Warning: Permanently added '[localhost]:62692' (ECDSA) to the list of known hosts.
2025/08/29 08:17:54 fuzzer started
2025/08/29 08:17:54 dialing manager at localhost:43077
syzkaller login: [ 51.878842] cgroup: Unknown subsys name 'net'
[ 51.958356] cgroup: Unknown subsys name 'cpuset'
[ 51.974292] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:18:05 syscalls: 2214
2025/08/29 08:18:05 code coverage: enabled
2025/08/29 08:18:05 comparison tracing: enabled
2025/08/29 08:18:05 extra coverage: enabled
2025/08/29 08:18:05 setuid sandbox: enabled
2025/08/29 08:18:05 namespace sandbox: enabled
2025/08/29 08:18:05 Android sandbox: enabled
2025/08/29 08:18:05 fault injection: enabled
2025/08/29 08:18:05 leak checking: enabled
2025/08/29 08:18:05 net packet injection: enabled
2025/08/29 08:18:05 net device setup: enabled
2025/08/29 08:18:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:18:05 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:18:05 USB emulation: enabled
2025/08/29 08:18:05 hci packet injection: enabled
2025/08/29 08:18:05 wifi device emulation: enabled
2025/08/29 08:18:05 802.15.4 emulation: enabled
2025/08/29 08:18:05 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:18:05 fetching corpus: 50, signal 29575/32231 (executing program)
2025/08/29 08:18:05 fetching corpus: 100, signal 38038/41480 (executing program)
2025/08/29 08:18:05 fetching corpus: 150, signal 43830/47813 (executing program)
2025/08/29 08:18:05 fetching corpus: 200, signal 51396/55493 (executing program)
2025/08/29 08:18:05 fetching corpus: 250, signal 54906/59344 (executing program)
2025/08/29 08:18:05 fetching corpus: 300, signal 59372/63879 (executing program)
2025/08/29 08:18:06 fetching corpus: 350, signal 63227/67650 (executing program)
2025/08/29 08:18:06 fetching corpus: 400, signal 67256/71422 (executing program)
2025/08/29 08:18:06 fetching corpus: 450, signal 71408/75209 (executing program)
2025/08/29 08:18:06 fetching corpus: 500, signal 72898/76708 (executing program)
2025/08/29 08:18:06 fetching corpus: 550, signal 75549/79034 (executing program)
2025/08/29 08:18:06 fetching corpus: 600, signal 78378/81284 (executing program)
2025/08/29 08:18:06 fetching corpus: 650, signal 80081/82636 (executing program)
2025/08/29 08:18:07 fetching corpus: 700, signal 83888/85304 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/85627 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/85714 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/85811 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/85892 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/85974 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86066 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86158 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86243 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86326 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86403 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86473 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86565 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86656 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86733 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86820 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/86915 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87003 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87096 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87173 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87263 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87337 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87437 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87521 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87607 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87712 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87797 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87867 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87932 (executing program)
2025/08/29 08:18:07 fetching corpus: 715, signal 84204/87932 (executing program)
2025/08/29 08:18:09 starting 8 fuzzer processes
08:18:09 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
08:18:09 executing program 2:
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
08:18:09 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
08:18:09 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_MODES={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x1c}}, 0x0)
08:18:09 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
08:18:09 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
r1 = dup2(r0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x0, 0x1, 0xfffff871})
08:18:09 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)={0x24, 0x6d, 0x1, 0x0, 0x0, "", [@generic="21cfb66a65ea2ebae06ee83b84d244bee8"]}, 0x24}], 0x1}, 0x0)
08:18:09 executing program 6:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
write$P9_RMKDIR(r1, &(0x7f0000000300)={0x14}, 0x14)
fadvise64(r0, 0xfffffffffffffffe, 0x0, 0x4)
[ 66.473862] audit: type=1400 audit(1756455489.463:7): avc: denied { execmem } for pid=271 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 67.717559] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.720854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.724490] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.729751] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.733955] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.843029] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.852736] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.855623] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.861917] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.863771] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.864923] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.866910] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.868790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.870444] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.873431] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.877699] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.883749] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.887844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.890793] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.898380] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.898765] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.899626] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.905033] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.906855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.910553] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.914431] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.915900] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.919616] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.922505] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 67.925488] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.927657] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.929810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.931780] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.934701] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.940661] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.956609] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.959102] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 67.976509] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 67.977976] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.991358] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 69.748703] Bluetooth: hci0: command tx timeout
[ 70.003742] Bluetooth: hci5: command tx timeout
[ 70.003942] Bluetooth: hci1: command tx timeout
[ 70.005139] Bluetooth: hci3: command tx timeout
[ 70.005650] Bluetooth: hci2: command tx timeout
[ 70.067325] Bluetooth: hci4: command tx timeout
[ 70.068566] Bluetooth: hci7: command tx timeout
[ 70.069033] Bluetooth: hci6: command tx timeout
[ 71.795692] Bluetooth: hci0: command tx timeout
[ 72.051421] Bluetooth: hci3: command tx timeout
[ 72.051863] Bluetooth: hci1: command tx timeout
[ 72.052380] Bluetooth: hci5: command tx timeout
[ 72.052793] Bluetooth: hci2: command tx timeout
[ 72.116323] Bluetooth: hci7: command tx timeout
[ 72.116742] Bluetooth: hci6: command tx timeout
[ 72.116794] Bluetooth: hci4: command tx timeout
[ 73.843342] Bluetooth: hci0: command tx timeout
[ 74.100317] Bluetooth: hci5: command tx timeout
[ 74.100381] Bluetooth: hci2: command tx timeout
[ 74.100786] Bluetooth: hci1: command tx timeout
[ 74.102286] Bluetooth: hci3: command tx timeout
[ 74.163302] Bluetooth: hci4: command tx timeout
[ 74.164309] Bluetooth: hci7: command tx timeout
[ 74.164691] Bluetooth: hci6: command tx timeout
[ 75.891354] Bluetooth: hci0: command tx timeout
