Warning: Permanently added '[localhost]:45076' (ECDSA) to the list of known hosts. 2025/08/29 08:12:41 fuzzer started 2025/08/29 08:12:41 dialing manager at localhost:43077 syzkaller login: [ 51.122826] cgroup: Unknown subsys name 'net' [ 51.173197] cgroup: Unknown subsys name 'cpuset' [ 51.197274] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:12:53 syscalls: 2214 2025/08/29 08:12:53 code coverage: enabled 2025/08/29 08:12:53 comparison tracing: enabled 2025/08/29 08:12:53 extra coverage: enabled 2025/08/29 08:12:53 setuid sandbox: enabled 2025/08/29 08:12:53 namespace sandbox: enabled 2025/08/29 08:12:53 Android sandbox: enabled 2025/08/29 08:12:53 fault injection: enabled 2025/08/29 08:12:53 leak checking: enabled 2025/08/29 08:12:53 net packet injection: enabled 2025/08/29 08:12:53 net device setup: enabled 2025/08/29 08:12:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:12:53 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:12:53 USB emulation: enabled 2025/08/29 08:12:53 hci packet injection: enabled 2025/08/29 08:12:53 wifi device emulation: enabled 2025/08/29 08:12:53 802.15.4 emulation: enabled 2025/08/29 08:12:53 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:12:53 fetching corpus: 50, signal 23098/25978 (executing program) 2025/08/29 08:12:53 fetching corpus: 100, signal 32873/36573 (executing program) 2025/08/29 08:12:53 fetching corpus: 150, signal 40084/44253 (executing program) 2025/08/29 08:12:53 fetching corpus: 200, signal 47300/51687 (executing program) 2025/08/29 08:12:53 fetching corpus: 250, signal 55235/59343 (executing program) 2025/08/29 08:12:53 fetching corpus: 300, signal 58394/62701 (executing program) 2025/08/29 08:12:54 fetching corpus: 350, signal 63637/67621 (executing program) 2025/08/29 08:12:54 fetching corpus: 400, signal 67082/70946 (executing program) 2025/08/29 08:12:54 fetching corpus: 450, signal 70625/74102 (executing program) 2025/08/29 08:12:54 fetching corpus: 500, signal 74138/77235 (executing program) 2025/08/29 08:12:54 fetching corpus: 550, signal 76948/79541 (executing program) 2025/08/29 08:12:54 fetching corpus: 600, signal 78267/80690 (executing program) 2025/08/29 08:12:54 fetching corpus: 650, signal 81010/82712 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/83661 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/83744 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/83822 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/83912 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84007 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84085 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84174 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84269 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84371 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84453 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84539 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84644 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84743 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84830 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/84920 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85014 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85092 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85179 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85267 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85358 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85441 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85530 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85624 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85720 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85817 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85906 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/85995 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/86076 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/86088 (executing program) 2025/08/29 08:12:55 fetching corpus: 674, signal 82285/86088 (executing program) 2025/08/29 08:12:57 starting 8 fuzzer processes 08:12:57 executing program 0: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001}) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) 08:12:57 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/25, 0x19}], 0x1) 08:12:57 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) 08:12:57 executing program 7: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x0, 0x0, 0x8}) 08:12:57 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xff08, 0x0) r2 = getpid() r3 = pidfd_open(r2, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0xff08, 0x0) 08:12:57 executing program 4: syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$vcsu(&(0x7f00000000c0), 0x6, 0x0) pselect6(0x40, &(0x7f0000000240), &(0x7f0000000280)={0x1f}, 0x0, 0x0, 0x0) [ 66.703699] audit: type=1400 audit(1756455177.490:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:12:57 executing program 5: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000400)=[{&(0x7f0000010000)="200000004000000003000000320000000f000000000000000200000002000000008000000080000020000000d4f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b000000000100002802", 0x5e, 