Warning: Permanently added '[localhost]:27205' (ECDSA) to the list of known hosts. 2025/08/29 08:51:08 fuzzer started 2025/08/29 08:51:09 dialing manager at localhost:43077 syzkaller login: [ 51.787202] cgroup: Unknown subsys name 'net' [ 51.859054] cgroup: Unknown subsys name 'cpuset' [ 51.884435] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:51:20 syscalls: 2214 2025/08/29 08:51:20 code coverage: enabled 2025/08/29 08:51:20 comparison tracing: enabled 2025/08/29 08:51:20 extra coverage: enabled 2025/08/29 08:51:20 setuid sandbox: enabled 2025/08/29 08:51:20 namespace sandbox: enabled 2025/08/29 08:51:20 Android sandbox: enabled 2025/08/29 08:51:20 fault injection: enabled 2025/08/29 08:51:20 leak checking: enabled 2025/08/29 08:51:20 net packet injection: enabled 2025/08/29 08:51:20 net device setup: enabled 2025/08/29 08:51:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:51:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:51:20 USB emulation: enabled 2025/08/29 08:51:20 hci packet injection: enabled 2025/08/29 08:51:20 wifi device emulation: enabled 2025/08/29 08:51:20 802.15.4 emulation: enabled 2025/08/29 08:51:20 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:51:21 fetching corpus: 48, signal 17199/20619 (executing program) 2025/08/29 08:51:21 fetching corpus: 98, signal 29449/33946 (executing program) 2025/08/29 08:51:21 fetching corpus: 148, signal 39236/44618 (executing program) 2025/08/29 08:51:21 fetching corpus: 198, signal 49421/55302 (executing program) 2025/08/29 08:51:21 fetching corpus: 248, signal 53154/59840 (executing program) 2025/08/29 08:51:21 fetching corpus: 298, signal 59443/66512 (executing program) 2025/08/29 08:51:21 fetching corpus: 348, signal 65651/72961 (executing program) 2025/08/29 08:51:21 fetching corpus: 398, signal 68406/76163 (executing program) 2025/08/29 08:51:22 fetching corpus: 448, signal 71451/79576 (executing program) 2025/08/29 08:51:22 fetching corpus: 498, signal 73868/82337 (executing program) 2025/08/29 08:51:22 fetching corpus: 548, signal 78038/86518 (executing program) 2025/08/29 08:51:22 fetching corpus: 598, signal 80564/89226 (executing program) 2025/08/29 08:51:22 fetching corpus: 648, signal 83270/91935 (executing program) 2025/08/29 08:51:22 fetching corpus: 698, signal 85430/94167 (executing program) 2025/08/29 08:51:22 fetching corpus: 748, signal 88511/97047 (executing program) 2025/08/29 08:51:22 fetching corpus: 798, signal 90533/99133 (executing program) 2025/08/29 08:51:23 fetching corpus: 848, signal 93610/101868 (executing program) 2025/08/29 08:51:23 fetching corpus: 898, signal 96327/104197 (executing program) 2025/08/29 08:51:23 fetching corpus: 948, signal 97638/105499 (executing program) 2025/08/29 08:51:23 fetching corpus: 998, signal 99745/107287 (executing program) 2025/08/29 08:51:23 fetching corpus: 1048, signal 101170/108526 (executing program) 2025/08/29 08:51:23 fetching corpus: 1098, signal 102173/109465 (executing program) 2025/08/29 08:51:23 fetching corpus: 1148, signal 103844/110809 (executing program) 2025/08/29 08:51:24 fetching corpus: 1198, signal 105188/111925 (executing program) 2025/08/29 08:51:24 fetching corpus: 1248, signal 107265/113525 (executing program) 2025/08/29 08:51:24 fetching corpus: 1298, signal 108647/114557 (executing program) 2025/08/29 08:51:24 fetching corpus: 1348, signal 110613/115817 (executing program) 2025/08/29 08:51:24 fetching corpus: 1398, signal 112206/116817 (executing program) 2025/08/29 08:51:24 fetching corpus: 1448, signal 113551/117858 (executing program) 2025/08/29 08:51:24 fetching corpus: 1498, signal 114192/118307 (executing program) 2025/08/29 08:51:24 fetching corpus: 1548, signal 115114/118981 (executing program) 2025/08/29 08:51:24 fetching corpus: 1598, signal 115942/119491 (executing program) 2025/08/29 08:51:25 fetching corpus: 1648, signal 116676/120009 (executing program) 2025/08/29 08:51:25 fetching corpus: 1698, signal 117462/120431 (executing program) 2025/08/29 08:51:25 fetching corpus: 1748, signal 118444/120924 (executing program) 2025/08/29 08:51:25 fetching corpus: 1798, signal 119738/121542 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/121836 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/121877 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/121912 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/121939 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/121974 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122009 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122049 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122089 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122124 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122166 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122203 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122246 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122273 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122301 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122348 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122390 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122423 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122474 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122509 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122546 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122584 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122618 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122634 (executing program) 2025/08/29 08:51:25 fetching corpus: 1841, signal 120372/122634 (executing program) 2025/08/29 08:51:28 starting 8 fuzzer processes 08:51:28 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 08:51:28 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() capget(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000040)) 08:51:28 executing program 5: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) ftruncate(r0, 0x8800000) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/243, 