[ 76.148674] Bluetooth: hci1: command tx timeout
[ 76.149131] Bluetooth: hci2: command tx timeout
[ 76.149590] Bluetooth: hci5: command tx timeout
[ 76.149651] Bluetooth: hci3: command tx timeout
[ 76.212323] Bluetooth: hci7: command tx timeout
[ 76.212366] Bluetooth: hci6: command tx timeout
[ 76.213105] Bluetooth: hci4: command tx timeout
[ 104.347999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.348679] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.587247] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.587850] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.743410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.744067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.948725] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.950266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:18:48 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
r1 = dup2(r0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x0, 0x1, 0xfffff871})
08:18:48 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
r1 = dup2(r0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x0, 0x1, 0xfffff871})
[ 105.380017] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 105.516927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.518102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.615132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.615954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.710082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.710775] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.819762] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.820383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.848274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.848824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.913757] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.914386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.038534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.039235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.079020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.080023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.131429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.132079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.184159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.184794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.327681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 106.395261] audit: type=1400 audit(1756455529.385:8): avc: denied { open } for pid=3898 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 106.400074] audit: type=1400 audit(1756455529.385:9): avc: denied { kernel } for pid=3898 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 106.458174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.458928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.494719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.495315] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:18:49 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
08:18:49 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
08:18:49 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
r1 = dup2(r0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x0, 0x1, 0xfffff871})
08:18:49 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgsnd(0x0, 0x0, 0x0, 0x0)
08:18:49 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_MODES={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x1c}}, 0x0)
08:18:49 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
08:18:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)={0x24, 0x6d, 0x1, 0x0, 0x0, "", [@generic="21cfb66a65ea2ebae06ee83b84d244bee8"]}, 0x24}], 0x1}, 0x0)
08:18:49 executing program 6:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
write$P9_RMKDIR(r1, &(0x7f0000000300)={0x14}, 0x14)
fadvise64(r0, 0xfffffffffffffffe, 0x0, 0x4)
[ 106.664536] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
08:18:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)={0x24, 0x6d, 0x1, 0x0, 0x0, "", [@generic="21cfb66a65ea2ebae06ee83b84d244bee8"]}, 0x24}], 0x1}, 0x0)
08:18:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
08:18:49 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
08:18:49 executing program 6:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
write$P9_RMKDIR(r1, &(0x7f0000000300)={0x14}, 0x14)
fadvise64(r0, 0xfffffffffffffffe, 0x0, 0x4)
08:18:49 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_MODES={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x1c}}, 0x0)
08:18:49 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
08:18:49 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgsnd(0x0, 0x0, 0x0, 0x0)
08:18:49 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
[ 106.784971] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 106.820179] kmemleak: Found object by alias at 0x607f1a639874
[ 106.820194] CPU: 1 UID: 0 PID: 3927 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.820217] Tainted: [W]=WARN
[ 106.820221] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.820228] Call Trace:
[ 106.820233]
[ 106.820237] dump_stack_lvl+0xca/0x120
[ 106.820265] __lookup_object+0x94/0xb0
[ 106.820282] delete_object_full+0x27/0x70
[ 106.820298] free_percpu+0x30/0x1160
[ 106.820314] ? arch_uprobe_clear_state+0x16/0x140
[ 106.820334] futex_hash_free+0x38/0xc0
[ 106.820349] mmput+0x2d3/0x390
[ 106.820367] do_exit+0x79d/0x2970
[ 106.820380] ? lock_release+0xc8/0x290
[ 106.820398] ? __pfx_do_exit+0x10/0x10
[ 106.820411] ? find_held_lock+0x2b/0x80
[ 106.820428] ? get_signal+0x835/0x2340
[ 106.820448] do_group_exit+0xd3/0x2a0
[ 106.820462] get_signal+0x2315/0x2340
[ 106.820480] ? __fget_files+0x203/0x3b0
[ 106.820495] ? __pfx_get_signal+0x10/0x10
[ 106.820511] ? do_futex+0x135/0x370
[ 106.820524] ? __pfx_do_futex+0x10/0x10
[ 106.820540] arch_do_signal_or_restart+0x80/0x790
[ 106.820560] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 106.820577] ? __x64_sys_futex+0x1c9/0x4d0
[ 106.820589] ? __x64_sys_futex+0x1d2/0x4d0
[ 106.820604] ? __pfx___x64_sys_futex+0x10/0x10
[ 106.820617] ? xfd_validate_state+0x55/0x180
[ 106.820637] exit_to_user_mode_loop+0x8b/0x110
[ 106.820650] do_syscall_64+0x2f7/0x360
[ 106.820663] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.820675] RIP: 0033:0x7f7a4e79bb19
[ 106.820684] Code: Unable to access opcode bytes at 0x7f7a4e79baef.
[ 106.820689] RSP: 002b:00007f7a4bd11218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 106.820700] RAX: fffffffffffffe00 RBX: 00007f7a4e8aef68 RCX: 00007f7a4e79bb19
[ 106.820708] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7a4e8aef68
[ 106.820715] RBP: 00007f7a4e8aef60 R08: 0000000000000000 R09: 0000000000000000
[ 106.820722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a4e8aef6c
[ 106.820729] R13: 00007ffe5ceab9cf R14: 00007f7a4bd11300 R15: 0000000000022000
[ 106.820744]
[ 106.820748] kmemleak: Object (percpu) 0x607f1a639870 (size 8):
[ 106.820755] kmemleak: comm "syz-executor.1", pid 3936, jiffies 4294773447
[ 106.820762] kmemleak: min_count = 1
[ 106.820766] kmemleak: count = 0
[ 106.820770] kmemleak: flags = 0x21
[ 106.820773] kmemleak: checksum = 0
[ 106.820777] kmemleak: backtrace:
[ 106.820780] pcpu_alloc_noprof+0x87a/0x1170
[ 106.820795] perf_trace_event_init+0x366/0xa10
[ 106.820808] perf_trace_init+0x1a4/0x2f0
[ 106.820820] perf_tp_event_init+0xa6/0x120
[ 106.820835] perf_try_init_event+0x140/0x9f0
[ 106.820848] perf_event_alloc.part.0+0x118e/0x45f0
[ 106.820864] __do_sys_perf_event_open+0x719/0x2c20
[ 106.820876] do_syscall_64+0xbf/0x360
[ 106.820885] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.826302] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 106.827147] kmemleak: Found object by alias at 0x607f1a63985c
[ 106.827159] CPU: 1 UID: 0 PID: 3926 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.827176] Tainted: [W]=WARN
[ 106.827179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.827185] Call Trace:
[ 106.827189]
[ 106.827192] dump_stack_lvl+0xca/0x120
[ 106.827214] __lookup_object+0x94/0xb0
[ 106.827228] delete_object_full+0x27/0x70
[ 106.827243] free_percpu+0x30/0x1160
[ 106.827257] ? arch_uprobe_clear_state+0x16/0x140
[ 106.827273] futex_hash_free+0x38/0xc0
[ 106.827285] mmput+0x2d3/0x390
[ 106.827302] do_exit+0x79d/0x2970
[ 106.827314] ? signal_wake_up_state+0x85/0x120
[ 106.827328] ? zap_other_threads+0x2b9/0x3a0
[ 106.827342] ? __pfx_do_exit+0x10/0x10
[ 106.827355] ? do_group_exit+0x1c3/0x2a0
[ 106.827368] ? lock_release+0xc8/0x290
[ 106.827381] do_group_exit+0xd3/0x2a0
[ 106.827394] __x64_sys_exit_group+0x3e/0x50
[ 106.827408] x64_sys_call+0x18c5/0x18d0
[ 106.827423] do_syscall_64+0xbf/0x360
[ 106.827432] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.827443] RIP: 0033:0x7f18ce08eb19
[ 106.827451] Code: Unable to access opcode bytes at 0x7f18ce08eaef.
