching corpus: 1650, signal 117957/145318 (executing program) 2025/08/29 12:36:07 fetching corpus: 1700, signal 118889/146733 (executing program) 2025/08/29 12:36:07 fetching corpus: 1750, signal 120545/148664 (executing program) 2025/08/29 12:36:07 fetching corpus: 1800, signal 121577/150103 (executing program) 2025/08/29 12:36:07 fetching corpus: 1850, signal 122519/151449 (executing program) 2025/08/29 12:36:07 fetching corpus: 1900, signal 123146/152623 (executing program) 2025/08/29 12:36:07 fetching corpus: 1950, signal 124132/153982 (executing program) 2025/08/29 12:36:07 fetching corpus: 2000, signal 124971/155254 (executing program) 2025/08/29 12:36:07 fetching corpus: 2050, signal 125830/156492 (executing program) 2025/08/29 12:36:07 fetching corpus: 2100, signal 127638/158264 (executing program) 2025/08/29 12:36:07 fetching corpus: 2150, signal 128479/159423 (executing program) 2025/08/29 12:36:08 fetching corpus: 2200, signal 129571/160727 (executing program) 2025/08/29 12:36:08 fetching corpus: 2250, signal 130324/161787 (executing program) 2025/08/29 12:36:08 fetching corpus: 2300, signal 131249/162910 (executing program) 2025/08/29 12:36:08 fetching corpus: 2350, signal 131829/163900 (executing program) 2025/08/29 12:36:08 fetching corpus: 2400, signal 132684/165006 (executing program) 2025/08/29 12:36:08 fetching corpus: 2450, signal 133381/165994 (executing program) 2025/08/29 12:36:08 fetching corpus: 2500, signal 134410/167079 (executing program) 2025/08/29 12:36:08 fetching corpus: 2550, signal 135175/168055 (executing program) 2025/08/29 12:36:08 fetching corpus: 2600, signal 136133/169169 (executing program) 2025/08/29 12:36:08 fetching corpus: 2650, signal 136663/170086 (executing program) 2025/08/29 12:36:08 fetching corpus: 2700, signal 137505/171041 (executing program) 2025/08/29 12:36:09 fetching corpus: 2750, signal 138193/171983 (executing program) 2025/08/29 12:36:09 fetching corpus: 2800, signal 138747/172793 (executing program) 2025/08/29 12:36:09 fetching corpus: 2850, signal 139427/173698 (executing program) 2025/08/29 12:36:09 fetching corpus: 2900, signal 139946/174484 (executing program) 2025/08/29 12:36:09 fetching corpus: 2950, signal 140749/175438 (executing program) 2025/08/29 12:36:09 fetching corpus: 3000, signal 141290/176223 (executing program) 2025/08/29 12:36:09 fetching corpus: 3050, signal 141929/177010 (executing program) 2025/08/29 12:36:09 fetching corpus: 3100, signal 142483/177798 (executing program) 2025/08/29 12:36:09 fetching corpus: 3150, signal 143304/178668 (executing program) 2025/08/29 12:36:09 fetching corpus: 3200, signal 144022/179472 (executing program) 2025/08/29 12:36:09 fetching corpus: 3250, signal 144533/180242 (executing program) 2025/08/29 12:36:09 fetching corpus: 3300, signal 145345/181017 (executing program) 2025/08/29 12:36:10 fetching corpus: 3350, signal 145824/181693 (executing program) 2025/08/29 12:36:10 fetching corpus: 3400, signal 146274/182305 (executing program) 2025/08/29 12:36:10 fetching corpus: 3450, signal 146793/182995 (executing program) 2025/08/29 12:36:10 fetching corpus: 3500, signal 147266/183640 (executing program) 2025/08/29 12:36:10 fetching corpus: 3550, signal 147641/184258 (executing program) 2025/08/29 12:36:10 fetching corpus: 3600, signal 148324/184981 (executing program) 2025/08/29 12:36:10 fetching corpus: 3650, signal 149187/185761 (executing program) 2025/08/29 12:36:10 fetching corpus: 3700, signal 149755/186404 (executing program) 2025/08/29 12:36:10 fetching corpus: 3750, signal 150405/187114 (executing program) 2025/08/29 12:36:10 fetching corpus: 3800, signal 151037/187760 (executing program) 2025/08/29 12:36:10 fetching corpus: 3850, signal 151481/188332 (executing program) 2025/08/29 12:36:10 fetching corpus: 3900, signal 152194/188940 (executing program) 2025/08/29 12:36:10 fetching corpus: 3950, signal 152997/189554 (executing program) 2025/08/29 12:36:11 fetching corpus: 4000, signal 153347/190150 (executing program) 2025/08/29 12:36:11 fetching corpus: 4050, signal 153929/190691 (executing program) 2025/08/29 12:36:11 fetching corpus: 4100, signal 154369/191188 (executing program) 2025/08/29 12:36:11 fetching corpus: 4150, signal 155112/191754 (executing program) 2025/08/29 12:36:11 fetching corpus: 4200, signal 155675/192282 (executing program) 2025/08/29 12:36:11 fetching corpus: 4250, signal 156025/192743 (executing program) 2025/08/29 12:36:11 fetching corpus: 4300, signal 156863/193269 (executing program) 2025/08/29 12:36:11 fetching corpus: 4350, signal 157315/193742 (executing program) 2025/08/29 12:36:11 fetching corpus: 4400, signal 157696/194200 (executing program) 2025/08/29 12:36:11 fetching corpus: 4450, signal 158008/194632 (executing program) 2025/08/29 12:36:11 fetching corpus: 4500, signal 158540/195074 (executing program) 2025/08/29 12:36:11 fetching corpus: 4550, signal 159008/195548 (executing program) 2025/08/29 12:36:11 fetching corpus: 4600, signal 159562/195952 (executing program) 2025/08/29 12:36:12 fetching corpus: 4650, signal 160161/196353 (executing program) 2025/08/29 12:36:12 fetching corpus: 4700, signal 160720/196730 (executing program) 2025/08/29 12:36:12 fetching corpus: 4750, signal 161201/197122 (executing program) 2025/08/29 12:36:12 fetching corpus: 4800, signal 161799/197139 (executing program) 2025/08/29 12:36:12 fetching corpus: 4850, signal 162652/197267 (executing program) 2025/08/29 12:36:12 fetching corpus: 4900, signal 163085/197275 (executing program) 2025/08/29 12:36:12 fetching corpus: 4950, signal 163381/197287 (executing program) 2025/08/29 12:36:12 fetching corpus: 5000, signal 163769/197297 (executing program) 2025/08/29 12:36:12 fetching corpus: 5050, signal 164261/197300 (executing program) 2025/08/29 12:36:12 fetching corpus: 5100, signal 164709/197347 (executing program) 2025/08/29 12:36:12 fetching corpus: 5150, signal 165535/197350 (executing program) 2025/08/29 12:36:12 fetching corpus: 5200, signal 165934/197351 (executing program) 2025/08/29 12:36:13 fetching corpus: 5250, signal 166328/197395 (executing program) 2025/08/29 12:36:13 fetching corpus: 5300, signal 