0x7ffff000}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x2) 08:51:28 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x3) fcntl$addseals(r0, 0x409, 0x9) 08:51:28 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2e, 0x0, &(0x7f0000000240)) 08:51:28 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x5, 0x0, 0x46) 08:51:28 executing program 3: prctl$PR_SET_PDEATHSIG(0x1, 0x41) [ 70.060741] audit: type=1400 audit(1756457488.359:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:51:28 executing program 4: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) [ 71.222242] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.225210] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.227070] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.231372] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.234682] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.292428] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.296520] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.301262] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.311407] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.316662] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.414458] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.418481] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.430718] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.435926] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.438286] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.441134] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.441391] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.444130] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.446100] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.449138] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.450709] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.454081] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.454204] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.465727] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.476150] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.495089] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.496817] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.499489] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.502232] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.505093] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.512452] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.528387] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.531493] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.533386] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.537043] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.538450] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.539562] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.543379] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.563028] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.577655] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.318343] Bluetooth: hci0: command tx timeout [ 73.381920] Bluetooth: hci1: command tx timeout [ 73.510275] Bluetooth: hci3: command tx timeout [ 73.572962] Bluetooth: hci7: command tx timeout [ 73.573199] Bluetooth: hci2: command tx timeout [ 73.574354] Bluetooth: hci6: command tx timeout [ 73.574464] Bluetooth: hci4: command tx timeout [ 73.636912] Bluetooth: hci5: command tx timeout [ 75.365968] Bluetooth: hci0: command tx timeout [ 75.429901] Bluetooth: hci1: command tx timeout [ 75.557070] Bluetooth: hci3: command tx timeout [ 75.621036] Bluetooth: hci4: command tx timeout [ 75.621572] Bluetooth: hci6: command tx timeout [ 75.621711] Bluetooth: hci2: command tx timeout [ 75.622399] Bluetooth: hci7: command tx timeout [ 75.684897] Bluetooth: hci5: command tx timeout [ 77.413260] Bluetooth: hci0: command tx timeout [ 77.477185] Bluetooth: hci1: command tx timeout [ 77.604955] Bluetooth: hci3: command tx timeout [ 77.669014] Bluetooth: hci4: command tx timeout [ 77.669484] Bluetooth: hci7: command tx timeout [ 77.670608] Bluetooth: hci6: command tx timeout [ 77.671111] Bluetooth: hci2: command tx timeout [ 77.732977] Bluetooth: hci5: command tx timeout [ 79.461045] Bluetooth: hci0: command tx timeout [ 79.525904] Bluetooth: hci1: command tx timeout [ 79.652963] Bluetooth: hci3: command tx timeout [ 79.717088] Bluetooth: hci6: command tx timeout [ 79.717829] Bluetooth: hci2: command tx timeout [ 79.718578] Bluetooth: hci7: command tx timeout [ 79.719544] Bluetooth: hci4: command tx timeout [ 79.782055] Bluetooth: hci5: command tx timeout [ 109.866334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.867044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.101343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.102353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.289288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.290139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.512958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.513685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:52:08 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2e, 0x0, &(0x7f0000000240)) 08:52:08 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2e, 0x0, &(0x7f0000000240)) 08:52:09 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2e, 0x0, &(0x7f0000000240)) [ 110.727034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.727638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:52:09 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000240)={0x0, 0x0, 0xe, 0x1b, 