0x400}, {&(0x7f0000000140)="000000010000ff0100000000c000000000000000000000000000000000200020000100000000000000000000000000e6ff000100000000000035000000000000290a3cec9261b04e71b9e15d91e733f9bf294a54e3e10ea085b1550537e9fe24b5890309d5ae6fd912e1b55256d31172e146607776eac4e3e5264d68e294510601c8f51c72c6d382b9ddafaaddbc2ef5889b5b7e2c91d71f2bd37c42f274529699ca91ad99a424be301d0ff9ce9cc39219f954a98491e4969ee4c1ca4c2b44987ea4fc2d8b5c4a3b9670b73a15b84135e24e2067a37dce281d27be9b7cc147a53c6485d41f7316f8209ffbc1db9d7eba82673ca5c4b282af3302d36a13e4ac69602399f4b9ca3634a4b7232c9f", 0x10d, 0x540}, {&(0x7f0000010300)="02000000030000000400000032000f000300040000000000000000000f002f7c", 0x20, 0x1000}, {&(0x7f0000012500)="ed41000000100000d4f4655fd4f4655fd4f4655f000000000000040008", 0x1d, 0x4100}], 0x0, &(0x7f0000013800)) 08:12:57 executing program 6: r0 = getpid() ptrace$setopts(0x4206, r0, 0x8040, 0x0) [ 67.840075] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.842449] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.850558] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.862208] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.872326] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.040981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.042991] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.045149] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.046445] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.047903] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.050642] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.056726] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.059015] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.060742] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.063769] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.111673] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.114744] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.117670] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.121064] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.122669] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.123003] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.129607] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.133812] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.152893] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.159603] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.161193] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.163231] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.168304] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.170524] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.170834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.172183] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.178534] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.180118] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.180166] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.185412] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.204642] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.209045] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.215073] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.216438] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.221631] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.935236] Bluetooth: hci0: command tx timeout [ 70.127405] Bluetooth: hci1: command tx timeout [ 70.127466] Bluetooth: hci2: command tx timeout [ 70.255371] Bluetooth: hci4: command tx timeout [ 70.255752] Bluetooth: hci3: command tx timeout [ 70.255923] Bluetooth: hci5: command tx timeout [ 70.319412] Bluetooth: hci7: command tx timeout [ 70.320025] Bluetooth: hci6: command tx timeout [ 71.982500] Bluetooth: hci0: command tx timeout [ 72.175408] Bluetooth: hci2: command tx timeout [ 72.175858] Bluetooth: hci1: command tx timeout [ 72.302600] Bluetooth: hci4: command tx timeout [ 72.303033] Bluetooth: hci5: command tx timeout [ 72.304043] Bluetooth: hci3: command tx timeout [ 72.367386] Bluetooth: hci6: command tx timeout [ 72.367843] Bluetooth: hci7: command tx timeout [ 74.030514] Bluetooth: hci0: command tx timeout [ 74.223010] Bluetooth: hci1: command tx timeout [ 74.223049] Bluetooth: hci2: command tx timeout [ 74.351508] Bluetooth: hci3: command tx timeout [ 74.351964] Bluetooth: hci4: command tx timeout [ 74.352339] Bluetooth: hci5: command tx timeout [ 74.415431] Bluetooth: hci7: command tx timeout [ 74.415867] Bluetooth: hci6: command tx timeout [ 76.078416] Bluetooth: hci0: command tx timeout [ 76.270484] Bluetooth: hci1: command tx timeout [ 76.271278] Bluetooth: hci2: command tx timeout [ 76.398497] Bluetooth: hci5: command tx timeout [ 76.399252] Bluetooth: hci4: command tx timeout [ 76.400075] Bluetooth: hci3: command tx timeout [ 76.463434] Bluetooth: hci6: command tx timeout [ 76.463465] Bluetooth: hci7: command tx timeout [ 106.029906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.030592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.189032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.190372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.583860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.584929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:13:37 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) [ 106.753758] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.754387] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:13:37 