166686/197400 (executing program) 2025/08/29 12:36:13 fetching corpus: 5350, signal 167103/197402 (executing program) 2025/08/29 12:36:13 fetching corpus: 5400, signal 167593/197408 (executing program) 2025/08/29 12:36:13 fetching corpus: 5450, signal 168048/197421 (executing program) 2025/08/29 12:36:13 fetching corpus: 5500, signal 168474/197424 (executing program) 2025/08/29 12:36:13 fetching corpus: 5550, signal 168824/197431 (executing program) 2025/08/29 12:36:13 fetching corpus: 5600, signal 169152/197493 (executing program) 2025/08/29 12:36:13 fetching corpus: 5650, signal 169469/197493 (executing program) 2025/08/29 12:36:13 fetching corpus: 5700, signal 169855/197530 (executing program) 2025/08/29 12:36:13 fetching corpus: 5750, signal 170327/197536 (executing program) 2025/08/29 12:36:13 fetching corpus: 5800, signal 170771/197543 (executing program) 2025/08/29 12:36:13 fetching corpus: 5850, signal 171132/197548 (executing program) 2025/08/29 12:36:14 fetching corpus: 5900, signal 171610/197580 (executing program) 2025/08/29 12:36:14 fetching corpus: 5950, signal 172121/197580 (executing program) 2025/08/29 12:36:14 fetching corpus: 6000, signal 172508/197592 (executing program) 2025/08/29 12:36:14 fetching corpus: 6050, signal 172791/197602 (executing program) 2025/08/29 12:36:14 fetching corpus: 6100, signal 173128/197605 (executing program) 2025/08/29 12:36:14 fetching corpus: 6150, signal 173460/197605 (executing program) 2025/08/29 12:36:14 fetching corpus: 6200, signal 173871/197609 (executing program) 2025/08/29 12:36:14 fetching corpus: 6250, signal 174129/197640 (executing program) 2025/08/29 12:36:14 fetching corpus: 6300, signal 174469/197646 (executing program) 2025/08/29 12:36:14 fetching corpus: 6350, signal 174738/197651 (executing program) 2025/08/29 12:36:14 fetching corpus: 6400, signal 175031/197666 (executing program) 2025/08/29 12:36:15 fetching corpus: 6450, signal 175295/197670 (executing program) 2025/08/29 12:36:15 fetching corpus: 6500, signal 175697/197676 (executing program) 2025/08/29 12:36:15 fetching corpus: 6550, signal 175927/197684 (executing program) 2025/08/29 12:36:15 fetching corpus: 6600, signal 176185/197691 (executing program) 2025/08/29 12:36:15 fetching corpus: 6650, signal 176532/197698 (executing program) 2025/08/29 12:36:15 fetching corpus: 6700, signal 176828/197701 (executing program) 2025/08/29 12:36:15 fetching corpus: 6750, signal 177275/197710 (executing program) 2025/08/29 12:36:15 fetching corpus: 6800, signal 177560/197729 (executing program) 2025/08/29 12:36:15 fetching corpus: 6850, signal 177828/197731 (executing program) 2025/08/29 12:36:15 fetching corpus: 6900, signal 178218/197750 (executing program) 2025/08/29 12:36:15 fetching corpus: 6950, signal 178551/197759 (executing program) 2025/08/29 12:36:15 fetching corpus: 7000, signal 178932/197773 (executing program) 2025/08/29 12:36:15 fetching corpus: 7050, signal 179276/197779 (executing program) 2025/08/29 12:36:16 fetching corpus: 7100, signal 179635/197803 (executing program) 2025/08/29 12:36:16 fetching corpus: 7150, signal 179986/197804 (executing program) 2025/08/29 12:36:16 fetching corpus: 7200, signal 180285/197809 (executing program) 2025/08/29 12:36:16 fetching corpus: 7250, signal 180573/197872 (executing program) 2025/08/29 12:36:16 fetching corpus: 7300, signal 180775/197879 (executing program) 2025/08/29 12:36:16 fetching corpus: 7350, signal 181145/197961 (executing program) 2025/08/29 12:36:16 fetching corpus: 7400, signal 181465/197969 (executing program) 2025/08/29 12:36:16 fetching corpus: 7450, signal 181760/197974 (executing program) 2025/08/29 12:36:16 fetching corpus: 7500, signal 182108/197977 (executing program) 2025/08/29 12:36:16 fetching corpus: 7550, signal 182429/197992 (executing program) 2025/08/29 12:36:16 fetching corpus: 7600, signal 182675/197994 (executing program) 2025/08/29 12:36:16 fetching corpus: 7650, signal 182967/197996 (executing program) 2025/08/29 12:36:17 fetching corpus: 7700, signal 183271/197998 (executing program) 2025/08/29 12:36:17 fetching corpus: 7750, signal 183651/198027 (executing program) 2025/08/29 12:36:17 fetching corpus: 7800, signal 183881/198064 (executing program) 2025/08/29 12:36:17 fetching corpus: 7850, signal 184223/198066 (executing program) 2025/08/29 12:36:17 fetching corpus: 7900, signal 184624/198066 (executing program) 2025/08/29 12:36:17 fetching corpus: 7950, signal 184859/198074 (executing program) 2025/08/29 12:36:17 fetching corpus: 8000, signal 185158/198077 (executing program) 2025/08/29 12:36:17 fetching corpus: 8050, signal 185451/198082 (executing program) 2025/08/29 12:36:17 fetching corpus: 8100, signal 185694/198086 (executing program) 2025/08/29 12:36:17 fetching corpus: 8150, signal 185864/198092 (executing program) 2025/08/29 12:36:17 fetching corpus: 8200, signal 186113/198108 (executing program) 2025/08/29 12:36:17 fetching corpus: 8250, signal 186425/198132 (executing program) 2025/08/29 12:36:18 fetching corpus: 8300, signal 186730/198141 (executing program) 2025/08/29 12:36:18 fetching corpus: 8350, signal 187005/198172 (executing program) 2025/08/29 12:36:18 fetching corpus: 8400, signal 187294/198182 (executing program) 2025/08/29 12:36:18 fetching corpus: 8450, signal 187510/198190 (executing program) 2025/08/29 12:36:18 fetching corpus: 8500, signal 187703/198219 (executing program) 2025/08/29 12:36:18 fetching corpus: 8550, signal 188022/198219 (executing program) 2025/08/29 12:36:18 fetching corpus: 8600, signal 188255/198233 (executing program) 2025/08/29 12:36:18 fetching corpus: 8650, signal 188690/198243 (executing program) 2025/08/29 12:36:18 fetching corpus: 8700, signal 188973/198247 (executing program) 2025/08/29 12:36:18 fetching corpus: 8750, signal 189307/198249 (executing program) 2025/08/29 12:36:18 fetching corpus: 8800, signal 189515/198262 (executing program) 2025/08/29 12:36:18 fetching corpus: 8850, signal 189969/198269 (executing program) 2025/08/29 12:36:19 fetching corpus: 8900, signal 190274/198273 (executing program) 2025/08/29 12:36:19 fetching corpus: 8950, signal 190539/198276 (executing program) 