0x0, &(0x7f0000000400)="dfa76abcdac607b707bd6ad0844db9047ec9ed38e1df3848a206e0e6605fff2fa9e7235b1dd70f59b0ed97fe5072823c2a48bd8e6375ee1cc4885a608772a5ab219a5b153095c52db19d5018a5a45ac97b80c453bfdda7647ea4f9b93f3cde4d3ee7c4efd71827901d76b33dcea7f9c5c04e8693beb3e5dfe185b7569761a8fdc0654040bb8f57e982717cfff33c5817df5c7e18d1b37981f0b99c8ff90aa7d6fb46b4f1ba7f235b8d032eefe3893ddca26ebc80adec1454e1ea71c57565a97f0bd2b402cd64db31744f3d94026cec61b3a27f90a2618a2d02b4572bc307573c5a74d3e6103d7b19a75c93942970dc8921824e40cda359ea4600a7faf51449315fa4f024e0a2c8fe66c1841bb69084222cfdce6eef793eff6b6ca1a6f7c5de4cc2b86b671962138e88d18f5d835893142248dbd4861b9df854496a81e7c1e074d874d3c1bfafe1c1bead6617cae4d662358080da9ac46501c7bcaeb0796c023c30e81c09df28e38a2e1511982de3637c5f2c01335d454b8f662a2f40d5f817634fbbd12eaccf218b023176b669f1bfaf8b90bb89a61068cc82db0666a5aa77e20f1cd8f929508ce893fa4e2f613edef96c8a29ac66019bbd4788057314f5e274dcc10cb58118e30940e81e07dd4c5f2952cc13938811fe6a14800a71330e6b94ffd4c55b9b4837a5d66e91e91b00051692259f71e674d9f9bd2ee66b5cc6b6d82706ca465e2ad31ed2412b8b90256c1b364d5923cca4b0ed113dda69e12b355380849463a5f29e0a989692cbc46956c944149726cfe7575b6f01e2cb3ab548c639c39cb5e34523844536059a84d7afb4dd366eb499165f29730266d1231e6db609a03c5ba0a27b6cbf318c32fe327181061d20fee9177185900ffc71f72d130c6383881f0b6d9ffc7cfe2880b2573542ac0c4a34a49bebe6145c91fd290e9de14ae6a5ec1e6c3d196ad3f4ac0a0073f263d47098d6d0b50b8d8cb48d6c408c1de1307a00c58d92b834fac6d41b0dbaa3c26355cb6967f7c58ef73eb5688549208e930ccf23e0fa80dc9080feae8b254af17dec970e15c9275f73fd8bf3c3d6015c46165af109cf67fceb1ec9f499a35847e4877833727eb4084306a1f13aa577edea4f2688a7d6243d4fd2dcd5cd8ce8f5ff1436c42f1fa1bef0c256d31ca6b03e18faa7634b00feb703960c3b163f694888036a593d2f6a84ed30fbaece080f59ce5b4e566214c5ebf71e1d62a8409ab4d80e2bd5dfa1e6d960d883f8dd7f343a71853a60fda5f9561f6d7fca8b4236553e570f3aa865f445e780104292cc0db77fce09e4865da9937a745ce20071d261cbc140b0846e05d518846d190d3ca3db7fde4fc1b95ae4219e24e271cfbcec4ae263d846111df9e2643a9bcc32700a5e9392019a8bf3faf605aea8a62835d4b0491db3df8bad7d5be3f726a8266e35"}) [ 110.818009] audit: type=1400 audit(1756457529.120:8): avc: denied { open } for pid=3787 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.820584] audit: type=1400 audit(1756457529.121:9): avc: denied { kernel } for pid=3787 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.895022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.895663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:52:09 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000240)={0x0, 0x0, 0xe, 0x1b, 0x0, &(0x7f0000000400)="dfa76abcdac607b707bd6ad0844db9047ec9ed38e1df3848a206e0e6605fff2fa9e7235b1dd70f59b0ed97fe5072823c2a48bd8e6375ee1cc4885a608772a5ab219a5b153095c52db19d5018a5a45ac97b80c453bfdda7647ea4f9b93f3cde4d3ee7c4efd71827901d76b33dcea7f9c5c04e8693beb3e5dfe185b7569761a8fdc0654040bb8f57e982717cfff33c5817df5c7e18d1b37981f0b99c8ff90aa7d6fb46b4f1ba7f235b8d032eefe3893ddca26ebc80adec1454e1ea71c57565a97f0bd2b402cd64db31744f3d94026cec61b3a27f90a2618a2d02b4572bc307573c5a74d3e6103d7b19a75c93942970dc8921824e40cda359ea4600a7faf51449315fa4f024e0a2c8fe66c1841bb69084222cfdce6eef793eff6b6ca1a6f7c5de4cc2b86b671962138e88d18f5d835893142248dbd4861b9df854496a81e7c1e074d874d3c1bfafe1c1bead6617cae4d662358080da9ac46501c7bcaeb0796c023c30e81c09df28e38a2e1511982de3637c5f2c01335d454b8f662a2f40d5f817634fbbd12eaccf218b023176b669f1bfaf8b90bb89a61068cc82db0666a5aa77e20f1cd8f929508ce893fa4e2f613edef96c8a29ac66019bbd4788057314f5e274dcc10cb58118e30940e81e07dd4c5f2952cc13938811fe6a14800a71330e6b94ffd4c55b9b4837a5d66e91e91b00051692259f71e674d9f9bd2ee66b5cc6b6d82706ca465e2ad31ed2412b8b90256c1b364d5923cca4b0ed113dda69e12b355380849463a5f29e0a989692cbc46956c944149726cfe7575b6f01e2cb3ab548c639c39cb5e34523844536059a84d7afb4dd366eb499165f29730266d1231e6db609a03c5ba0a27b6cbf318c32fe327181061d20fee9177185900ffc71f72d130c6383881f0b6d9ffc7cfe2880b2573542ac0c4a34a49bebe6145c91fd290e9de14ae6a5ec1e6c3d196ad3f4ac0a0073f263d47098d6d0b50b8d8cb48d6c408c1de1307a00c58d92b834fac6d41b0dbaa3c26355cb6967f7c58ef73eb5688549208e930ccf23e0fa80dc9080feae8b254af17dec970e15c9275f73fd8bf3c3d6015c46165af109cf67fceb1ec9f499a35847e4877833727eb4084306a1f13aa577edea4f2688a7d6243d4fd2dcd5cd8ce8f5ff1436c42f1fa1bef0c256d31ca6b03e18faa7634b00feb703960c3b163f694888036a593d2f6a84ed30fbaece080f59ce5b4e566214c5ebf71e1d62a8409ab4d80e2bd5dfa1e6d960d883f8dd7f343a71853a60fda5f9561f6d7fca8b4236553e570f3aa865f445e780104292cc0db77fce09e4865da9937a745ce20071d261cbc140b0846e05d518846d190d3ca3db7fde4fc1b95ae4219e24e271cfbcec4ae263d846111df9e2643a9bcc32700a5e9392019a8bf3faf605aea8a62835d4b0491db3df8bad7d5be3f726a8266e35"}) 08:52:09 executing program 4: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:52:09 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000240)={0x0, 0x0, 0xe, 0x1b, 0x0, &(0x7f0000000400)="dfa76abcdac607b707bd6ad0844db9047ec9ed38e1df3848a206e0e6605fff2fa9e7235b1dd70f59b0ed97fe5072823c2a48bd8e6375ee1cc4885a608772a5ab219a5b153095c52db19d5018a5a45ac97b80c453bfdda7647ea4f9b93f3cde4d3ee7c4efd71827901d76b33dcea7f9c5c04e8693beb3e5dfe185b7569761a8fdc0654040bb8f57e982717cfff33c5817df5c7e18d1b37981f0b99c8ff90aa7d6fb46b4f1ba7f235b8d032eefe3893ddca26ebc80adec1454e1ea71c57565a97f0bd2b402cd64db31744f3d94026cec61b3a27f90a2618a2d02b4572bc307573c5a74d3e6103d7b19a75c93942970dc8921824e40cda359ea4600a7faf51449315fa4f024e0a2c8fe66c1841bb69084222cfdce6eef793eff6b6ca1a6f7c5de4cc2b86b671962138e88d18f5d835893142248dbd4861b9df854496a81e7c1e074d874d3c1bfafe1c1bead6617cae4d662358080da9ac46501c7bcaeb0796c023c30e81c09df28e38a2e1511982de3637c5f2c01335d454b8f662a2f40d5f817634fbbd12eaccf218b023176b669f1bfaf8b90bb89a61068cc82db0666a5aa77e20f1cd8f929508ce893fa4e2f613edef96c8a29ac66019bbd4788057314f5e274dcc10cb58118e30940e81e07dd4c5f2952cc13938811fe6a14800a71330e6b94ffd4c55b9b4837a5d66e91e91b00051692259f71e674d9f9bd2ee66b5cc6b6d82706ca465e2ad31ed2412b8b90256c1b364d5923cca4b0ed113dda69e12b355380849463a5f29e0a989692cbc46956c944149726cfe7575b6f01e2cb3ab548c639c39cb5e34523844536059a84d7afb4dd366eb499165f29730266d1231e6db609a03c5ba0a27b6cbf318c32fe327181061d20fee9177185900ffc71f72d130c6383881f0b6d9ffc7cfe2880b2573542ac0c4a34a49bebe6145c91fd290e9de14ae6a5ec1e6c3d196ad3f4ac0a0073f263d47098d6d0b50b8d8cb48d6c408c1de1307a00c58d92b834fac6d41b0dbaa3c26355cb6967f7c58ef73eb5688549208e930ccf23e0fa80dc9080feae8b254af17dec970e15c9275f73fd8bf3c3d6015c46165af109cf67fceb1ec9f499a35847e4877833727eb4084306a1f13aa577edea4f2688a7d6243d4fd2dcd5cd8ce8f5ff1436c42f1fa1bef0c256d31ca6b03e18faa7634b00feb703960c3b163f694888036a593d2f6a84ed30fbaece080f59ce5b4e566214c5ebf71e1d62a8409ab4d80e2bd5dfa1e6d960d883f8dd7f343a71853a60fda5f9561f6d7fca8b4236553e570f3aa865f445e780104292cc0db77fce09e4865da9937a745ce20071d261cbc140b0846e05d518846d190d3ca3db7fde4fc1b95ae4219e24e271cfbcec4ae263d846111df9e2643a9bcc32700a5e9392019a8bf3faf605aea8a62835d4b0491db3df8bad7d5be3f726a8266e35"}) 