[ 106.827456] RSP: 002b:00007fffb072b6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 106.827467] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f18ce08eb19
[ 106.827474] RDX: 00007f18ce04172b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 106.827481] RBP: 0000000000000000 R08: 0000001b2d021884 R09: 0000000000000000
[ 106.827488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 106.827495] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffb072b7e0
[ 106.827505]
[ 106.827509] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 106.827515] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 106.827522] kmemleak: min_count = 1
[ 106.827527] kmemleak: count = 0
[ 106.827530] kmemleak: flags = 0x21
[ 106.827534] kmemleak: checksum = 0
[ 106.827538] kmemleak: backtrace:
[ 106.827541] pcpu_alloc_noprof+0x87a/0x1170
[ 106.827555] mm_init+0x99b/0x1170
[ 106.827563] copy_process+0x3ab7/0x73c0
[ 106.827573] kernel_clone+0xea/0x7f0
[ 106.827583] __do_sys_clone+0xce/0x120
[ 106.827593] do_syscall_64+0xbf/0x360
[ 106.827601] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.867492] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 106.868115] CPU: 0 UID: 0 PID: 3741 Comm: systemd-udevd Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.869076] Tainted: [W]=WARN
[ 106.869336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.870015] RIP: 0010:perf_tp_event+0x175/0xe70
[ 106.870417] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 106.871882] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 106.872308] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 106.872868] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 106.873434] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 106.874017] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 106.874600] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 106.875170] FS: 00007fb6744bf8c0(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 106.875809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 106.876272] CR2: 0000001b2cf24000 CR3: 000000000d880000 CR4: 0000000000350ef0
[ 106.876845] Call Trace:
[ 106.877058]
[ 106.877247] ? __pfx_perf_tp_event+0x10/0x10
[ 106.877615] ? __lock_acquire+0xc65/0x1b70
[ 106.877969] ? lock_acquire+0x15e/0x2f0
[ 106.878290] ? find_held_lock+0x2b/0x80
[ 106.878616] ? finish_task_switch.isra.0+0x201/0x840
[ 106.879035] ? lock_release+0xc8/0x290
[ 106.879354] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.879781] ? finish_task_switch.isra.0+0x206/0x840
[ 106.880193] ? perf_trace_run_bpf_submit+0xef/0x180
[ 106.880597] perf_trace_run_bpf_submit+0xef/0x180
[ 106.880991] perf_trace_contention_begin+0x235/0x3e0
[ 106.881401] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 106.881855] ? lock_acquire+0x15e/0x2f0
[ 106.882173] ? inotify_update_watch+0x3a/0xad0
[ 106.882560] trace_contention_begin+0xae/0x110
[ 106.882948] __mutex_lock+0x14b/0x1020
[ 106.883273] ? inotify_update_watch+0x3a/0xad0
[ 106.883642] ? inotify_update_watch+0x3a/0xad0
[ 106.884010] ? __pfx___mutex_lock+0x10/0x10
[ 106.884361] ? __pfx_selinux_path_notify+0x10/0x10
[ 106.884758] ? find_held_lock+0x2b/0x80
[ 106.885085] ? lock_release+0xc8/0x290
[ 106.885402] ? match_exception_partial+0x238/0x2d0
[ 106.885810] inotify_update_watch+0x3a/0xad0
[ 106.886162] ? security_path_notify+0x27/0xa0
[ 106.886532] __x64_sys_inotify_add_watch+0x2c5/0x360
[ 106.886943] ? __pfx___x64_sys_inotify_add_watch+0x10/0x10
[ 106.887386] ? __secure_computing+0x18d/0x290
[ 106.887748] do_syscall_64+0xbf/0x360
[ 106.888055] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.888466] RIP: 0033:0x7fb67497e8f7
[ 106.888762] Code: f0 ff ff 73 01 c3 48 8b 0d 96 f5 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 fe 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 69 f5 0b 00 f7 d8 64 89 01 48
[ 106.890197] RSP: 002b:00007ffc38cfb7c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000fe
[ 106.890802] RAX: ffffffffffffffda RBX: 00005608731d4270 RCX: 00007fb67497e8f7
[ 106.891407] RDX: 0000000000000008 RSI: 0000560873a77070 RDI: 0000000000000009
[ 106.891966] RBP: 0000560873a3caa0 R08: 0000560837202660 R09: 0000000000000000
[ 106.892526] R10: 00007fb6744bf6c0 R11: 0000000000000202 R12: 0000000000000000
[ 106.893087] R13: 0000000000000000 R14: 00000000000007d3 R15: 00007ffc38cfb890
[ 106.893655]
[ 106.893859] Modules linked in:
[ 106.895084] ---[ end trace 0000000000000000 ]---
[ 106.896117] RIP: 0010:perf_tp_event+0x175/0xe70
[ 106.896532] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 106.897994] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 106.898440] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 106.899003] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 106.899598] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 106.900184] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 106.900765] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 106.901348] FS: 00007fb6744bf8c0(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 106.902045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 106.902529] CR2: 0000001b2cf24000 CR3: 000000000d880000 CR4: 0000000000350ef0
[ 106.903098] note: systemd-udevd[3741] exited with preempt_count 2
08:18:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)={0x24, 0x6d, 0x1, 0x0, 0x0, "", [@generic="21cfb66a65ea2ebae06ee83b84d244bee8"]}, 0x24}], 0x1}, 0x0)
[ 106.904280] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 106.905322] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 106.905931] CPU: 0 UID: 0 PID: 34 Comm: kworker/u9:1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.906850] Tainted: [D]=DIE, [W]=WARN
[ 106.907156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.907808] Workqueue: events_unbound cfg80211_wiphy_work
[ 106.908249] RIP: 0010:perf_tp_event+0x175/0xe70
[ 106.908631] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 106.910080] RSP: 0018:ffff888009a97700 EFLAGS: 00010212
[ 106.910500] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 106.911071] RDX: ffff888009a7b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 106.911636] RBP: ffff888009a97970 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 106.912197] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 106.912758] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 106.913324] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 106.913983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 106.914449] CR2: 0000001b2cf24000 CR3: 00000000421ec000 CR4: 0000000000350ef0
[ 106.915019] Call Trace:
[ 106.915229]