2025/08/29 12:36:19 fetching corpus: 9000, signal 190702/198283 (executing program) 2025/08/29 12:36:19 fetching corpus: 9050, signal 191085/198305 (executing program) 2025/08/29 12:36:19 fetching corpus: 9100, signal 191402/198306 (executing program) 2025/08/29 12:36:19 fetching corpus: 9150, signal 191687/198315 (executing program) 2025/08/29 12:36:19 fetching corpus: 9200, signal 191971/198322 (executing program) 2025/08/29 12:36:19 fetching corpus: 9250, signal 192536/198322 (executing program) 2025/08/29 12:36:19 fetching corpus: 9300, signal 192801/198325 (executing program) 2025/08/29 12:36:19 fetching corpus: 9350, signal 193048/198331 (executing program) 2025/08/29 12:36:20 fetching corpus: 9400, signal 193286/198339 (executing program) 2025/08/29 12:36:20 fetching corpus: 9450, signal 193526/198347 (executing program) 2025/08/29 12:36:20 fetching corpus: 9500, signal 193753/198349 (executing program) 2025/08/29 12:36:20 fetching corpus: 9550, signal 193910/198354 (executing program) 2025/08/29 12:36:20 fetching corpus: 9600, signal 194211/198441 (executing program) 2025/08/29 12:36:20 fetching corpus: 9650, signal 194435/198442 (executing program) 2025/08/29 12:36:20 fetching corpus: 9694, signal 194587/198459 (executing program) 2025/08/29 12:36:20 fetching corpus: 9694, signal 194587/198459 (executing program) 2025/08/29 12:36:22 starting 8 fuzzer processes 12:36:22 executing program 0: prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) acct(&(0x7f0000000180)='./file0\x00') 12:36:22 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000013b00)) 12:36:22 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 12:36:22 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x0, 0x0, 0x0) 12:36:22 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{}, {}]}]}]}]}, 0x38}}, 0x0) 12:36:22 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) [ 79.552992] audit: type=1400 audit(1756470982.719:7): avc: denied { execmem } for pid=275 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:36:22 executing program 5: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) 12:36:22 executing program 6: prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) socket$unix(0x1, 0x1, 0x0) [ 80.709621] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.711826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.715491] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.721461] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.725790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.771514] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.776378] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.778251] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.781885] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.784325] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.846844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.855782] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.860265] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.862028] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.863641] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.867952] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.869352] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.871781] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.873257] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.874769] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.879372] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.887730] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.890742] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.893667] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.895399] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.898473] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.908947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.910693] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.912602] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.914417] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.917254] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.931310] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.933595] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.938992] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.945884] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.947527] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.952690] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.958628] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.962357] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.983466] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.803353] Bluetooth: hci1: command tx timeout [ 82.804240] Bluetooth: hci0: command tx timeout [ 82.930407] Bluetooth: hci2: command tx timeout [ 82.930941] Bluetooth: hci5: command tx timeout [ 82.994428] Bluetooth: hci7: command tx timeout [ 82.994984] Bluetooth: hci4: command tx timeout [ 82.995735] Bluetooth: hci3: command tx timeout [ 83.123144] Bluetooth: hci6: command tx timeout [ 84.850151] Bluetooth: hci0: command tx timeout [ 84.850597] Bluetooth: hci1: command tx timeout [ 84.978206] Bluetooth: hci2: command tx timeout [ 84.978796] Bluetooth: hci5: command tx timeout [ 85.042223] Bluetooth: hci4: command tx timeout [ 85.042653] Bluetooth: hci7: command tx timeout [ 85.043338] Bluetooth: hci3: command tx timeout [ 85.170745] Bluetooth: hci6: command tx timeout [ 86.899163] Bluetooth: hci1: command tx timeout [ 86.899578] Bluetooth: hci0: command tx timeout [ 87.026165] Bluetooth: hci5: command tx timeout [ 87.026615] Bluetooth: hci2: command tx timeout [ 87.092088] Bluetooth: hci3: command tx timeout [ 87.092535] Bluetooth: hci7: command tx timeout [ 87.092922] Bluetooth: hci4: command tx timeout [ 87.219135] Bluetooth: hci6: command tx timeout [ 88.946111] Bluetooth: hci0: command tx timeout [ 88.946572] Bluetooth: hci1: command tx timeout [ 89.074196] Bluetooth: hci2: command tx timeout [ 89.074617] Bluetooth: hci5: command tx timeout [ 89.139190] Bluetooth: hci4: command tx timeout [ 89.139644] Bluetooth: hci7: command tx timeout [ 89.140021] Bluetooth: hci3: command tx timeout [ 89.267194] Bluetooth: hci6: command tx timeout [ 119.400548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.401232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.504744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.505386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.664638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.665585] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.853107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.853736] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.975737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.976378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.984378] audit: type=1400 audit(1756471023.148:8): avc: denied { open } for pid=3859 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.990142] audit: type=1400 audit(1756471023.148:9): avc: denied { kernel } for pid=3859 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 120.070817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.071469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.101818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.102526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.151610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.152369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.206283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.206913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.249528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.250326] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.272143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 12:37:03 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x2b, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 120.272743] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:37:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @remote}, 0x20000) [ 120.348148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.348754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.410273] loop2: detected capacity change from 0 to 16 [ 120.414979] EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) [ 120.420453] loop2: detected capacity change from 0 to 16 [ 120.421896] EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) [ 120.432119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.432770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:37:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @remote}, 0x20000) 12:37:03 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000013b00)) [ 120.483139] loop2: detected capacity change from 0 to 16 [ 120.487355] EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) [ 120.502452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.503100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:37:03 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000013b00)) [ 120.580661] loop2: detected capacity change from 0 to 16 12:37:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @remote}, 0x20000) [ 120.594380] EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) 12:37:03 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 12:37:03 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}], 0x0, &(0x7f0000013b00)) [ 120.634125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.634756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.683908] loop2: detected capacity change from 0 to 16 [ 120.686528] EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) [ 120.692018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.692703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:37:04 executing program 0: prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) acct(&(0x7f0000000180)='./file0\x00') 12:37:04 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 12:37:04 executing program 5: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) 12:37:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @remote}, 0x20000) 12:37:04 executing program 2: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) 12:37:04 executing program 6: set_mempolicy(0x6, &(0x7f0000000040)=0x7, 0x5db) syz_open_dev$tty20(0xc, 0x4, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6}]}) 12:37:04 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000100)={0x0, {{0x2, 0x0, @broadcast}}, 0x0, 0x2, [{{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x0, @loopback}}]}, 0x20002) 12:37:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x18, 0x15, 0x1, 0x0, 0x0, "", [@generic="02a50043e2"]}, 0x18}], 0x1}, 0x0) 12:37:04 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 120.967250] audit: type=1326 audit(1756471024.133:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3924 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7436c9b19 code=0x0 12:37:04 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x401) write$evdev(r0, &(0x7f0000000200)=[{{0x77359400}, 0x1}], 0x30) 12:37:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x18, 0x15, 0x1, 0x0, 0x0, "", [@generic="02a50043e2"]}, 0x18}], 0x1}, 0x0) 12:37:04 executing program 4: clone(0xbbc1cd065a4819ca, 0x0, 0x0, 0x0, 0x0) 12:37:04 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r1, 0x601, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x28}}, 0x0) [ 121.071645] audit: type=1326 audit(1756471024.238:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3924 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7436c9b19 code=0x0 12:37:04 executing program 2: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) 12:37:04 executing program 5: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) 12:37:04 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0) write$tcp_mem(r0, &(0x7f0000000080)={0xfffffffffffffff7}, 0x48) 12:37:04 executing program 0: prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) acct(&(0x7f0000000180)='./file0\x00') 12:37:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x18, 0x15, 0x1, 0x0, 0x0, "", [@generic="02a50043e2"]}, 0x18}], 0x1}, 0x0) 12:37:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r0, 0x0, 0x0) 12:37:04 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r1, 0x601, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x28}}, 