08:52:09 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000240)={0x0, 0x0, 0xe, 0x1b, 0x0, &(0x7f0000000400)="dfa76abcdac607b707bd6ad0844db9047ec9ed38e1df3848a206e0e6605fff2fa9e7235b1dd70f59b0ed97fe5072823c2a48bd8e6375ee1cc4885a608772a5ab219a5b153095c52db19d5018a5a45ac97b80c453bfdda7647ea4f9b93f3cde4d3ee7c4efd71827901d76b33dcea7f9c5c04e8693beb3e5dfe185b7569761a8fdc0654040bb8f57e982717cfff33c5817df5c7e18d1b37981f0b99c8ff90aa7d6fb46b4f1ba7f235b8d032eefe3893ddca26ebc80adec1454e1ea71c57565a97f0bd2b402cd64db31744f3d94026cec61b3a27f90a2618a2d02b4572bc307573c5a74d3e6103d7b19a75c93942970dc8921824e40cda359ea4600a7faf51449315fa4f024e0a2c8fe66c1841bb69084222cfdce6eef793eff6b6ca1a6f7c5de4cc2b86b671962138e88d18f5d835893142248dbd4861b9df854496a81e7c1e074d874d3c1bfafe1c1bead6617cae4d662358080da9ac46501c7bcaeb0796c023c30e81c09df28e38a2e1511982de3637c5f2c01335d454b8f662a2f40d5f817634fbbd12eaccf218b023176b669f1bfaf8b90bb89a61068cc82db0666a5aa77e20f1cd8f929508ce893fa4e2f613edef96c8a29ac66019bbd4788057314f5e274dcc10cb58118e30940e81e07dd4c5f2952cc13938811fe6a14800a71330e6b94ffd4c55b9b4837a5d66e91e91b00051692259f71e674d9f9bd2ee66b5cc6b6d82706ca465e2ad31ed2412b8b90256c1b364d5923cca4b0ed113dda69e12b355380849463a5f29e0a989692cbc46956c944149726cfe7575b6f01e2cb3ab548c639c39cb5e34523844536059a84d7afb4dd366eb499165f29730266d1231e6db609a03c5ba0a27b6cbf318c32fe327181061d20fee9177185900ffc71f72d130c6383881f0b6d9ffc7cfe2880b2573542ac0c4a34a49bebe6145c91fd290e9de14ae6a5ec1e6c3d196ad3f4ac0a0073f263d47098d6d0b50b8d8cb48d6c408c1de1307a00c58d92b834fac6d41b0dbaa3c26355cb6967f7c58ef73eb5688549208e930ccf23e0fa80dc9080feae8b254af17dec970e15c9275f73fd8bf3c3d6015c46165af109cf67fceb1ec9f499a35847e4877833727eb4084306a1f13aa577edea4f2688a7d6243d4fd2dcd5cd8ce8f5ff1436c42f1fa1bef0c256d31ca6b03e18faa7634b00feb703960c3b163f694888036a593d2f6a84ed30fbaece080f59ce5b4e566214c5ebf71e1d62a8409ab4d80e2bd5dfa1e6d960d883f8dd7f343a71853a60fda5f9561f6d7fca8b4236553e570f3aa865f445e780104292cc0db77fce09e4865da9937a745ce20071d261cbc140b0846e05d518846d190d3ca3db7fde4fc1b95ae4219e24e271cfbcec4ae263d846111df9e2643a9bcc32700a5e9392019a8bf3faf605aea8a62835d4b0491db3df8bad7d5be3f726a8266e35"}) [ 111.188728] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.189387] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.274184] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure [ 111.325258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.325985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.415473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.416414] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.496005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.496617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.157976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.158628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.281196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.281829] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.297186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.297772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.341098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.341711] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.409725] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.410860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.420759] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.421433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:52:10 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 08:52:10 executing program 4: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:52:10 executing program 3: prctl$PR_SET_PDEATHSIG(0x1, 0x41) 08:52:10 executing program 7: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:52:10 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() capget(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000040)) 08:52:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x5, 0x0, 0x46) 08:52:10 executing program 5: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) ftruncate(r0, 0x8800000) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/243, 0x7ffff000}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x2) 08:52:10 executing program 2: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/pcmcia', 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) symlinkat(&(0x7f00000003c0)='./file0\x00', r0, &(0x7f0000000400)='./file0\x00') [ 112.730170] kmemleak: Found object by alias at 0x607f1a639304 [ 112.730190] CPU: 1 UID: 0 PID: 3914 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 112.730207] Tainted: [W]=WARN [ 112.730211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.730218] Call Trace: [ 112.730221] [ 112.730226] dump_stack_lvl+0xca/0x120 [ 112.730250] __lookup_object+0x94/0xb0 [ 112.730267] delete_object_full+0x27/0x70 [ 112.730283] free_percpu+0x30/0x1160 [ 112.730299] ? arch_uprobe_clear_state+0x16/0x140 [ 112.730319] futex_hash_free+0x38/0xc0 [ 112.730333] mmput+0x2d3/0x390 [ 112.730351] do_exit+0x79d/0x2970 [ 112.730365] ? signal_wake_up_state+0x85/0x120 [ 112.730381] ? zap_other_threads+0x2b9/0x3a0 [ 112.730397] ? __pfx_do_exit+0x10/0x10 [ 112.730409] ? do_group_exit+0x1c3/0x2a0 [ 112.730423] ? lock_release+0xc8/0x290 [ 112.730440] do_group_exit+0xd3/0x2a0 [ 112.730455] __x64_sys_exit_group+0x3e/0x50 [ 112.730468] x64_sys_call+0x18c5/0x18d0 [ 112.730483] do_syscall_64+0xbf/0x360 [ 112.730495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.730506] RIP: 0033:0x7fad75904b19 [ 112.730515] Code: Unable to access opcode bytes at 0x7fad75904aef. [ 112.730520] RSP: 002b:00007ffd3e17b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 