[ 106.915425] ? __pfx_perf_tp_event+0x10/0x10
[ 106.915791] ? arch_stack_walk+0x86/0xf0
[ 106.916123] ? ret_from_fork_asm+0x1a/0x30
[ 106.916472] ? stack_trace_save+0x8e/0xc0
[ 106.916808] ? stack_depot_save_flags+0x2c/0xa20
[ 106.917199] ? kasan_save_stack+0x34/0x50
[ 106.917553] ? kasan_save_stack+0x24/0x50
[ 106.917924] ? kasan_save_track+0x14/0x30
[ 106.918282] ? __kasan_save_free_info+0x3a/0x60
[ 106.918661] ? __kasan_slab_free+0x3f/0x50
[ 106.919015] ? kmem_cache_free+0x2a1/0x540
[ 106.919364] ? ext4_end_io_end+0x13f/0x4b0
[ 106.919447] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 106.919708] ? ext4_end_io_rsv_work+0x1b9/0x310
[ 106.920734] ? process_one_work+0x8e1/0x19c0
[ 106.921092] ? worker_thread+0x67e/0xe90
[ 106.921425] ? kthread+0x3c8/0x740
[ 106.921719] ? ret_from_fork+0x34b/0x430
[ 106.922068] ? perf_trace_run_bpf_submit+0xef/0x180
[ 106.922475] perf_trace_run_bpf_submit+0xef/0x180
[ 106.922870] perf_trace_contention_begin+0x235/0x3e0
[ 106.923278] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 106.923721] ? __pick_eevdf+0x326/0x570
[ 106.924052] ? update_curr+0x71/0x500
[ 106.924363] ? lock_acquire+0x18c/0x2f0
[ 106.924686] trace_contention_begin+0xae/0x110
[ 106.925058] __mutex_lock+0x14b/0x1020
[ 106.925381] ? cfg80211_wiphy_work+0x7e/0x480
[ 106.925740] ? cfg80211_wiphy_work+0x7e/0x480
[ 106.926115] ? lock_release+0x1c7/0x290
[ 106.926437] ? lock_release+0x1c7/0x290
[ 106.926758] ? __pfx___mutex_lock+0x10/0x10
[ 106.927109] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 106.927530] ? __pfx_try_to_wake_up+0x10/0x10
[ 106.927894] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.928316] cfg80211_wiphy_work+0x7e/0x480
[ 106.928664] process_one_work+0x8e1/0x19c0
[ 106.929018] ? __pfx_process_one_work+0x10/0x10
[ 106.929394] ? move_linked_works+0x172/0x270
[ 106.929767] ? assign_work+0x196/0x240
[ 106.930086] worker_thread+0x67e/0xe90
[ 106.930401] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.930819] ? __pfx_worker_thread+0x10/0x10
[ 106.931177] kthread+0x3c8/0x740
[ 106.931454] ? __pfx_kthread+0x10/0x10
[ 106.931767] ? ret_from_fork+0x23/0x430
[ 106.932096] ? lock_release+0xc8/0x290
[ 106.932407] ? __pfx_kthread+0x10/0x10
[ 106.932724] ret_from_fork+0x34b/0x430
[ 106.933043] ? __pfx_kthread+0x10/0x10
[ 106.933356] ret_from_fork_asm+0x1a/0x30
[ 106.933690]
[ 106.933889] Modules linked in:
[ 106.934336] ---[ end trace 0000000000000000 ]---
[ 106.934720] RIP: 0010:perf_tp_event+0x175/0xe70
[ 106.935095] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
08:18:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
[ 106.937142] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 106.937620] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 106.938204] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 106.938784] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 106.939372] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 106.939952] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 106.940539] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 106.941180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 106.941702] CR2: 0000001b2cf24000 CR3: 00000000421ec000 CR4: 0000000000350ef0
[ 106.942303] note: kworker/u9:1[34] exited with preempt_count 2
[ 106.943035] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[ 106.943949] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 106.944547] CPU: 0 UID: 0 PID: 3934 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.945530] Tainted: [D]=DIE, [W]=WARN
[ 106.945861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.946528] RIP: 0010:perf_tp_event+0x175/0xe70
[ 106.946933] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 106.948385] RSP: 0018:ffff88801b9974c0 EFLAGS: 00010212
[ 106.948824] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 106.949431] RDX: ffff888015e98000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 106.950024] RBP: ffff88801b997730 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 106.950606] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 106.951169] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 106.951733] FS: 000055558abd3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 106.952378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 106.952851] CR2: 000055558abd4c18 CR3: 0000000042718000 CR4: 0000000000350ef0
[ 106.953449] Call Trace:
[ 106.953662]
[ 106.953867] ? lock_acquire+0x18c/0x2f0
[ 106.954196] ? __pfx_perf_tp_event+0x10/0x10
[ 106.954558] ? lock_release+0x1c7/0x290
[ 106.954888] ? __is_insn_slot_addr+0x140/0x290
[ 106.955269] ? kernel_text_address+0x5b/0xc0
[ 106.955640] ? __kernel_text_address+0xd/0x40
[ 106.956015] ? unwind_get_return_address+0x59/0xa0
[ 106.956425] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 106.956863] ? arch_stack_walk+0x9c/0xf0
[ 106.957199] ? stack_trace_save+0x8e/0xc0
[ 106.957541] ? stack_depot_save_flags+0x2c/0xa20
[ 106.957934] ? __is_insn_slot_addr+0x140/0x290
[ 106.958312] ? perf_trace_run_bpf_submit+0xef/0x180
[ 106.958721] ? __kasan_kmalloc+0x7f/0x90
[ 106.959063] ? __kvmalloc_node_noprof+0x29d/0x760
[ 106.959465] ? futex_hash_allocate+0x309/0x1150
[ 106.959861] ? futex_hash_allocate_default+0x319/0x5b0
[ 106.960293] ? copy_process+0x4e05/0x73c0
[ 106.960643] ? kernel_clone+0xea/0x7f0
[ 106.960969] perf_trace_run_bpf_submit+0xef/0x180
[ 106.961376] perf_trace_contention_begin+0x235/0x3e0
[ 106.961814] ? lock_release+0x1c7/0x290
[ 106.962154] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 106.962623] ? lock_release+0x1c7/0x290
[ 106.962946] ? lock_acquire+0x18c/0x2f0
[ 106.963276] trace_contention_begin+0xae/0x110
[ 106.963664] __mutex_lock+0x14b/0x1020
[ 106.963997] ? futex_hash_allocate+0x3e8/0x1150
[ 106.964394] ? futex_hash_allocate+0x3e8/0x1150
[ 106.964770] ? __memcg_slab_post_alloc_hook+0x4ac/0x9d0
[ 106.965226] ? __pfx___mutex_lock+0x10/0x10
[ 106.965590] ? kasan_save_track+0x14/0x30
[ 106.965945] ? __kasan_kmalloc+0x7f/0x90
[ 106.966273] ? trace_kmalloc+0x1f/0xb0
[ 106.966589] ? __kvmalloc_node_noprof+0x2ba/0x760
[ 106.966982] ? futex_hash_allocate+0x309/0x1150
[ 106.967359] ? lockdep_init_map_type+0x4b/0x240
[ 106.967748] futex_hash_allocate+0x3e8/0x1150
[ 106.968118] ? do_raw_spin_lock+0x123/0x260
[ 106.968471] ? __pfx_futex_hash_allocate+0x10/0x10
[ 106.968860] ? lock_acquire+0x18c/0x2f0
[ 106.969189] ? lock_release+0x1c7/0x290
[ 106.969525] ? lock_acquire+0x18c/0x2f0
[ 106.969875] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.970314] ? lock_release+0x1c7/0x290
[ 106.970652] futex_hash_allocate_default+0x319/0x5b0
[ 106.971086] copy_process+0x4e05/0x73c0