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) [ 106.908131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.908984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:13:37 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) request_key(0x0, 0x0, 0x0, 0x0) 08:13:37 executing program 3: setitimer(0x0, 0x0, 0xfffffffffffffffe) [ 107.066729] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.068006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.089155] syz-executor.3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed 08:13:37 executing program 3: setitimer(0x0, 0x0, 0xfffffffffffffffe) 08:13:37 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/25, 0x19}], 0x1) 08:13:37 executing program 3: setitimer(0x0, 0x0, 0xfffffffffffffffe) [ 107.216426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.217039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:13:38 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/25, 0x19}], 0x1) [ 107.300389] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.301005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.362965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.363746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.490983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.491643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.521741] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.522369] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.664470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.665187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.744301] EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (8) [ 107.780807] EXT4-fs warning (device sda): verify_group_input:158: Reserved blocks too high (8) [ 107.804787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.805479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.834948] loop5: detected capacity change from 0 to 512 [ 107.839278] EXT4-fs (loop5): failed to parse options in superblock: ~¤ü-‹\J;–p·:¸A5âN g£}Î('¾›|ÁG¥ [ 110.005144] dump_stack_lvl+0xca/0x120 [ 110.005174] __lookup_object+0x94/0xb0 [ 110.005191] delete_object_full+0x27/0x70 [ 110.005207] free_percpu+0x30/0x1160 [ 110.005224] ? arch_uprobe_clear_state+0x16/0x140 [ 110.005244] futex_hash_free+0x38/0xc0 [ 110.005259] mmput+0x2d3/0x390 [ 110.005277] do_exit+0x79d/0x2970 [ 110.005291] ? signal_wake_up_state+0x85/0x120 [ 110.005307] ? zap_other_threads+0x2b9/0x3a0 [ 110.005322] ? __pfx_do_exit+0x10/0x10 08:13:40 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) sched_yield() [ 110.005335] ? do_group_exit+0x1c3/0x2a0 [ 110.005353] ? lock_release+0xc8/0x290 [ 110.005370] do_group_exit+0xd3/0x2a0 [ 110.005384] __x64_sys_exit_group+0x3e/0x50 [ 110.005398] x64_sys_call+0x18c5/0x18d0 [ 110.005413] do_syscall_64+0xbf/0x360 [ 110.005426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.005438] RIP: 0033:0x7f3020bcbb19 [ 110.005448] Code: Unable to access opcode bytes at 0x7f3020bcbaef. [ 110.005453] RSP: 002b:00007ffe4677d298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 110.005465] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f3020bcbb19 [ 110.005473] RDX: 00007f3020b7e72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 110.005480] RBP: 0000000000000000 R08: 0000001b2d021e44 R09: 0000000000000000 [ 110.005488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.005494] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe4677d380 [ 110.005510] [ 110.005514] kmemleak: Object (percpu) 0x607f1a638b10 (size 8): [ 110.005520] kmemleak: comm "syz-executor.3", pid 4000, jiffies 4294776888 [ 110.005527] kmemleak: min_count = 1 [ 110.005531] kmemleak: count = 0 [ 110.005535] kmemleak: flags = 0x21 [ 110.005539] kmemleak: checksum = 0 [ 110.005542] kmemleak: backtrace: [ 110.005546] pcpu_alloc_noprof+0x87a/0x1170 [ 110.005561] percpu_ref_init+0x37/0x400 [ 110.005579] blkg_alloc+0xe9/0x7d0 [ 110.005591] blkg_create+0xe08/0x1420 [ 110.005603] bio_associate_blkg_from_css+0xe06/0x1380 [ 110.005616] bio_associate_blkg+0x10e/0x2a0 [ 110.005628] bio_init+0x2dd/0x570 [ 110.005641] bio_alloc_bioset+0x4c5/0x8c0 [ 110.005655] ext4_bio_write_folio+0x8d6/0x13c0 [ 110.005671] mpage_map_and_submit_buffers+0x545/0x9d0 [ 110.005689] ext4_do_writepages+0x2125/0x38b0 [ 110.005701] ext4_writepages+0x369/0x7a0 [ 110.005712] do_writepages+0x244/0x5c0 [ 110.005725] filemap_fdatawrite_wbc+0x10b/0x150 [ 110.005739] __filemap_fdatawrite_range+0xb9/0x100 [ 110.005756] filemap_write_and_wait_range.part.0+0x89/0x110 08:13:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x3, 0x1, 0xffff}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 08:13:40 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x3, 0x1, 0xffff}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) [ 110.208065] kmemleak: Found object by alias at 0x607f1a638b14 [ 110.208085] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.208104] Tainted: [W]=WARN [ 110.208108] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.208115] Call Trace: [ 110.208119] [ 110.208124] dump_stack_lvl+0xca/0x120 [ 110.208154] __lookup_object+0x94/0xb0 [ 110.208172] delete_object_full+0x27/0x70 [ 110.208188] free_percpu+0x30/0x1160 [ 110.208209] ? arch_uprobe_clear_state+0x16/0x140 [ 110.208229] futex_hash_free+0x38/0xc0 [ 110.208244] mmput+0x2d3/0x390 [ 110.208263] do_exit+0x79d/0x2970 [ 