112.730531] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fad75904b19 [ 112.730539] RDX: 00007fad758b772b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 112.730546] RBP: 0000000000000000 R08: 0000001b2d522d74 R09: 0000000000000000 [ 112.730552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.730559] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd3e17b550 [ 112.730576] [ 112.730580] kmemleak: Object (percpu) 0x607f1a639300 (size 8): [ 112.730586] kmemleak: comm "kworker/u9:2", pid 42, jiffies 4294778234 [ 112.730593] kmemleak: min_count = 1 [ 112.730596] kmemleak: count = 0 [ 112.730600] kmemleak: flags = 0x21 [ 112.730604] kmemleak: checksum = 0 [ 112.730607] kmemleak: backtrace: [ 112.730610] pcpu_alloc_noprof+0x87a/0x1170 [ 112.730629] fib_nh_common_init+0x30/0xd0 [ 112.730641] fib6_nh_init+0x968/0x1a00 [ 112.730651] ip6_route_info_create_nh+0x530/0xf80 [ 112.730661] ip6_route_add.part.0+0x59/0x170 [ 112.730670] ip6_route_add+0x48/0x60 [ 112.730679] addrconf_add_mroute+0x12d/0x190 [ 112.730689] addrconf_add_dev+0x148/0x1c0 [ 112.730702] addrconf_dev_config+0x1e9/0x430 [ 112.730716] addrconf_notify+0xa70/0x1920 [ 112.730731] notifier_call_chain+0xc0/0x360 [ 112.730741] call_netdevice_notifiers_info+0xbe/0x140 [ 112.730752] netif_state_change+0x157/0x330 [ 112.730761] linkwatch_do_dev+0x111/0x150 [ 112.730771] __linkwatch_run_queue+0x2ab/0x710 [ 112.730781] linkwatch_event+0x4e/0x70 08:52:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x5, 0x0, 0x46) 08:52:11 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() capget(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000040)) 08:52:11 executing program 4: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:52:11 executing program 3: prctl$PR_SET_PDEATHSIG(0x1, 0x41) [ 112.820735] kmemleak: Found object by alias at 0x607f1a638d04 [ 112.820753] CPU: 1 UID: 0 PID: 3932 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 112.820770] Tainted: [W]=WARN [ 112.820774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.820781] Call Trace: [ 112.820785] [ 112.820789] dump_stack_lvl+0xca/0x120 [ 112.820812] __lookup_object+0x94/0xb0 [ 112.820828] delete_object_full+0x27/0x70 [ 112.820847] free_percpu+0x30/0x1160 [ 112.820863] ? arch_uprobe_clear_state+0x16/0x140 [ 112.820882] futex_hash_free+0x38/0xc0 [ 112.820896] mmput+0x2d3/0x390 [ 112.820914] do_exit+0x79d/0x2970 [ 112.820927] ? signal_wake_up_state+0x85/0x120 [ 112.820943] ? zap_other_threads+0x2b9/0x3a0 [ 112.820958] ? __pfx_do_exit+0x10/0x10 [ 112.820970] ? do_group_exit+0x1c3/0x2a0 [ 112.820984] ? lock_release+0xc8/0x290 [ 112.821001] do_group_exit+0xd3/0x2a0 [ 112.821015] __x64_sys_exit_group+0x3e/0x50 [ 112.821028] x64_sys_call+0x18c5/0x18d0 [ 112.821043] do_syscall_64+0xbf/0x360 [ 112.821054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.821065] RIP: 0033:0x7f22b62e1b19 [ 112.821074] Code: Unable to access opcode bytes at 0x7f22b62e1aef. [ 112.821079] RSP: 002b:00007fff805773e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 112.821090] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f22b62e1b19 [ 112.821097] RDX: 00007f22b629472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 112.821104] RBP: 0000000000000000 R08: 0000001b2d4216a4 R09: 0000000000000000 [ 112.821111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.821117] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff805774d0 [ 112.821132] [ 112.821136] kmemleak: Object (percpu) 0x607f1a638d00 (size 8): [ 112.821142] kmemleak: comm "syz-executor.1", pid 3933, jiffies 4294779717 [ 112.821149] kmemleak: min_count = 1 [ 112.821152] kmemleak: count = 0 [ 112.821156] kmemleak: flags = 0x21 [ 112.821159] kmemleak: checksum = 0 [ 112.821163] kmemleak: backtrace: [ 112.821167] pcpu_alloc_noprof+0x87a/0x1170 [ 112.821181] perf_trace_event_init+0x366/0xa10 [ 112.821194] perf_trace_init+0x1a4/0x2f0 [ 112.821206] perf_tp_event_init+0xa6/0x120 [ 112.821221] perf_try_init_event+0x140/0x9f0 [ 112.821233] perf_event_alloc.part.0+0x118e/0x45f0 [ 112.821249] __do_sys_perf_event_open+0x719/0x2c20 [ 112.821261] do_syscall_64+0xbf/0x360 [ 112.821270] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:52:11 executing program 2: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/pcmcia', 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) symlinkat(&(0x7f00000003c0)='./file0\x00', r0, &(0x7f0000000400)='./file0\x00') 08:52:11 executing program 3: prctl$PR_SET_PDEATHSIG(0x1, 0x41) 08:52:11 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() capget(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000040)) [ 112.967575] kmemleak: Found object by alias at 0x607f1a639304 [ 112.967605] CPU: 0 UID: 0 PID: 3938 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 112.967637] Tainted: [W]=WARN [ 112.967644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.967656] Call Trace: [ 112.967663] [ 112.967671] dump_stack_lvl+0xca/0x120 [ 112.967710] __lookup_object+0x94/0xb0 [ 112.967738] delete_object_full+0x27/0x70 [ 112.967766] free_percpu+0x30/0x1160 [ 112.967795] ? arch_uprobe_clear_state+0x16/0x140 [ 112.967830] futex_hash_free+0x38/0xc0 [ 112.967863] mmput+0x2d3/0x390 [ 112.967896] do_exit+0x79d/0x2970 [ 112.967919] ? lock_release+0xc8/0x290 [ 112.967949] ? __pfx_do_exit+0x10/0x10 [ 112.967974] ? find_held_lock+0x2b/0x80 [ 112.968004] ? get_signal+0x835/0x2340 [ 112.968039] do_group_exit+0xd3/0x2a0 [ 112.968065] get_signal+0x2315/0x2340 [ 112.968106] ? __pfx_get_signal+0x10/0x10 [ 112.968135] ? do_futex+0x135/0x370 [ 112.968159] ? __pfx_do_futex+0x10/0x10 [ 112.968180] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 112.968212] arch_do_signal_or_restart+0x80/0x790 [ 112.968242] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 112.968271] ? __x64_sys_futex+0x1c9/0x4d0 [ 112.968293] ? __x64_sys_futex+0x1d2/0x4d0 [ 112.968320] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.968344] ? xfd_validate_state+0x55/0x180 [ 112.968381] exit_to_user_mode_loop+0x8b/0x110 [ 112.968403] do_syscall_64+0x2f7/0x360 [ 