[ 106.971423] ? __pfx_copy_process+0x10/0x10
[ 106.971780] ? lock_acquire+0x18c/0x2f0
[ 106.972100] ? lock_release+0x1c7/0x290
[ 106.972426] kernel_clone+0xea/0x7f0
[ 106.972743] ? __pfx_kernel_clone+0x10/0x10
[ 106.973108] ? vma_start_read+0x25e/0x8e0
[ 106.973456] ? vma_start_read+0x304/0x8e0
[ 106.973823] ? __pfx___handle_mm_fault+0x10/0x10
[ 106.974217] ? css_rstat_updated+0x1b8/0x4d0
[ 106.974587] ? __pfx_css_rstat_updated+0x10/0x10
[ 106.974983] __do_sys_clone+0xce/0x120
[ 106.975309] ? __pfx___do_sys_clone+0x10/0x10
[ 106.975679] ? count_memcg_events+0x32b/0x420
[ 106.976051] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.976473] do_syscall_64+0xbf/0x360
[ 106.976785] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.977204] RIP: 0033:0x7fdd39ac6f41
[ 106.977503] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 106.978951] RSP: 002b:00007fff956a92d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 106.979574] RAX: ffffffffffffffda RBX: 00007fdd3703b700 RCX: 00007fdd39ac6f41
[ 106.980143] RDX: 00007fdd3703b9d0 RSI: 00007fdd3703b2f0 RDI: 00000000003d0f00
[ 106.980716] RBP: 00007fff956a9510 R08: 00007fdd3703b700 R09: 00007fdd3703b700
[ 106.981295] R10: 00007fdd3703b9d0 R11: 0000000000000206 R12: 00007fff956a938e
[ 106.981877] R13: 00007fff956a938f R14: 00007fdd3703b300 R15: 0000000000022000
[ 106.982444]
[ 106.982639] Modules linked in:
08:18:49 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_MODES={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x1c}}, 0x0)
[ 106.982960] ---[ end trace 0000000000000000 ]---
[ 106.983992] RIP: 0010:perf_tp_event+0x175/0xe70
[ 106.984423] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 106.985891] kmemleak: Found object by alias at 0x607f1a63985c
[ 106.985896] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 106.985909] CPU: 1 UID: 0 PID: 3942 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.985929] Tainted: [D]=DIE, [W]=WARN
[ 106.985933] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.985940] Call Trace:
[ 106.985944]
[ 106.985948] dump_stack_lvl+0xca/0x120
[ 106.985972] __lookup_object+0x94/0xb0
[ 106.985987] delete_object_full+0x27/0x70
[ 106.986003] free_percpu+0x30/0x1160
[ 106.986018] ? arch_uprobe_clear_state+0x16/0x140
[ 106.986036] futex_hash_free+0x38/0xc0
[ 106.986049] mmput+0x2d3/0x390
[ 106.986067] do_exit+0x79d/0x2970
[ 106.986080] ? lock_release+0x1c7/0x290
[ 106.986094] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 106.986115] ? __pfx_do_exit+0x10/0x10
[ 106.986127] ? do_raw_spin_lock+0x123/0x260
[ 106.986143] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 106.986158] do_group_exit+0xd3/0x2a0
[ 106.986171] get_signal+0x2315/0x2340
[ 106.986190] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.986203] ? __pfx_get_signal+0x10/0x10
[ 106.986222] ? do_futex+0x135/0x370
[ 106.986235] ? __pfx_do_futex+0x10/0x10
[ 106.986247] arch_do_signal_or_restart+0x80/0x790
[ 106.986264] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 106.986280] ? __x64_sys_futex+0x1c9/0x4d0
[ 106.986292] ? __x64_sys_futex+0x1d2/0x4d0
[ 106.986304] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 106.986323] ? __pfx___x64_sys_futex+0x10/0x10
[ 106.986335] ? xfd_validate_state+0x55/0x180
[ 106.986354] exit_to_user_mode_loop+0x8b/0x110
[ 106.986367] do_syscall_64+0x2f7/0x360
[ 106.986378] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.986390] RIP: 0033:0x7f18ce08eb19
[ 106.986399] Code: Unable to access opcode bytes at 0x7f18ce08eaef.
[ 106.986404] RSP: 002b:00007f18cb604218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 106.986415] RAX: fffffffffffffe00 RBX: 00007f18ce1a1f68 RCX: 00007f18ce08eb19
[ 106.986422] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f18ce1a1f68
[ 106.986430] RBP: 00007f18ce1a1f60 R08: 0000000000000000 R09: 0000000000000000
08:18:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
08:18:49 executing program 6:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
write$P9_RMKDIR(r1, &(0x7f0000000300)={0x14}, 0x14)
fadvise64(r0, 0xfffffffffffffffe, 0x0, 0x4)
[ 106.986436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18ce1a1f6c
[ 106.986443] R13: 00007fffb072b4cf R14: 00007f18cb604300 R15: 0000000000022000
[ 106.986454]
[ 106.986457] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 106.986464] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 106.986471] kmemleak: min_count = 1
[ 106.986474] kmemleak: count = 0
[ 106.986478] kmemleak: flags = 0x21
[ 106.986482] kmemleak: checksum = 0
[ 106.986485] kmemleak: backtrace:
[ 106.986488] pcpu_alloc_noprof+0x87a/0x1170
[ 106.986503] mm_init+0x99b/0x1170
[ 106.986511] copy_process+0x3ab7/0x73c0
[ 106.986520] kernel_clone+0xea/0x7f0
[ 106.986530] __do_sys_clone+0xce/0x120
[ 106.986540] do_syscall_64+0xbf/0x360
[ 106.986548] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.990539] kmemleak: Found object by alias at 0x607f1a639874
[ 106.990550] CPU: 1 UID: 0 PID: 3943 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.990568] Tainted: [D]=DIE, [W]=WARN
[ 106.990572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.990578] Call Trace:
[ 106.990581]
[ 106.990585] dump_stack_lvl+0xca/0x120
[ 106.990602] __lookup_object+0x94/0xb0
[ 106.990616] delete_object_full+0x27/0x70
[ 106.990631] free_percpu+0x30/0x1160
[ 106.990645] ? arch_uprobe_clear_state+0x16/0x140
[ 106.990661] futex_hash_free+0x38/0xc0
[ 106.990673] mmput+0x2d3/0x390
[ 106.990690] do_exit+0x79d/0x2970
[ 106.990702] ? lock_acquire+0x18c/0x2f0
[ 106.990714] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 106.990733] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 106.990752] ? __pfx_do_exit+0x10/0x10
[ 106.990764] ? do_raw_spin_lock+0x123/0x260
[ 106.990779] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 106.990795] do_group_exit+0xd3/0x2a0
[ 106.990808] get_signal+0x2315/0x2340
[ 106.990825] ? put_task_stack+0xd2/0x240
[ 106.990837] ? __pfx_get_signal+0x10/0x10
[ 106.990853] ? __schedule+0xe91/0x3590
[ 106.990870] arch_do_signal_or_restart+0x80/0x790
[ 106.990885] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 106.990901] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 106.990920] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 106.990939] ? __pfx___x64_sys_futex+0x10/0x10
[ 106.990951] ? xfd_validate_state+0x55/0x180
[ 106.990969] exit_to_user_mode_loop+0x8b/0x110
[ 106.990979] do_syscall_64+0x2f7/0x360
[ 106.990989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.991000] RIP: 0033:0x7f7a4e79bb19
[ 106.991008] Code: Unable to access opcode bytes at 0x7f7a4e79baef.