0x0) 12:37:04 executing program 6: set_mempolicy(0x6, &(0x7f0000000040)=0x7, 0x5db) syz_open_dev$tty20(0xc, 0x4, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6}]}) 12:37:04 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0) write$tcp_mem(r0, &(0x7f0000000080)={0xfffffffffffffff7}, 0x48) 12:37:04 executing program 2: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) 12:37:04 executing program 5: keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000180)={'syz', 0x3}, 0xfffffffffffffff8) keyctl$clear(0x7, 0x0) keyctl$negate(0xd, 0x0, 0x8, 0x0) add_key$user(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff8) openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), 0xffffffffffffffff) [ 121.833533] audit: type=1326 audit(1756471025.000:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3969 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7436c9b19 code=0x0 12:37:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r0, 0x0, 0x0) 12:37:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x18, 0x15, 0x1, 0x0, 0x0, "", [@generic="02a50043e2"]}, 0x18}], 0x1}, 0x0) 12:37:05 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0) write$tcp_mem(r0, &(0x7f0000000080)={0xfffffffffffffff7}, 0x48) 12:37:05 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r1, 0x601, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x28}}, 0x0) 12:37:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r0, 0x0, 0x0) 12:37:05 executing program 6: set_mempolicy(0x6, &(0x7f0000000040)=0x7, 0x5db) syz_open_dev$tty20(0xc, 0x4, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6}]}) 12:37:05 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r0, 0x0, 0x0) 12:37:05 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x40181, 0x0) write$tcp_mem(r0, &(0x7f0000000080)={0xfffffffffffffff7}, 0x48) [ 122.046508] audit: type=1326 audit(1756471025.213:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3998 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7436c9b19 code=0x0 12:37:05 executing program 0: prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x1) acct(&(0x7f0000000180)='./file0\x00') 12:37:05 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r1, 0x601, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x28}}, 0x0) 12:37:05 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x3c}, 0x0, @in=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 12:37:05 executing program 6: set_mempolicy(0x6, &(0x7f0000000040)=0x7, 0x5db) syz_open_dev$tty20(0xc, 0x4, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6}]}) 12:37:05 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x5, 0xa, 0x0, 0x10}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 12:37:05 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x200) dup2(r0, r1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) splice(r0, 0x0, r2, 0x0, 0x7ff, 0x0) 12:37:05 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x13}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 12:37:05 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x9, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20ce8eb, 0x0) [ 122.731269] audit: type=1326 audit(1756471025.896:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4006 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7436c9b19 code=0x0 [ 122.739950] ======================================================= [ 122.739950] WARNING: The mand mount option has been deprecated and [ 122.739950] and is ignored by this kernel. Remove the mand [ 122.739950] option from the mount to silence this warning. [ 122.739950] ======================================================= [ 122.767843] kmemleak: Found object by alias at 0x607f1a6392ec [ 122.767862] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.767880] Tainted: [W]=WARN [ 122.767884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.767891] Call Trace: [ 122.767895] [ 122.767900] dump_stack_lvl+0xca/0x120 [ 122.767928] __lookup_object+0x94/0xb0 [ 122.767945] delete_object_full+0x27/0x70 [ 122.767961] free_percpu+0x30/0x1160 [ 122.767978] ? arch_uprobe_clear_state+0x16/0x140 [ 122.767998] futex_hash_free+0x38/0xc0 [ 122.768012] mmput+0x2d3/0x390 [ 122.768034] do_exit+0x79d/0x2970 [ 122.768050] ? signal_wake_up_state+0x85/0x120 [ 122.768066] ? zap_other_threads+0x2b9/0x3a0 [ 122.768081] ? __pfx_do_exit+0x10/0x10 [ 122.768094] ? do_group_exit+0x1c3/0x2a0 [ 122.768107] ? lock_release+0xc8/0x290 [ 122.768124] do_group_exit+0xd3/0x2a0 [ 122.768139] __x64_sys_exit_group+0x3e/0x50 [ 122.768152] x64_sys_call+0x18c5/0x18d0 12:37:05 executing program 5: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000200)) keyctl$link(0x8, r0, r0) [ 122.768168] do_syscall_64+0xbf/0x360 [ 122.768180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.768191] RIP: 0033:0x7fc5620b3b19 [ 122.768200] Code: Unable to access opcode bytes at 0x7fc5620b3aef. [ 122.768205] RSP: 002b:00007ffe8750dfd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.768216] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fc5620b3b19 [ 122.768224] RDX: 00007fc56206672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.768231] RBP: 0000000000000000 R08: 0000001b2d124ac8 R09: 0000000000000000 [ 122.768239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.768245] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe8750e0c0 [ 122.768261] [ 122.768265] kmemleak: Object (percpu) 0x607f1a6392e8 (size 8): [ 122.768272] kmemleak: comm "syz-executor.7", pid 4018, jiffies 4294789589 [ 122.768278] kmemleak: min_count = 1 [ 122.768282] kmemleak: count = 0 [ 122.768286] kmemleak: flags = 0x21 [ 122.768289] kmemleak: checksum = 0 12:37:05 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x3c}, 0x0, @in=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 122.768293] kmemleak: backtrace: [ 122.768297] pcpu_alloc_noprof+0x87a/0x1170 [ 122.768311] perf_trace_event_init+0x366/0xa10 [ 122.768325] perf_trace_init+0x1a4/0x2f0 [ 122.768337] perf_tp_event_init+0xa6/0x120 [ 122.768352] perf_try_init_event+0x140/0x9f0 [ 122.768365] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.768381] __do_sys_perf_event_open+0x719/0x2c20 [ 122.768394] do_syscall_64+0xbf/0x360 [ 122.768402] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:37:05 executing program 4: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d0c, &(0x7f00000000c0)={{0x8001}, {}, 0x0, 0x4}) 12:37:05 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x9, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20ce8eb, 0x0) 12:37:06 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x13}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) [ 122.866979] kmemleak: Found object by alias at 0x607f1a638de4 [ 122.866996] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.867014] Tainted: [W]=WARN [ 122.867018] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.867026] Call Trace: [ 122.867030] [ 122.867038] dump_stack_lvl+0xca/0x120 [ 122.867064] __lookup_object+0x94/0xb0 [ 122.867081] delete_object_full+0x27/0x70 [ 122.867097] free_percpu+0x30/0x1160 [ 122.867113] ? arch_uprobe_clear_state+0x16/0x140 [ 122.867133] futex_hash_free+0x38/0xc0 [ 122.867147] mmput+0x2d3/0x390 [ 122.867166] do_exit+0x79d/0x2970 [ 122.867179] ? signal_wake_up_state+0x9f/0x120 [ 122.867195] ? zap_other_threads+0x2b9/0x3a0 [ 122.867211] ? __pfx_do_exit+0x10/0x10 [ 122.867223] ? do_group_exit+0x1c3/0x2a0 [ 122.867236] ? lock_release+0xc8/0x290 [ 122.867253] do_group_exit+0xd3/0x2a0 [ 122.867267] __x64_sys_exit_group+0x3e/0x50 [ 122.867281] x64_sys_call+0x18c5/0x18d0 [ 122.867296] do_syscall_64+0xbf/0x360 [ 122.867308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.867319] RIP: 0033:0x7f9de6edab19 [ 122.867328] Code: Unable to access opcode bytes at 0x7f9de6edaaef. [ 122.867334] RSP: 002b:00007ffc63fc0128 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.867345] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f9de6edab19 [ 122.867363] RDX: 00007f9de6e8d72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.867372] RBP: 0000000000000000 R08: 00007f9de6ff2228 R09: 0000000000000001 [ 122.867380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.867388] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffc63fc0210 [ 122.867405] [ 122.867409] kmemleak: Object (percpu) 0x607f1a638de0 (size 8): [ 122.867417] kmemleak: comm "syz-executor.7", pid 4036, jiffies 4294789692 [ 122.867424] kmemleak: min_count = 1 [ 122.867428] kmemleak: count = 0 [ 122.867432] kmemleak: flags = 0x21 [ 122.867436] kmemleak: checksum = 0 [ 122.867440] kmemleak: backtrace: [ 122.867444] pcpu_alloc_noprof+0x87a/0x1170 [ 122.867460] perf_trace_event_init+0x366/0xa10 [ 122.867475] perf_trace_init+0x1a4/0x2f0 [ 122.867487] perf_tp_event_init+0xa6/0x120 [ 122.867504] perf_try_init_event+0x140/0x9f0 [ 122.867517] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.867535] __do_sys_perf_event_open+0x719/0x2c20 [ 122.867548] do_syscall_64+0xbf/0x360 [ 122.867557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.899054] kmemleak: Cannot insert 0x607f1a638de4 into the object search tree (overlaps existing) [ 122.899077] CPU: 0 UID: 0 PID: 4037 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.899098] Tainted: [W]=WARN [ 122.899102] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.899110] Call Trace: [ 122.899114] [ 122.899119] dump_stack_lvl+0xca/0x120 [ 122.899148] __link_object+0x190/0x210 [ 122.899167] __create_object+0x48/0x80 [ 122.899185] pcpu_alloc_noprof+0x87a/0x1170 [ 122.899211] __percpu_init_rwsem+0x2d/0x160 [ 122.899228] ? security_sb_alloc+0x75/0x140 [ 122.899245] alloc_super+0x29e/0xb80 [ 122.899260] ? __pfx_kernfs_test_super+0x10/0x10 [ 122.899274] sget_fc+0xfe/0xb80 [ 122.899285] ? __pfx_kernfs_set_super+0x10/0x10 [ 122.899299] kernfs_get_tree+0x1da/0xa50 [ 122.899312] ? do_raw_spin_unlock+0x53/0x220 [ 122.899329] ? __pfx_kernfs_get_tree+0x10/0x10 [ 122.899341] ? cap_capable+0xdb/0x3b0 [ 122.899369] sysfs_get_tree+0x41/0x140 [ 122.899385] vfs_get_tree+0x93/0x340 [ 122.899404] path_mount+0x132d/0x1dd0 [ 122.899419] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.899434] ? __pfx_path_mount+0x10/0x10 [ 122.899448] ? kmem_cache_free+0x2a1/0x540 [ 122.899463] ? putname.part.0+0x11b/0x160 [ 122.899480] ? getname_flags.part.0+0x1c6/0x540 [ 122.899498] ? putname.part.0+0x11b/0x160 [ 122.899516] __x64_sys_mount+0x27b/0x300 [ 122.899529] ? __pfx___x64_sys_mount+0x10/0x10 [ 122.899548] do_syscall_64+0xbf/0x360 [ 122.899561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.899573] RIP: 0033:0x7faf0aa75b19 [ 122.899583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.899595] RSP: 002b:00007faf07feb188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 122.899607] RAX: ffffffffffffffda RBX: 00007faf0ab88f60 RCX: 00007faf0aa75b19 [ 122.899615] RDX: 0000000020000140 RSI: 0000000020000000 RDI: 0000000000000000 [ 122.899623] RBP: 00007faf0aacff6d R08: 0000000000000000 R09: 0000000000000000 [ 122.899630] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 122.899637] R13: 00007ffd47c34a0f R14: 00007faf07feb300 R15: 0000000000022000 [ 122.899654] [ 122.900206] kmemleak: Kernel memory leak detector disabled [ 122.900211] kmemleak: Object (percpu) 0x607f1a638de0 (size 8): [ 122.900218] kmemleak: comm "syz-executor.7", pid 4036, jiffies 4294789692 [ 122.900226] kmemleak: min_count = 1 [ 122.900229] kmemleak: count = 0 [ 122.900233] kmemleak: flags = 0x21 [ 122.900237] kmemleak: checksum = 0 [ 122.900241] kmemleak: backtrace: [ 122.900245] pcpu_alloc_noprof+0x87a/0x1170 12:37:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x3c}, 0x0, @in=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 122.900260] perf_trace_event_init+0x366/0xa10 [ 122.900274] perf_trace_init+0x1a4/0x2f0 [ 122.900286] perf_tp_event_init+0xa6/0x120 [ 122.900302] perf_try_init_event+0x140/0x9f0 [ 122.900315] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.900332] __do_sys_perf_event_open+0x719/0x2c20 [ 122.900346] do_syscall_64+0xbf/0x360 [ 122.900354] entry_SYSCALL_64_after_hwframe+0x77/0x7f 12:37:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$pid(0x2, 0xffffffffffffffff, 0x0) 12:37:06 executing program 4: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d0c, &(0x7f00000000c0)={{0x8001}, {}, 0x0, 0x4}) [ 123.222754] kmemleak: Automatic