112.968424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.968445] RIP: 0033:0x7fad75904b19 [ 112.968461] Code: Unable to access opcode bytes at 0x7fad75904aef. [ 112.968470] RSP: 002b:00007fad72e7a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.968490] RAX: fffffffffffffe00 RBX: 00007fad75a17f68 RCX: 00007fad75904b19 [ 112.968504] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fad75a17f68 [ 112.968519] RBP: 00007fad75a17f60 R08: 0000000000000000 R09: 0000000000000000 [ 112.968536] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad75a17f6c [ 112.968552] R13: 00007ffd3e17b23f R14: 00007fad72e7a300 R15: 0000000000022000 [ 112.968589] [ 112.968598] kmemleak: Object (percpu) 0x607f1a639300 (size 8): [ 112.968613] kmemleak: comm "kworker/u9:2", pid 42, jiffies 4294778234 [ 112.968628] kmemleak: min_count = 1 [ 112.968636] kmemleak: count = 0 [ 112.968644] kmemleak: flags = 0x21 [ 112.968652] kmemleak: checksum = 0 [ 112.968660] kmemleak: backtrace: [ 112.968667] pcpu_alloc_noprof+0x87a/0x1170 [ 112.968701] fib_nh_common_init+0x30/0xd0 [ 112.968727] fib6_nh_init+0x968/0x1a00 [ 112.968748] ip6_route_info_create_nh+0x530/0xf80 [ 112.968771] ip6_route_add.part.0+0x59/0x170 [ 112.968793] ip6_route_add+0x48/0x60 [ 112.968815] addrconf_add_mroute+0x12d/0x190 [ 112.968838] addrconf_add_dev+0x148/0x1c0 [ 112.968861] addrconf_dev_config+0x1e9/0x430 [ 112.968886] addrconf_notify+0xa70/0x1920 [ 112.968915] notifier_call_chain+0xc0/0x360 [ 112.968932] call_netdevice_notifiers_info+0xbe/0x140 [ 112.968952] netif_state_change+0x157/0x330 [ 112.968968] linkwatch_do_dev+0x111/0x150 [ 112.968987] __linkwatch_run_queue+0x2ab/0x710 [ 112.969005] linkwatch_event+0x4e/0x70 08:52:11 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 08:52:11 executing program 7: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:52:11 executing program 5: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) ftruncate(r0, 0x8800000) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/243, 0x7ffff000}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x2) 08:52:11 executing program 2: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/pcmcia', 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) symlinkat(&(0x7f00000003c0)='./file0\x00', r0, &(0x7f0000000400)='./file0\x00') 08:52:11 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) truncate(0x0, 0x0) r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 08:52:11 executing program 4: recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000002d80)={0x0, 0x3938700}) 08:52:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x5, 0x0, 0x46) 08:52:11 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) [ 113.609190] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 113.610153] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.610830] CPU: 1 UID: 0 PID: 3947 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 113.612260] Tainted: [W]=WARN [ 113.613110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.614961] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.616025] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.620062] RSP: 0018:ffff888042957800 EFLAGS: 00010212 [ 113.620487] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.621051] RDX: ffff88801869b700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 113.621614] RBP: ffff888042957a70 R08: ffff88806cf31340 R09: ffffe8ffffd15d00 [ 113.622176] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.622737] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.623301] FS: 000055555d65a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 113.623935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.624394] CR2: 000055555d65bc18 CR3: 0000000020472000 CR4: 0000000000350ef0 [ 113.624953] Call Trace: [ 113.625163] [ 113.625352] ? arch_scale_cpu_capacity+0x17/0xa0 [ 113.625740] ? __pfx_perf_tp_event+0x10/0x10 [ 113.626092] ? __asan_memset+0x24/0x50 [ 113.626416] ? perf_trace_lock+0xb5/0x5d0 [ 113.626748] ? kvm_sched_clock_read+0x16/0x30 [ 113.627105] ? sched_clock+0x37/0x60 [ 113.627405] ? sched_clock_cpu+0x6c/0x4e0 [ 113.627735] ? lock_is_held_type+0x9e/0x120 [ 113.628082] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.628475] perf_trace_run_bpf_submit+0xef/0x180 [ 113.628861] perf_trace_lock+0x337/0x5d0 [ 113.629185] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.629548] ? lock_acquire+0x15e/0x2f0 [ 113.629871] ? futex_ref_get+0x48/0x300 [ 113.630186] ? futex_ref_get+0x114/0x300 [ 113.630504] ? futex_hash+0x15c/0x390 [ 113.630806] lock_release+0x1ab/0x290 [ 113.631109] ? futex_hash+0x15c/0x390 [ 113.631412] futex_ref_get+0x119/0x300 [ 113.631719] ? futex_hash+0x15c/0x390 [ 113.632020] futex_hash+0x70/0x390 [ 113.632305] futex_wake+0x143/0x540 [ 113.632598] ? put_pid+0x1f/0x30 [ 113.632874] ? kernel_clone+0x204/0x7f0 [ 113.633197] ? __pfx_futex_wake+0x10/0x10 [ 113.633531] ? __pfx_kernel_clone+0x10/0x10 [ 113.633887] ? perf_trace_lock+0xb5/0x5d0 [ 113.634223] do_futex+0x26d/0x370 [ 113.634506] ? __pfx_do_futex+0x10/0x10 [ 113.634830] ? __pfx___do_sys_clone+0x10/0x10 [ 113.635192] ? find_held_lock+0x2b/0x80 [ 113.635517] __x64_sys_futex+0x1c9/0x4d0 [ 113.635850] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.636224] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.636645] do_syscall_64+0xbf/0x360 [ 113.636956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.637363] RIP: 0033:0x7f22b62e1b19 [ 113.637667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.639091] RSP: 002b:00007fff80577238 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.639686] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22b62e1b19 [ 113.640246] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f22b63f4f68 [ 113.640806] RBP: 00007f22b63f4f60 R08: 00007f22b3857700 R09: 0000000000000000 [ 113.641367] R10: 00007f22b3857700 R11: 0000000000000246 R12: 00007f22b63f9060 [ 113.641935] R13: 00007fff80577340 R14: 00007f22b63f4f60 R15: 000000000001bb63 [ 113.642501] [ 113.642692] Modules linked in: [ 113.642957] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 