[ 106.991012] RSP: 002b:00007f7a4bd11218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 106.991023] RAX: 0000000000000001 RBX: 00007f7a4e8aef68 RCX: 00007f7a4e79bb19
[ 106.991030] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7a4e8aef6c
[ 106.991037] RBP: 00007f7a4e8aef60 R08: 000000000000000e R09: 0000000000000000
[ 106.991044] R10: 0000000000000024 R11: 0000000000000246 R12: 00007f7a4e8aef6c
[ 106.991051] R13: 00007ffe5ceab9cf R14: 00007f7a4bd11300 R15: 0000000000022000
[ 106.991061]
[ 106.991065] kmemleak: Object (percpu) 0x607f1a639870 (size 8):
[ 106.991071] kmemleak: comm "syz-executor.1", pid 3936, jiffies 4294773447
[ 106.991078] kmemleak: min_count = 1
[ 106.991082] kmemleak: count = 0
[ 106.991086] kmemleak: flags = 0x21
[ 106.991089] kmemleak: checksum = 0
[ 106.991093] kmemleak: backtrace:
[ 106.991096] pcpu_alloc_noprof+0x87a/0x1170
[ 106.991110] perf_trace_event_init+0x366/0xa10
[ 106.991123] perf_trace_init+0x1a4/0x2f0
[ 106.991134] perf_tp_event_init+0xa6/0x120
[ 106.991149] perf_try_init_event+0x140/0x9f0
[ 106.991162] perf_event_alloc.part.0+0x118e/0x45f0
[ 106.991178] __do_sys_perf_event_open+0x719/0x2c20
[ 106.991190] do_syscall_64+0xbf/0x360
[ 106.991198] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.994018] kmemleak: Found object by alias at 0x607f1a639858
[ 106.994031] CPU: 1 UID: 0 PID: 3935 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 106.994049] Tainted: [D]=DIE, [W]=WARN
[ 106.994053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 106.994059] Call Trace:
[ 106.994062]
[ 106.994065] dump_stack_lvl+0xca/0x120
[ 106.994083] __lookup_object+0x94/0xb0
[ 106.994097] delete_object_full+0x27/0x70
[ 106.994111] free_percpu+0x30/0x1160
[ 106.994125] ? arch_uprobe_clear_state+0x16/0x140
[ 106.994141] futex_hash_free+0x38/0xc0
[ 106.994153] mmput+0x2d3/0x390
[ 106.994169] do_exit+0x79d/0x2970
[ 106.994182] ? __pfx_do_exit+0x10/0x10
[ 106.994194] ? do_raw_spin_lock+0x123/0x260
[ 106.994214] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 106.994229] do_group_exit+0xd3/0x2a0
[ 106.994242] get_signal+0x2315/0x2340
[ 106.994258] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 106.994271] ? __pfx_get_signal+0x10/0x10
[ 106.994287] ? do_futex+0x135/0x370
08:18:50 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
[ 106.994299] ? __pfx_do_futex+0x10/0x10
[ 106.994311] arch_do_signal_or_restart+0x80/0x790
[ 106.994326] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 106.994342] ? __x64_sys_futex+0x1c9/0x4d0
[ 106.994354] ? __x64_sys_futex+0x1d2/0x4d0
[ 106.994367] ? __pfx___x64_sys_futex+0x10/0x10
[ 106.994379] ? xfd_validate_state+0x55/0x180
[ 106.994396] exit_to_user_mode_loop+0x8b/0x110
[ 106.994407] do_syscall_64+0x2f7/0x360
[ 106.994417] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.994428] RIP: 0033:0x7f7aaac95b19
[ 106.994436] Code: Unable to access opcode bytes at 0x7f7aaac95aef.
[ 106.994441] RSP: 002b:00007f7aa820b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 106.994452] RAX: fffffffffffffe00 RBX: 00007f7aaada8f68 RCX: 00007f7aaac95b19
[ 106.994459] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7aaada8f68
[ 106.994466] RBP: 00007f7aaada8f60 R08: 0000000000000000 R09: 0000000000000000
[ 106.994473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7aaada8f6c
[ 106.994479] R13: 00007ffedd258c5f R14: 00007f7aa820b300 R15: 0000000000022000
[ 106.994490]
[ 106.994493] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 106.994500] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 106.994506] kmemleak: min_count = 1
[ 106.994510] kmemleak: count = 0
[ 106.994514] kmemleak: flags = 0x21
[ 106.994517] kmemleak: checksum = 0
[ 106.994521] kmemleak: backtrace:
[ 106.994523] pcpu_alloc_noprof+0x87a/0x1170
[ 106.994538] mm_init+0x99b/0x1170
[ 106.994546] copy_process+0x3ab7/0x73c0
[ 106.994555] kernel_clone+0xea/0x7f0
[ 106.994565] __do_sys_clone+0xce/0x120
[ 106.994575] do_syscall_64+0xbf/0x360
[ 106.994583] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.039319] kmemleak: Found object by alias at 0x607f1a63985c
08:18:50 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004d8000/0x3000)=nil, 0x2)
[ 107.039334] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.039353] Tainted: [D]=DIE, [W]=WARN
[ 107.039357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.039364] Call Trace:
[ 107.039367]
[ 107.039371] dump_stack_lvl+0xca/0x120
[ 107.039393] __lookup_object+0x94/0xb0
[ 107.039408] delete_object_full+0x27/0x70
[ 107.039424] free_percpu+0x30/0x1160
[ 107.039439] ? arch_uprobe_clear_state+0x16/0x140
[ 107.039456] futex_hash_free+0x38/0xc0
[ 107.039469] mmput+0x2d3/0x390
[ 107.039490] do_exit+0x79d/0x2970
[ 107.039502] ? signal_wake_up_state+0x85/0x120
[ 107.039517] ? zap_other_threads+0x2b9/0x3a0
[ 107.039531] ? __pfx_do_exit+0x10/0x10
[ 107.039544] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.039559] ? lock_release+0x1c7/0x290
[ 107.039573] do_group_exit+0xd3/0x2a0
[ 107.039586] __x64_sys_exit_group+0x3e/0x50
[ 107.039599] x64_sys_call+0x18c5/0x18d0
[ 107.039614] do_syscall_64+0xbf/0x360
[ 107.039624] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.039636] RIP: 0033:0x7f18ce08eb19
[ 107.039644] Code: Unable to access opcode bytes at 0x7f18ce08eaef.