memory scanning thread ended 12:37:06 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x13}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 12:37:06 executing program 6: syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00') pread64(r0, &(0x7f0000000100)=""/147, 0x93, 0x0) 12:37:06 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x9, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20ce8eb, 0x0) 12:37:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setresuid(0x0, 0xee01, 0x0) fgetxattr(r0, &(0x7f0000000000)=@known='trusted.syz\x00', 0x0, 0x0) 12:37:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x3c}, 0x0, @in=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 12:37:06 executing program 4: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d0c, &(0x7f00000000c0)={{0x8001}, {}, 0x0, 0x4}) 12:37:06 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x7) 12:37:06 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$nfs4(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440)) 12:37:06 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setresuid(0x0, 0xee01, 0x0) fgetxattr(r0, &(0x7f0000000000)=@known='trusted.syz\x00', 0x0, 0x0) [ 123.716150] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 123.717182] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.718087] CPU: 1 UID: 0 PID: 4067 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.721091] Tainted: [W]=WARN [ 123.723049] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.726330] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.727048] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.729983] RSP: 0018:ffff888007037780 EFLAGS: 00010012 [ 123.730782] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002ffd000 [ 123.731956] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.733103] RBP: ffff8880070379f0 R08: ffff88806cf31340 R09: ffffe8ffffd162e8 [ 123.734285] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.735450] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.736519] FS: 00007fc55f629700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.737724] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.738686] CR2: 00007fc5621c7018 CR3: 000000001d56f000 CR4: 0000000000350ef0 [ 123.739732] Call Trace: [ 123.740097] [ 123.740426] ? __pfx_perf_tp_event+0x10/0x10 [ 123.741066] ? find_held_lock+0x2b/0x80 [ 123.741646] ? __is_insn_slot_addr+0x136/0x290 [ 123.742315] ? lock_release+0xc8/0x290 [ 123.742865] ? __is_insn_slot_addr+0x140/0x290 [ 123.743536] ? kernel_text_address+0x5b/0xc0 [ 123.744173] ? __kernel_text_address+0xd/0x40 [ 123.744814] ? unwind_get_return_address+0x59/0xa0 [ 123.745514] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 123.746280] ? arch_stack_walk+0x9c/0xf0 [ 123.746864] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.747574] perf_trace_run_bpf_submit+0xef/0x180 [ 123.748267] perf_trace_preemptirq_template+0x259/0x430 [ 123.749035] ? __x64_sys_socket+0x73/0xb0 [ 123.749615] ? do_syscall_64+0xbf/0x360 [ 123.750179] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.751014] ? _raw_spin_lock_irqsave+0x53/0x60 [ 123.751687] trace_irq_disable.constprop.0+0xa6/0x100 [ 123.752404] _raw_spin_lock_irqsave+0x53/0x60 [ 123.753041] try_to_wake_up+0xa0/0x11d0 [ 123.753616] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.754257] ? plist_del+0x122/0x270 [ 123.754798] ? find_held_lock+0x2b/0x80 [ 123.755380] ? futex_wake+0x474/0x540 [ 123.755930] wake_up_q+0xa1/0x130 [ 123.756436] futex_wake+0x47e/0x540 [ 123.756961] ? __pfx_futex_wake+0x10/0x10 [ 123.757557] ? __lock_acquire+0x694/0x1b70 [ 123.758160] ? file_init_path+0x506/0x770 [ 123.758759] do_futex+0x26d/0x370 [ 123.759262] ? __pfx_do_futex+0x10/0x10 [ 123.759835] ? lock_release+0xc8/0x290 [ 123.760395] __x64_sys_futex+0x1c9/0x4d0 [ 123.760972] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.761805] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.762464] do_syscall_64+0xbf/0x360 [ 123.763007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.763737] RIP: 0033:0x7fc5620b3b19 [ 123.764260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.766767] RSP: 002b:00007fc55f629218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.767834] RAX: ffffffffffffffda RBX: 00007fc5621c6f68 RCX: 00007fc5620b3b19 [ 123.768832] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc5621c6f6c [ 123.769825] RBP: 00007fc5621c6f60 R08: 000000000000000e R09: 0000000000000000 [ 123.770830] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc5621c6f6c [ 123.771847] R13: 00007ffe8750ddaf R14: 00007fc55f629300 R15: 0000000000022000 [ 123.772852] [ 123.773188] Modules linked in: [ 123.773652] ---[ end trace 0000000000000000 ]--- [ 123.774314] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.774988] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.777508] RSP: 0018:ffff888007037780 EFLAGS: 00010012 [ 123.778259] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002ffd000 [ 123.779263] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.780276] RBP: ffff8880070379f0 R08: ffff88806cf31340 R09: ffffe8ffffd162e8 [ 123.781287] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.782308] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.783321] FS: 00007fc55f629700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.784671] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.785505] CR2: 00007fc5621c7018 CR3: 000000001d56f000 CR4: 0000000000350ef0 [ 123.786528] note: syz-executor.1[4067] exited with irqs disabled [ 123.787526] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 123.789126] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.790360] CPU: 1 UID: 0 PID: 4067 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.792082] Tainted: [D]=DIE, [W]=WARN [ 123.792644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.793812] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.794522] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.797116] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010012 [ 123.797884] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.798903] RDX: ffff8880173cd280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.799932] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd162e8 [ 123.800944] R10: 0000000000000000 R11: 0000000000022b71 R12: dffffc0000000000 [ 123.801962] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 123.802989] FS: 00007fc55f629700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.804153] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.804991] CR2: 00007fc5621c7018 CR3: 000000001d56f000 CR4: 0000000000350ef0 [ 123.806014] Call Trace: [ 123.806400] [ 123.806726] ? __pfx_perf_tp_event+0x10/0x10 [ 123.807386] ? update_load_avg+0x17d/0x1ef0 [ 123.808013] ? update_cfs_group+0x11d/0x260 [ 123.808640] ? kvm_sched_clock_read+0x16/0x30 [ 123.809307] ? enqueue_task_fair+0xded/0x1e00 [ 123.809978] ? check_preempt_wakeup_fair+0x6e/0x950 [ 123.810703] ? wakeup_preempt+0x140/0x2a0 [ 123.811315] ? lock_release+0x1c7/0x290 [ 123.811908] ? lock_release+0x1c7/0x290 [ 123.812496] ? do_raw_spin_unlock+0x53/0x220 [ 123.813148] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 123.813890] ? try_to_wake_up+0x8ae/0x11d0 [ 123.814513] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.815247] ? lock_release+0x1c7/0x290 [ 123.815839] perf_trace_run_bpf_submit+0xef/0x180 [ 123.816552] perf_trace_preemptirq_template+0x259/0x430 [ 123.817336] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.818196] ? read_tsc+0x9/0x20 [ 123.818718] ? ktime_get+0x16d/0x270 [ 123.819274] ? __pfx_lapic_next_deadline+0x10/0x10 [ 123.820010] ? clockevents_program_event+0x135/0x360 [ 123.820752] ? _raw_spin_lock_irq+0x42/0x50 [ 123.821380] trace_irq_disable.constprop.0+0xa6/0x100 [ 123.822122] _raw_spin_lock_irq+0x42/0x50 [ 123.822725] run_timer_softirq+0x10f/0x210 [ 123.823344] handle_softirqs+0x1b1/0x770 [ 123.823961] __irq_exit_rcu+0xc4/0x100 [ 123.824539] irq_exit_rcu+0x9/0x20 [ 123.825057] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.825776] [ 123.826110] [ 123.826451] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.827218] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.827915] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 123.830494] RSP: 0018:ffff888007037f28 EFLAGS: 00000246 [ 123.831262] RAX: 0000000000000001 RBX: ffff8880173cd280 RCX: ffffffff817c2b86 [ 123.832319] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.833338] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 123.834349] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880173cd280 [ 123.835379] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 123.836413] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.837166] ? make_task_dead+0x214/0x3b0 [ 123.837769] ? make_task_dead+0x214/0x3b0 [ 123.838374] ? do_syscall_64+0xbf/0x360 [ 123.838949] rewind_stack_and_make_dead+0x16/0x20 [ 123.839674] RIP: 0033:0x7fc5620b3b19 [ 123.840219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.842822] RSP: 002b:00007fc55f629218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.843943] RAX: ffffffffffffffda RBX: 00007fc5621c6f68 RCX: 00007fc5620b3b19 [ 123.844962] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc5621c6f6c [ 123.845991] RBP: 00007fc5621c6f60 R08: 000000000000000e R09: 0000000000000000 [ 123.847017] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc5621c6f6c [ 123.848065] R13: 00007ffe8750ddaf R14: 00007fc55f629300 R15: 0000000000022000 [ 123.849087] [ 123.849434] Modules linked in: [ 123.849911] ---[ end trace 0000000000000000 ]--- [ 123.849915] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 123.850581] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.851490] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.852146] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.852739] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.855281] RSP: 0018:ffff888007037780 EFLAGS: 00010012 [ 123.856203] Tainted: [D]=DIE, [W]=WARN [ 123.856210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.856966] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002ffd000 [ 123.857268] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.858428] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.858987] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.859652] RBP: ffff8880070379f0 R08: ffff88806cf31340 R09: ffffe8ffffd162e8 [ 123.860205] RSP: 0018:ffff88801b9af9c0 EFLAGS: 00010012 [ 123.862751] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.863304] [ 123.863309] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.864069] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.864619] RDX: ffff888009a45280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.864869] FS: 00007fc55f629700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.865417] RBP: ffff88801b9afc30 R08: ffff88806ce31340 R09: ffffe8ffffc162e8 [ 123.866420] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.866968] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 123.868118] CR2: 00007fc5621c7018 CR3: 000000001d56f000 CR4: 0000000000350ef0 [ 123.868666] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.869492] Kernel panic - not syncing: Fatal exception in interrupt [ 123.873241] Kernel Offset: disabled [ 123.873767] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:37:07 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff8174703b RDX=ffff88801a271b80 RSI=ffffffff81747048 RDI=0000000000000005 RBP=0000000000000000 RSP=ffff888017577778 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000003 R12=0000000000000000 R13=0000000000000000 R14=ffffffff85c73fe8 R15=ffff888019fc9840 RIP=ffffffff8173e7cb RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558b967400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055558b970c58 CR3=0000000045c09000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888007037118 R8 =0000000000000000 R9 =ffffed10016d3046 R10=0000000000000039 R11=6572617764726148 R12=0000000000000039 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc55f629700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc5621c7018 CR3=000000001d56f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc56219a7c000007fc56219a7c8 XMM02=00007fc56219a7e000007fc56219a7c0 XMM03=00007fc56219a7c800007fc56219a7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000