113.644592] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 113.645700] CPU: 0 UID: 0 PID: 3954 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 113.647548] Tainted: [D]=DIE, [W]=WARN [ 113.648105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.649290] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.650034] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.652606] RSP: 0018:ffff888044f57600 EFLAGS: 00010212 [ 113.653370] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900050b2000 [ 113.654456] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 113.655469] RBP: ffff888044f57870 R08: ffff88806ce31340 R09: ffffe8ffffc15d00 [ 113.656488] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 113.657514] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.658701] FS: 00007ff0fa4d5700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 113.659842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.660672] CR2: 00007fc5946b0547 CR3: 000000000da13000 CR4: 0000000000350ef0 [ 113.661710] Call Trace: [ 113.662089] [ 113.662432] ? __pfx_perf_tp_event+0x10/0x10 [ 113.663126] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.663900] perf_trace_run_bpf_submit+0xef/0x180 [ 113.664628] perf_trace_lock+0x337/0x5d0 [ 113.665231] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.665923] ? get_futex_key+0x592/0x14a0 [ 113.666526] ? futex_ref_get+0x114/0x300 [ 113.667113] ? futex_hash+0x15c/0x390 [ 113.667672] lock_release+0x1ab/0x290 [ 113.668233] ? futex_hash+0x15c/0x390 [ 113.668786] futex_ref_get+0x119/0x300 [ 113.669355] ? futex_hash+0x15c/0x390 [ 113.669978] futex_hash+0x70/0x390 [ 113.670607] futex_wait_setup+0xae/0x550 [ 113.671213] __futex_wait+0x151/0x300 [ 113.671780] ? __pfx___futex_wait+0x10/0x10 [ 113.672418] ? __pfx_futex_wake_mark+0x10/0x10 [ 113.673107] futex_wait+0xde/0x380 [ 113.673649] ? __pfx_futex_wait+0x10/0x10 [ 113.674257] ? perf_trace_lock+0xb5/0x5d0 [ 113.674937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 113.675693] ? do_vfs_ioctl+0x125/0x1470 [ 113.676304] do_futex+0x2ee/0x370 [ 113.676827] ? __pfx_do_futex+0x10/0x10 [ 113.677411] ? build_sched_domains+0x2744/0x53d0 [ 113.678111] ? do_raw_spin_lock+0x123/0x260 [ 113.678745] __x64_sys_futex+0x1c9/0x4d0 [ 113.679342] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.680102] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.680773] ? kcov_ioctl+0x386/0x6c0 [ 113.681334] ? fput+0x6a/0x100 [ 113.681835] do_syscall_64+0xbf/0x360 [ 113.682394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.683292] RIP: 0033:0x7ff0fcf5fb19 [ 113.683835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.686411] RSP: 002b:00007ff0fa4d5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.687490] RAX: ffffffffffffffda RBX: 00007ff0fd072f68 RCX: 00007ff0fcf5fb19 [ 113.688504] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff0fd072f68 [ 113.689514] RBP: 00007ff0fd072f60 R08: 00007ff0fa4d5700 R09: 0000000000000000 [ 113.690535] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0fd072f6c [ 113.691608] R13: 00007ffe2cef986f R14: 00007ff0fa4d5300 R15: 0000000000022000 [ 113.692640] [ 113.692989] Modules linked in: [ 113.693467] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 113.694354] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.695032] CPU: 1 UID: 0 PID: 3947 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 113.695966] Tainted: [D]=DIE, [W]=WARN [ 113.696270] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.696919] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.697297] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.698727] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 113.699147] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.699708] RDX: ffff88801869b700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 113.700269] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15d00 [ 113.700830] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 113.701394] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 113.701965] FS: 000055555d65a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 113.702598] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.703057] CR2: 000055555d65bc18 CR3: 0000000020472000 CR4: 0000000000350ef0 [ 113.703618] Call Trace: [ 113.703829] [ 113.704006] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 113.704439] ? arch_stack_walk+0x9c/0xf0 [ 113.704766] ? __pfx_perf_tp_event+0x10/0x10 [ 113.705124] ? perf_trace_lock+0xb5/0x5d0 [ 113.705459] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.705837] ? trace_softirq_raise+0xbe/0x100 [ 113.706202] ? lock_acquire+0x15e/0x2f0 [ 113.706523] ? select_task_rq_fair+0x2b6/0x38b0 [ 113.706897] ? find_held_lock+0x2b/0x80 [ 113.707221] ? select_task_rq_fair+0x48c/0x38b0 [ 113.707593] ? perf_trace_lock+0xb5/0x5d0 [ 113.707931] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.708298] ? __smp_call_single_queue+0x15b/0x2f0 [ 113.708696] ? __pfx___smp_call_single_queue+0x10/0x10 [ 113.709118] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.709517] perf_trace_run_bpf_submit+0xef/0x180 [ 113.709917] perf_trace_lock+0x337/0x5d0 [ 113.710247] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.710617] ? mark_held_locks+0x49/0x80 [ 113.710944] ? hrtimer_interrupt+0x114/0x830 [ 113.711300] lock_release+0x1ab/0x290 [ 113.711610] ktime_get_update_offsets_now+0xab/0x3c0 [ 113.712016] ? hrtimer_interrupt+0x114/0x830 [ 113.712372] ? __pfx_rcu_core+0x10/0x10 [ 113.712698] hrtimer_interrupt+0x114/0x830 [ 113.713036] ? __local_bh_enable+0x7b/0x90 [ 113.713377] ? handle_softirqs+0x50c/0x770 [ 113.713728] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 113.714145] sysvec_apic_timer_interrupt+0x6b/0x80 [ 113.714538] [ 113.714720] [ 113.714904] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.715321] RIP: 0010:oops_exit+0x0/0x50 [ 113.715647] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 113.717129] RSP: 0018:ffff888042957690 EFLAGS: 00000202 [ 113.717565] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 