[ 107.039649] RSP: 002b:00007fffb072b6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 107.039660] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f18ce08eb19
[ 107.039668] RDX: 00007f18ce04172b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 107.039675] RBP: 0000000000000000 R08: 0000001b2d021800 R09: 0000000000000000
[ 107.039682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 107.039688] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffb072b7e0
[ 107.039699]
[ 107.039702] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 107.039709] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 107.039715] kmemleak: min_count = 1
[ 107.039719] kmemleak: count = 0
[ 107.039723] kmemleak: flags = 0x21
[ 107.039726] kmemleak: checksum = 0
[ 107.039730] kmemleak: backtrace:
[ 107.039733] pcpu_alloc_noprof+0x87a/0x1170
[ 107.039748] mm_init+0x99b/0x1170
[ 107.039756] copy_process+0x3ab7/0x73c0
[ 107.039765] kernel_clone+0xea/0x7f0
[ 107.039775] __do_sys_clone+0xce/0x120
[ 107.039785] do_syscall_64+0xbf/0x360
[ 107.039793] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.067003] kmemleak: Found object by alias at 0x607f1a639854
[ 107.067020] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.067038] Tainted: [D]=DIE, [W]=WARN
[ 107.067042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.067048] Call Trace:
[ 107.067052]
[ 107.067056] dump_stack_lvl+0xca/0x120
[ 107.067076] __lookup_object+0x94/0xb0
[ 107.067091] delete_object_full+0x27/0x70
[ 107.067106] free_percpu+0x30/0x1160
[ 107.067122] ? arch_uprobe_clear_state+0x16/0x140
[ 107.067139] futex_hash_free+0x38/0xc0
[ 107.067152] mmput+0x2d3/0x390
[ 107.067169] do_exit+0x79d/0x2970
[ 107.067182] ? lock_release+0xc8/0x290
[ 107.067197] ? __pfx_do_exit+0x10/0x10
[ 107.067214] ? find_held_lock+0x2b/0x80
[ 107.067231] ? get_signal+0x835/0x2340
[ 107.067248] do_group_exit+0xd3/0x2a0
[ 107.067262] get_signal+0x2315/0x2340
[ 107.067279] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[ 107.067295] ? __pfx_get_signal+0x10/0x10
[ 107.067310] ? do_futex+0x135/0x370
[ 107.067323] ? __pfx_do_futex+0x10/0x10
[ 107.067335] arch_do_signal_or_restart+0x80/0x790
[ 107.067352] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.067367] ? __x64_sys_futex+0x1c9/0x4d0
[ 107.067379] ? __x64_sys_futex+0x1d2/0x4d0
[ 107.067392] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.067404] ? __sys_setsockopt+0x13f/0x1a0
[ 107.067422] exit_to_user_mode_loop+0x8b/0x110
[ 107.067435] do_syscall_64+0x2f7/0x360
[ 107.067445] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.067456] RIP: 0033:0x7eff7b056b19
[ 107.067465] Code: Unable to access opcode bytes at 0x7eff7b056aef.
[ 107.067470] RSP: 002b:00007eff785cc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.067480] RAX: fffffffffffffe00 RBX: 00007eff7b169f68 RCX: 00007eff7b056b19
[ 107.067488] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007eff7b169f68
[ 107.067495] RBP: 00007eff7b169f60 R08: 0000000000000000 R09: 0000000000000000
[ 107.067502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7b169f6c
[ 107.067509] R13: 00007fff26c8732f R14: 00007eff785cc300 R15: 0000000000022000
[ 107.067519]
[ 107.067523] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 107.067529] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 107.067536] kmemleak: min_count = 1
[ 107.067540] kmemleak: count = 0
[ 107.067543] kmemleak: flags = 0x21
[ 107.067547] kmemleak: checksum = 0
[ 107.067551] kmemleak: backtrace:
[ 107.067553] pcpu_alloc_noprof+0x87a/0x1170
[ 107.067568] mm_init+0x99b/0x1170
[ 107.067576] copy_process+0x3ab7/0x73c0
[ 107.067585] kernel_clone+0xea/0x7f0
[ 107.067595] __do_sys_clone+0xce/0x120
[ 107.067605] do_syscall_64+0xbf/0x360
[ 107.067613] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.083115] kmemleak: Found object by alias at 0x607f1a639874
[ 107.083129] CPU: 1 UID: 0 PID: 3949 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.083147] Tainted: [D]=DIE, [W]=WARN
08:18:50 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
[ 107.083150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.083156] Call Trace:
[ 107.083160]
[ 107.083164] dump_stack_lvl+0xca/0x120
[ 107.083182] __lookup_object+0x94/0xb0
[ 107.083197] delete_object_full+0x27/0x70
[ 107.083217] free_percpu+0x30/0x1160
[ 107.083231] ? arch_uprobe_clear_state+0x16/0x140
[ 107.083247] futex_hash_free+0x38/0xc0
[ 107.083259] mmput+0x2d3/0x390
[ 107.083275] do_exit+0x79d/0x2970
[ 107.083287] ? signal_wake_up_state+0x85/0x120
[ 107.083301] ? zap_other_threads+0x2b9/0x3a0
[ 107.083315] ? __pfx_do_exit+0x10/0x10
[ 107.083327] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.083343] ? lock_release+0x1c7/0x290
[ 107.083356] do_group_exit+0xd3/0x2a0
[ 107.083369] __x64_sys_exit_group+0x3e/0x50
[ 107.083382] x64_sys_call+0x18c5/0x18d0
[ 107.083396] do_syscall_64+0xbf/0x360
[ 107.083406] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.083417] RIP: 0033:0x7f7a4e79bb19
[ 107.083426] Code: Unable to access opcode bytes at 0x7f7a4e79baef.