110.208277] ? lock_release+0xc8/0x290 [ 110.208294] ? __pfx_do_exit+0x10/0x10 [ 110.208307] ? find_held_lock+0x2b/0x80 [ 110.208325] ? get_signal+0x835/0x2340 [ 110.208344] do_group_exit+0xd3/0x2a0 [ 110.208359] get_signal+0x2315/0x2340 [ 110.208381] ? __pfx_get_signal+0x10/0x10 [ 110.208397] ? do_futex+0x135/0x370 [ 110.208411] ? __pfx_do_futex+0x10/0x10 [ 110.208426] arch_do_signal_or_restart+0x80/0x790 [ 110.208444] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 110.208460] ? __x64_sys_futex+0x1c9/0x4d0 [ 110.208472] ? __x64_sys_futex+0x1d2/0x4d0 [ 110.208487] ? __pfx___x64_sys_futex+0x10/0x10 [ 110.208500] ? __pfx___do_sys_close_range+0x10/0x10 [ 110.208517] exit_to_user_mode_loop+0x8b/0x110 [ 110.208530] do_syscall_64+0x2f7/0x360 [ 110.208543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.208555] RIP: 0033:0x7f3020bcbb19 [ 110.208565] Code: Unable to access opcode bytes at 0x7f3020bcbaef. [ 110.208570] RSP: 002b:00007f301e141218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.208582] RAX: fffffffffffffe00 RBX: 00007f3020cdef68 RCX: 00007f3020bcbb19 [ 110.208590] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3020cdef68 [ 110.208597] RBP: 00007f3020cdef60 R08: 0000000000000000 R09: 0000000000000000 [ 110.208604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3020cdef6c [ 110.208611] R13: 00007ffe4677d06f R14: 00007f301e141300 R15: 0000000000022000 [ 110.208627] [ 110.208631] kmemleak: Object (percpu) 0x607f1a638b10 (size 8): [ 110.208638] kmemleak: comm "syz-executor.3", pid 4000, jiffies 4294776888 [ 110.208645] kmemleak: min_count = 1 [ 110.208649] kmemleak: count = 0 [ 110.208653] kmemleak: flags = 0x21 [ 110.208656] kmemleak: checksum = 0 [ 110.208660] kmemleak: backtrace: [ 110.208664] pcpu_alloc_noprof+0x87a/0x1170 [ 110.208678] percpu_ref_init+0x37/0x400 [ 110.208696] blkg_alloc+0xe9/0x7d0 [ 110.208708] blkg_create+0xe08/0x1420 [ 110.208720] bio_associate_blkg_from_css+0xe06/0x1380 [ 110.208733] bio_associate_blkg+0x10e/0x2a0 [ 110.208745] bio_init+0x2dd/0x570 [ 110.208758] bio_alloc_bioset+0x4c5/0x8c0 [ 110.208772] ext4_bio_write_folio+0x8d6/0x13c0 [ 110.208789] mpage_map_and_submit_buffers+0x545/0x9d0 [ 110.208807] ext4_do_writepages+0x2125/0x38b0 [ 110.208819] ext4_writepages+0x369/0x7a0 [ 110.208830] do_writepages+0x244/0x5c0 [ 110.208843] filemap_fdatawrite_wbc+0x10b/0x150 [ 110.208857] __filemap_fdatawrite_range+0xb9/0x100 [ 110.208873] filemap_write_and_wait_range.part.0+0x89/0x110 08:13:41 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b60", 0xc) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x40) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1", 0x14c) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r2, 0x4, 0x44000) sendfile(r2, r3, 0x0, 0xfdef) sendfile(r0, r1, 0x0, 0xfdef) 08:13:41 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="380100001a0001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000f7ffffff006c000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f24f17d10000000a0000000000000000000000480003"], 0x138}}, 0x0) 08:13:41 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chroot(0x0) 08:13:41 executing program 6: rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) 08:13:41 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b60", 0xc) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x40) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1", 0x14c) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r2, 0x4, 0x44000) sendfile(r2, r3, 0x0, 0xfdef) sendfile(r0, r1, 0x0, 0xfdef) 08:13:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x3, 0x1, 0xffff}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 08:13:41 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x3, 0x1, 0xffff}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 08:13:41 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) [ 110.960006] audit: type=1400 audit(1756455221.743:8): avc: denied { open } for pid=4014 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.978060] audit: type=1400 audit(1756455221.743:9): avc: denied { kernel } for pid=4014 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:13:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x3, 0x1, 0xffff}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) [ 111.006073] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 111.007264] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 111.008133] CPU: 1 UID: 0 PID: 4023 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.010102] Tainted: [W]=WARN [ 111.010889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.012933] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.013933] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.018120] RSP: 0018:ffff888040eaf780 EFLAGS: 00010012 [ 111.019201] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002a06000 [ 111.020795] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 111.021613] RBP: ffff888040eaf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 111.022409] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.023203] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 111.024001] FS: 00007eff9d489700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.024883] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.025529] CR2: 00007effa0027018 CR3: 000000000d06c000 CR4: 0000000000350ef0 [ 111.026309] Call