113.718159] RDX: ffff88801869b700 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 113.718737] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 113.719329] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888042957758 [ 113.719912] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 113.720501] ? add_taint+0x5f/0xd0 [ 113.720802] ? oops_end+0x4a/0xe0 [ 113.721096] oops_end+0x65/0xe0 [ 113.721379] exc_general_protection+0x1a2/0x330 [ 113.721774] asm_exc_general_protection+0x26/0x30 [ 113.722168] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.722551] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.724019] RSP: 0018:ffff888042957800 EFLAGS: 00010212 [ 113.724461] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.725042] RDX: ffff88801869b700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 113.725632] RBP: ffff888042957a70 R08: ffff88806cf31340 R09: ffffe8ffffd15d00 [ 113.726209] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.726794] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.727385] ? perf_tp_event+0x167/0xe70 [ 113.727727] ? arch_scale_cpu_capacity+0x17/0xa0 [ 113.728119] ? __pfx_perf_tp_event+0x10/0x10 [ 113.728489] ? __asan_memset+0x24/0x50 [ 113.728824] ? perf_trace_lock+0xb5/0x5d0 [ 113.729176] ? kvm_sched_clock_read+0x16/0x30 [ 113.729552] ? sched_clock+0x37/0x60 [ 113.729870] ? sched_clock_cpu+0x6c/0x4e0 [ 113.730215] ? lock_is_held_type+0x9e/0x120 [ 113.730582] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.730996] perf_trace_run_bpf_submit+0xef/0x180 [ 113.731404] perf_trace_lock+0x337/0x5d0 [ 113.731745] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.732130] ? lock_acquire+0x15e/0x2f0 [ 113.732469] ? futex_ref_get+0x48/0x300 [ 113.732793] ? futex_ref_get+0x114/0x300 [ 113.733128] ? futex_hash+0x15c/0x390 [ 113.733444] lock_release+0x1ab/0x290 [ 113.733775] ? futex_hash+0x15c/0x390 [ 113.734095] futex_ref_get+0x119/0x300 [ 113.734419] ? futex_hash+0x15c/0x390 [ 113.734733] futex_hash+0x70/0x390 [ 113.735028] futex_wake+0x143/0x540 [ 113.735337] ? put_pid+0x1f/0x30 [ 113.735622] ? kernel_clone+0x204/0x7f0 [ 113.735954] ? __pfx_futex_wake+0x10/0x10 [ 113.736299] ? __pfx_kernel_clone+0x10/0x10 [ 113.736662] ? perf_trace_lock+0xb5/0x5d0 [ 113.737013] do_futex+0x26d/0x370 [ 113.737309] ? __pfx_do_futex+0x10/0x10 [ 113.737651] ? __pfx___do_sys_clone+0x10/0x10 [ 113.738026] ? find_held_lock+0x2b/0x80 [ 113.738359] __x64_sys_futex+0x1c9/0x4d0 [ 113.738702] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.739091] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.739519] do_syscall_64+0xbf/0x360 [ 113.739837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.740260] RIP: 0033:0x7f22b62e1b19 [ 113.740565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.742044] RSP: 002b:00007fff80577238 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.742664] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22b62e1b19 [ 113.743246] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f22b63f4f68 [ 113.743822] RBP: 00007f22b63f4f60 R08: 00007f22b3857700 R09: 0000000000000000 [ 113.744403] R10: 00007f22b3857700 R11: 0000000000000246 R12: 00007f22b63f9060 [ 113.744988] R13: 00007fff80577340 R14: 00007f22b63f4f60 R15: 000000000001bb63 [ 113.745579] [ 113.745782] Modules linked in: [ 113.746054] ---[ end trace 0000000000000000 ]--- [ 113.746056] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 113.746435] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.748065] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 113.748438] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.749565] CPU: 0 UID: 0 PID: 3954 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 113.750978] RSP: 0018:ffff888042957800 EFLAGS: 00010212 [ 113.752683] Tainted: [D]=DIE, [W]=WARN [ 113.753085] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.753649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.754195] RDX: ffff88801869b700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 113.755350] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.755893] RBP: ffff888042957a70 R08: ffff88806cf31340 R09: ffffe8ffffd15d00 [ 113.756548] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.757090] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.757100] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.759786] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 113.760331] FS: 000055555d65a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 113.761344] [ 113.761758] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.762886] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 113.763023] CR2: 000055555d65bc18 CR3: 0000000020472000 CR4: 0000000000350ef0 [ 113.763837] RDX: ffff888015923700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 113.764383] Kernel panic - not syncing: Fatal exception in interrupt [ 114.807976] Shutting down cpus with NMI [ 114.809615] Kernel Offset: disabled [ 114.809913] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:52:12 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff888044f573b0 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff110089eae77 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888044f573e8 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff0fa4d5700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc5946b0547 CR3=000000000da13000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007ff0fd0467c000007ff0fd0467c8 XMM02=00007ff0fd0467e000007ff0fd0467c0 XMM03=00007ff0fd0467c800007ff0fd0467c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880429570f0 R8 =0000000000000000 R9 =ffffed1001759046 R10=0000000000000062 R11=0000000065646f43 R12=0000000000000062 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555d65a400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555d65bc18 CR3=0000000020472000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f22b63c87c000007f22b63c87c8 XMM02=00007f22b63c87e000007f22b63c87c0 XMM03=00007f22b63c87c800007f22b63c87c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000