Trace: [ 111.026599] [ 111.026857] ? __pfx_perf_tp_event+0x10/0x10 [ 111.027359] ? __lock_acquire+0x694/0x1b70 [ 111.027847] ? lock_acquire+0x15e/0x2f0 [ 111.028294] ? __is_insn_slot_addr+0x2e/0x290 [ 111.028823] ? find_held_lock+0x2b/0x80 [ 111.029279] ? __is_insn_slot_addr+0x136/0x290 [ 111.029814] ? lock_release+0xc8/0x290 [ 111.030257] ? __is_insn_slot_addr+0x140/0x290 [ 111.030797] ? kernel_text_address+0x5b/0xc0 [ 111.031306] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 111.031921] ? __kernel_text_address+0xd/0x40 [ 111.032437] ? unwind_get_return_address+0x59/0xa0 [ 111.032999] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 111.033605] ? arch_stack_walk+0x9c/0xf0 [ 111.034064] ? perf_trace_run_bpf_submit+0xef/0x180 [ 111.034633] perf_trace_run_bpf_submit+0xef/0x180 [ 111.035192] perf_trace_preemptirq_template+0x259/0x430 [ 111.035805] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 111.036479] ? _raw_spin_lock_irqsave+0x53/0x60 [ 111.037016] trace_irq_disable.constprop.0+0xa6/0x100 [ 111.037588] _raw_spin_lock_irqsave+0x53/0x60 [ 111.038091] try_to_wake_up+0xa0/0x11d0 [ 111.038544] ? __pfx_try_to_wake_up+0x10/0x10 [ 111.039047] ? plist_del+0x122/0x270 [ 111.039472] ? find_held_lock+0x2b/0x80 [ 111.039921] ? futex_wake+0x474/0x540 [ 111.040355] wake_up_q+0xa1/0x130 [ 111.040755] futex_wake+0x47e/0x540 [ 111.041168] ? __pfx_futex_wake+0x10/0x10 [ 111.041641] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 111.042213] ? kasan_quarantine_put+0x84/0x1e0 [ 111.042723] ? kmem_cache_free+0x2a1/0x540 [ 111.043188] ? putname.part.0+0x11b/0x160 [ 111.043664] do_futex+0x26d/0x370 [ 111.044056] ? __pfx_do_futex+0x10/0x10 [ 111.044499] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.045005] ? find_held_lock+0x2b/0x80 [ 111.045474] __x64_sys_futex+0x1c9/0x4d0 [ 111.045936] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 111.046601] ? __pfx___x64_sys_futex+0x10/0x10 [ 111.047116] ? xfd_validate_state+0x55/0x180 [ 111.047637] do_syscall_64+0xbf/0x360 [ 111.048064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.048635] RIP: 0033:0x7eff9ff13b19 [ 111.049048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.051020] RSP: 002b:00007eff9d489218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.051854] RAX: ffffffffffffffda RBX: 00007effa0026f68 RCX: 00007eff9ff13b19 [ 111.052635] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007effa0026f6c [ 111.053394] RBP: 00007effa0026f60 R08: 000000000000000e R09: 0000000000000000 [ 111.054165] R10: 0000000000000003 R11: 0000000000000246 R12: 00007effa0026f6c [ 111.054931] R13: 00007ffdc1f8de4f R14: 00007eff9d489300 R15: 0000000000022000 [ 111.055727] [ 111.055988] Modules linked in: [ 111.056350] ---[ end trace 0000000000000000 ]--- [ 111.056867] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.057394] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.059327] RSP: 0018:ffff888040eaf780 EFLAGS: 00010012 [ 111.059904] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002a06000 [ 111.060673] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 111.061435] RBP: ffff888040eaf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 111.062210] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.062980] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 111.063773] FS: 00007eff9d489700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.064643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.065272] CR2: 00007effa0027018 CR3: 000000000d06c000 CR4: 0000000000350ef0 [ 111.066046] note: syz-executor.3[4023] exited with irqs disabled [ 111.066831] note: syz-executor.3[4023] exited with preempt_count 2 [ 111.069994] kmemleak: Found object by alias at 0x607f1a638b14 [ 111.070010] CPU: 1 UID: 0 PID: 4012 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.070035] Tainted: [D]=DIE, [W]=WARN [ 111.070041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.070049] Call Trace: [ 111.070053] [ 111.070058] dump_stack_lvl+0xca/0x120 [ 111.070083] __lookup_object+0x94/0xb0 [ 111.070103] delete_object_full+0x27/0x70 [ 111.070123] free_percpu+0x30/0x1160 [ 111.070144] ? arch_uprobe_clear_state+0x16/0x140 [ 111.070166] futex_hash_free+0x38/0xc0 [ 111.070182] mmput+0x2d3/0x390 [ 111.070205] do_exit+0x79d/0x2970 [ 111.070222] ? signal_wake_up_state+0x85/0x120 [ 111.070242] ? zap_other_threads+0x2b9/0x3a0 [ 111.070261] ? __pfx_do_exit+0x10/0x10 [ 111.070278] ? do_group_exit+0x1c3/0x2a0 [ 111.070295] ? lock_release+0xc8/0x290 [ 111.070313] do_group_exit+0xd3/0x2a0 [ 111.070331] __x64_sys_exit_group+0x3e/0x50 [ 111.070354] x64_sys_call+0x18c5/0x18d0 [ 111.070373] do_syscall_64+0xbf/0x360 [ 111.070386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.070401] RIP: 0033:0x7f3020bcbb19 [ 111.070412] Code: Unable to access opcode bytes at 0x7f3020bcbaef. [ 111.070418] RSP: 002b:00007ffe4677d298 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 111.070433] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f3020bcbb19 [ 111.070442] RDX: 00007f3020b7e72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 111.070452] RBP: 0000000000000000 R08: 0000001b2d021ec8 R09: 0000000000000000 [ 111.070461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.070470] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe4677d380 [ 111.070483] [ 111.070488] kmemleak: Object (percpu) 0x607f1a638b10 (size 8): [ 111.070497] kmemleak: comm "syz-executor.0", pid 4017, jiffies 4294777901 [ 111.070506] kmemleak: min_count = 1 [ 111.070512] kmemleak: count = 0 [ 111.070516] kmemleak: flags = 0x21 [ 111.070521] kmemleak: checksum = 0 [ 111.070526] kmemleak: backtrace: [ 111.070531] pcpu_alloc_noprof+0x87a/0x1170 [ 111.070551] perf_trace_event_init+0x366/0xa10 [ 111.070568] perf_trace_init+0x1a4/0x2f0 [ 111.070584] perf_tp_event_init+0xa6/0x120 [ 111.070604] perf_try_init_event+0x140/0x9f0 [ 111.070621] perf_event_alloc.part.0+0x118e/0x45f0 [ 111.070643] __do_sys_perf_event_open+0x719/0x2c20 [ 111.070660] do_syscall_64+0xbf/0x360 [ 111.070671] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:13:41 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="380100001a0001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000f7ffffff006c000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f24f17d10000000a0000000000000000000000480003"], 0x138}}, 0x0) 08:13:41 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000640), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000680)={'\x00', 0x0, 0x4}) 08:13:41 executing program 6: rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) 08:13:42 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:42 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="380100001a0001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000f7ffffff006c000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f24f17d10000000a0000000000000000000000480003"], 0x138}}, 0x0) 08:13:42 executing program 7: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:42 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chroot(0x0) 08:13:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000640), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000680)={'\x00', 0x0, 0x4}) 08:13:42 executing program 6: rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) 08:13:42 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b60", 0xc) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x40) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r2, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1", 0x14c) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r2, 0x4, 0x44000) sendfile(r2, r3, 0x0, 0xfdef) sendfile(r0, r1, 0x0, 0xfdef) 08:13:42 executing program 6: rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) 08:13:42 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chroot(0x0) 08:13:42 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:42 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chroot(0x0) 08:13:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000640), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000680)={'\x00', 0x0, 0x4}) 08:13:42 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="380100001a0001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000f7ffffff006c000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f24f17d10000000a0000000000000000000000480003"], 0x138}}, 0x0) 08:13:42 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:42 executing program 7: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:42 executing program 6: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000640), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000680)={'\x00', 0x0, 0x4}) 08:13:43 executing program 0: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 7: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 6: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 6: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 0: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 7: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 0: mbind(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x4001, &(0x7f0000000000)=0x1, 0x6, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='numa_maps\x00') preadv(r0, &(0x7f0000001800)=[{&(0x7f0000001400)=""/228, 0xe4}], 0x1, 0x0, 0x0) 08:13:43 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0) 08:13:43 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chroot(0x0) 08:13:43 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000640), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000680)={'\x00', 0x0, 0x4}) 08:13:43 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='syscall\x00') pread64(r0, &(0x7f0000000140)=""/178, 0xb2, 0x0) 08:13:43 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/timers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000000)=""/123, 0x7b, 0x0) 08:13:43 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 08:13:43 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000480)={0x0, 0xfffffffffffffff8}) 08:13:43 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) [ 112.858904] Oops: general protection fault, probably for non-canonical address 0xffffffff81893f: 0000 [#2] SMP KASAN NOPTI [ 112.859839] CPU: 0 UID: 0 PID: 4110 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 112.860789] Tainted: [D]=DIE, [W]=WARN [ 112.861097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.861749] RIP: 0010:retbleed_return_thunk+0x0/0x10 [ 112.862170] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc f6 cc 0f ae e8 eb f9 cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 112.863635] RSP: 0018:ffff8880172a7750 EFLAGS: 00010246 [ 112.864063] RAX: 00ffffffff81893f RBX: ffff888009648001 RCX: ffffc90002a06000 [ 112.864632] RDX: ffff88806ce31340 RSI: ffff8880172a78c0 RDI: ffff888009648001 [ 112.865170] RBP: ffff88800964814d R08: 0000000000000001 R09: ffffed10012c9096 [ 112.865701] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 112.866263] R13: ffff88806ce31340 R14: 0000000000000000 R15: ffff888009648445 [ 112.866833] FS: 00007eff9d489700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 112.867497] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.867961] CR2: 0000001b2d422000 CR3: 0000000020699000 CR4: 0000000000350ef0 [ 112.868530] Call Trace: [ 112.868740] [ 112.868931] ? __perf_event_overflow+0x2c5/0xc50 [ 112.869318] ? event_sched_in+0x701/0xb60 [ 112.869665] ? perf_swevent_event+0x1d7/0x3f0 [ 112.870036] ? perf_tp_event+0x497/0xe70 [ 112.870367] ? perf_swevent_event+0x134/0x3f0 [ 112.870739] ? __pfx_perf_tp_event+0x10/0x10 [ 112.871099] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.871517] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.871920] ? perf_swevent_event+0x134/0x3f0 [ 112.872287] ? perf_tp_event+0x807/0xe70 [ 112.872627] ? __pfx_perf_tp_event+0x10/0x10 [ 112.872984] ? perf_ctx_unlock+0x73/0x160 [ 112.873316] ? __perf_install_in_context+0x503/0xb90 [ 112.873729] ? do_raw_spin_unlock+0x53/0x220 [ 112.874092] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.874496] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.874903] ? perf_trace_lock+0x337/0x5d0 [ 112.875248] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.875638] ? get_futex_key+0x592/0x14a0 [ 112.875973] ? futex_ref_get+0x114/0x300 [ 112.876298] ? futex_hash+0x15c/0x390 [ 112.876608] ? lock_release+0x1ab/0x290 [ 112.876935] ? futex_hash+0x15c/0x390 [ 112.877241] ? futex_ref_get+0x119/0x300 [ 112.877572] ? futex_hash+0x15c/0x390 [ 112.877879] ? futex_hash+0x70/0x390 [ 112.878183] ? futex_wake+0x143/0x540 [ 112.878504] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.878872] ? __pfx___mutex_lock+0x10/0x10 [ 112.879226] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.879661] ? __pfx_futex_wake+0x10/0x10 [ 112.880001] ? lock_release+0x1c7/0x290 [ 112.880321] ? fd_install+0x1f0/0x660 [ 112.880634] ? do_futex+0x26d/0x370 [ 112.880935] ? __pfx_do_futex+0x10/0x10 [ 112.881257] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.881688] ? count_memcg_events+0x32b/0x420 [ 112.882056] ? __x64_sys_futex+0x1c9/0x4d0 [ 112.882401] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.882771] ? xfd_validate_state+0x55/0x180 [ 112.883141] ? do_syscall_64+0xbf/0x360 [ 112.883471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.883904] [ 112.884094] Modules linked in: [ 112.884390] Oops: general protection fault, probably for non-canonical address 0xe1fffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 112.885261] KASAN: maybe wild-memory-access in range [0x1000000000000190-0x1000000000000197] [ 112.885922] CPU: 0 UID: 0 PID: 4110 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 112.886852] Tainted: [D]=DIE, [W]=WARN [ 112.887154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.887808] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.888183] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.889603] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 112.890023] RAX: 0200000000000032 RBX: 0fffffffffffffa0 RCX: ffffffff81898a44 [ 112.890580] RDX: ffff88800fc45280 RSI: ffffffff818995b7 RDI: 1000000000000190 [ 112.891140] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15b10 [ 112.891710] R10: 0000000000000001 R11: ffff88806ce37018 R12: dffffc0000000000 [ 112.892267] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 112.892830] FS: 00007eff9d489700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 112.893459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.893918] CR2: 0000001b2d422000 CR3: 0000000020699000 CR4: 0000000000350ef0 [ 112.894478] Call Trace: [ 112.894685] [ 112.894861] ? arch_stack_walk+0x9c/0xf0 [ 112.895191] ? __pfx_perf_tp_event+0x10/0x10 [ 112.895557] ? trace_pelt_se_tp+0xdf/0x130 [ 112.895893] ? __update_load_avg_se+0x428/0xa40 [ 112.896274] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 112.896719] ? __resched_curr+0x2a2/0x330 [ 112.897052] ? __pfx___resched_curr+0x10/0x10 [ 112.897418] ? kvm_sched_clock_read+0x16/0x30 [ 112.897787] ? sched_clock+0x37/0x60 [ 112.898095] ? sched_clock_cpu+0x6c/0x4e0 [ 112.898433] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.898831] perf_trace_run_bpf_submit+0xef/0x180 [ 112.899221] perf_trace_lock+0x337/0x5d0 [ 112.899556] ? place_entity+0x300/0x410 [ 112.899876] ? kvm_sched_clock_read+0x16/0x30 [ 112.900237] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.900605] ? check_preempt_wakeup_fair+0x6e/0x950 [ 112.901006] ? sched_ttwu_pending+0x2e0/0x4a0 [ 112.901369] lock_release+0x1ab/0x290 [ 112.901676] ? ttwu_do_activate+0x1a4/0x8a0 [ 112.902023] _raw_spin_unlock+0x16/0x40 [ 112.902344] sched_ttwu_pending+0x2e0/0x4a0 [ 112.902691] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 112.903079] ? hrtimer_interrupt+0x652/0x830 [ 112.903486] __flush_smp_call_function_queue+0x434/0x740 [ 112.903923] __sysvec_call_function_single+0x6d/0x370 [ 112.904343] sysvec_call_function_single+0xa1/0xc0 [ 112.904739] [ 112.904921] [ 112.905104] asm_sysvec_call_function_single+0x1a/0x20 [ 112.905526] RIP: 0010:oops_exit+0x0/0x50 [ 112.905856] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 112.907226] RSP: 0018:ffff8880172a75e0 EFLAGS: 00000202 [ 112.907660] RAX: 000000000002b191 RBX: 0000000000000212 RCX: ffffc90002a06000 [ 112.908221] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 112.908798] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 112.909365] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880172a76a8 [ 112.909943] R13: 0000000000000000 R14: 00ffffffff81893f R15: 0000000000000000 [ 112.910519] ? oops_end+0x4a/0xe0 [ 112.910812] oops_end+0x65/0xe0 [ 112.911093] exc_general_protection+0x1a2/0x330 [ 112.911487] asm_exc_general_protection+0x26/0x30 [ 112.911879] RIP: 0010:retbleed_return_thunk+0x0/0x10 [ 112.912289] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc f6 cc 0f ae e8 eb f9 cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 112.913743] RSP: 0018:ffff8880172a7750 EFLAGS: 00010246 [ 112.914201] RAX: 00ffffffff81893f RBX: ffff888009648001 RCX: ffffc90002a06000 [ 112.914779] RDX: ffff88806ce31340 RSI: ffff8880172a78c0 RDI: ffff888009648001 [ 112.915363] RBP: ffff88800964814d R08: 0000000000000001 R09: ffffed10012c9096 [ 112.915991] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 112.916598] R13: ffff88806ce31340 R14: 0000000000000000 R15: ffff888009648445 [ 112.917195] ? __perf_event_overflow+0x2c5/0xc50 [ 112.917604] ? event_sched_in+0x701/0xb60 [ 112.917948] ? perf_swevent_event+0x1d7/0x3f0 [ 112.918320] ? perf_tp_event+0x497/0xe70 [ 112.918690] ? perf_swevent_event+0x134/0x3f0 [ 112.919083] ? __pfx_perf_tp_event+0x10/0x10 [ 112.919472] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.919881] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.920307] ? perf_swevent_event+0x134/0x3f0 [ 112.920694] ? perf_tp_event+0x807/0xe70 [ 112.921048] ? __pfx_perf_tp_event+0x10/0x10 [ 112.921414] ? perf_ctx_unlock+0x73/0x160 [ 112.921766] ? __perf_install_in_context+0x503/0xb90 [ 112.922184] ? do_raw_spin_unlock+0x53/0x220 [ 112.922552] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.922966] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.923420] ? perf_trace_lock+0x337/0x5d0 [ 112.923791] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.924186] ? get_futex_key+0x592/0x14a0 [ 112.924534] ? futex_ref_get+0x114/0x300 [ 112.924862] ? futex_hash+0x15c/0x390 [ 112.925190] ? lock_release+0x1ab/0x290 [ 112.925513] ? futex_hash+0x15c/0x390 [ 112.925830] ? futex_ref_get+0x119/0x300 [ 112.926154] ? futex_hash+0x15c/0x390 [ 112.926459] ? futex_hash+0x70/0x390 [ 112.926759] ? futex_wake+0x143/0x540 [ 112.927067] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.927445] ? __pfx___mutex_lock+0x10/0x10 [ 112.927792] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.928241] ? __pfx_futex_wake+0x10/0x10 [ 112.928593] ? lock_release+0x1c7/0x290 [ 112.928918] ? fd_install+0x1f0/0x660 [ 112.929242] ? do_futex+0x26d/0x370 [ 112.929556] ? __pfx_do_futex+0x10/0x10 [ 112.929889] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.930324] ? count_memcg_events+0x32b/0x420 [ 112.930709] ? __x64_sys_futex+0x1c9/0x4d0 [ 112.931055] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.931435] ? xfd_validate_state+0x55/0x180 [ 112.931798] ? do_syscall_64+0xbf/0x360 [ 112.932117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.932563] [ 112.932769] Modules linked in: [ 112.933040] ---[ end trace 0000000000000000 ]--- [ 112.933440] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.933821] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.935274] RSP: 0018:ffff888040eaf780 EFLAGS: 00010012 [ 112.935713] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002a06000 [ 112.936274] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 112.936849] RBP: ffff888040eaf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 112.937451] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.938025] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 112.938611] FS: 00007eff9d489700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 112.939261] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.939774] CR2: 0000001b2d422000 CR3: 0000000020699000 CR4: 0000000000350ef0 [ 112.940363] Kernel panic - not syncing: Fatal exception in interrupt [ 112.941138] Kernel Offset: disabled [ 112.941455] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:13:41 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff88800fc45280 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888042dd7988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555f314400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=000000000cbf9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff000000000000ff000000000000ff XMM01=63007465737061630074656770616300 XMM02=00000000000000000000000000000000 XMM03=00007f69760637c800007f69760637c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000058 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888040eaf0f0 R8 =0000000000000000 R9 =ffffed1001647046 R10=0000000000000058 R11=6666666666662052 R12=0000000000000058 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007eff9d489700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007effa0027018 CR3=000000000d06c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007eff9fffa7c000007eff9fffa7c8 XMM02=00007eff9fffa7e000007eff9fffa7c0 XMM03=00007eff9fffa7c800007eff9fffa7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000