[ 107.083431] RSP: 002b:00007ffe5ceabbf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 107.083442] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f7a4e79bb19
[ 107.083449] RDX: 00007f7a4e74e72b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 107.083456] RBP: 0000000000000000 R08: 0000001b2cc21bb4 R09: 0000000000000000
[ 107.083463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 107.083469] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe5ceabce0
[ 107.083479]
[ 107.083483] kmemleak: Object (percpu) 0x607f1a639870 (size 8):
[ 107.083489] kmemleak: comm "syz-executor.1", pid 3936, jiffies 4294773447
[ 107.083496] kmemleak: min_count = 1
[ 107.083500] kmemleak: count = 0
[ 107.083503] kmemleak: flags = 0x21
[ 107.083507] kmemleak: checksum = 0
[ 107.083511] kmemleak: backtrace:
[ 107.083513] pcpu_alloc_noprof+0x87a/0x1170
[ 107.083528] perf_trace_event_init+0x366/0xa10
[ 107.083542] perf_trace_init+0x1a4/0x2f0
[ 107.083553] perf_tp_event_init+0xa6/0x120
[ 107.083569] perf_try_init_event+0x140/0x9f0
[ 107.083581] perf_event_alloc.part.0+0x118e/0x45f0
[ 107.083597] __do_sys_perf_event_open+0x719/0x2c20
[ 107.083610] do_syscall_64+0xbf/0x360
[ 107.083618] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.110989] kmemleak: Found object by alias at 0x607f1a63985c
[ 107.111003] CPU: 1 UID: 0 PID: 3953 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.111020] Tainted: [D]=DIE, [W]=WARN
[ 107.111024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.111031] Call Trace:
[ 107.111034]
[ 107.111038] dump_stack_lvl+0xca/0x120
[ 107.111057] __lookup_object+0x94/0xb0
[ 107.111072] delete_object_full+0x27/0x70
[ 107.111087] free_percpu+0x30/0x1160
[ 107.111102] ? arch_uprobe_clear_state+0x16/0x140
[ 107.111118] futex_hash_free+0x38/0xc0
[ 107.111130] mmput+0x2d3/0x390
[ 107.111146] do_exit+0x79d/0x2970
[ 107.111160] ? lock_release+0x1c7/0x290
[ 107.111174] ? __pfx_do_exit+0x10/0x10
[ 107.111186] ? do_raw_spin_lock+0x123/0x260
[ 107.111201] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.111222] do_group_exit+0xd3/0x2a0
[ 107.111236] get_signal+0x2315/0x2340
[ 107.111255] ? __pfx_get_signal+0x10/0x10
[ 107.111270] ? do_futex+0x135/0x370
[ 107.111283] ? __pfx_do_futex+0x10/0x10
[ 107.111295] arch_do_signal_or_restart+0x80/0x790
[ 107.111312] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.111327] ? __x64_sys_futex+0x1c9/0x4d0
[ 107.111339] ? __x64_sys_futex+0x1d2/0x4d0
[ 107.111351] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.111364] ? xfd_validate_state+0x55/0x180
[ 107.111381] ? __pfx___x64_sys_shmat+0x10/0x10
[ 107.111397] exit_to_user_mode_loop+0x8b/0x110
[ 107.111409] do_syscall_64+0x2f7/0x360
[ 107.111420] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.111431] RIP: 0033:0x7f18ce08eb19
[ 107.111439] Code: Unable to access opcode bytes at 0x7f18ce08eaef.
[ 107.111444] RSP: 002b:00007f18cb604218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.111454] RAX: fffffffffffffe00 RBX: 00007f18ce1a1f68 RCX: 00007f18ce08eb19
[ 107.111462] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f18ce1a1f68
[ 107.111469] RBP: 00007f18ce1a1f60 R08: 0000000000000000 R09: 0000000000000000
[ 107.111475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18ce1a1f6c
[ 107.111482] R13: 00007fffb072b4cf R14: 00007f18cb604300 R15: 0000000000022000
[ 107.111493]
[ 107.111496] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 107.111503] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 107.111510] kmemleak: min_count = 1
[ 107.111513] kmemleak: count = 0
[ 107.111517] kmemleak: flags = 0x21
[ 107.111521] kmemleak: checksum = 0
[ 107.111524] kmemleak: backtrace:
[ 107.111527] pcpu_alloc_noprof+0x87a/0x1170
[ 107.111542] mm_init+0x99b/0x1170
[ 107.111550] copy_process+0x3ab7/0x73c0
[ 107.111560] kernel_clone+0xea/0x7f0
[ 107.111569] __do_sys_clone+0xce/0x120
[ 107.111579] do_syscall_64+0xbf/0x360
[ 107.111588] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.147651]
[ 107.147826] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.148576] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.149412] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.150170] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.150835] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.151602] FS: 000055558abd3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.152346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.152937] CR2: 000055558abd4c18 CR3: 0000000042718000 CR4: 0000000000350ef0
[ 107.153613] note: syz-executor.0[3934] exited with preempt_count 2
[ 107.156385] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[ 107.157270] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 107.157885] CPU: 0 UID: 0 PID: 58 Comm: kworker/0:2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.158795] Tainted: [D]=DIE, [W]=WARN
[ 107.159097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.159749] Workqueue: mld mld_ifc_work
[ 107.160083] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.160464] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.161900] RSP: 0018:ffff888009a576c0 EFLAGS: 00010212
[ 107.162324] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.162883] RDX: ffff88800f22d280 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.163446] RBP: ffff888009a57930 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.164003] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 107.164564] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.165131] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.165781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.166247] CR2: 000055558abd4c18 CR3: 00000000421ec000 CR4: 0000000000350ef0
[ 107.166811] Call Trace:
[ 107.167018]
[ 107.167201] ? __pfx_perf_tp_event+0x10/0x10
[ 107.167563] ? __local_bh_enable_ip+0xa1/0x110
[ 107.167932] ? selinux_ip_postroute+0x629/0xcd0
[ 107.168322] ? __pfx_selinux_ip_postroute+0x10/0x10
[ 107.168721] ? __pfx___dev_queue_xmit+0x10/0x10
[ 107.169103] ? register_lock_class+0x41/0x560
[ 107.169468] ? __lock_acquire+0x694/0x1b70
[ 107.169815] ? __lock_acquire+0xc65/0x1b70
[ 107.170156] ? __lock_acquire+0x694/0x1b70
[ 107.170501] ? __bfs+0x62/0x240
[ 107.170768] ? perf_trace_run_bpf_submit+0xef/0x180
[ 107.171172] perf_trace_run_bpf_submit+0xef/0x180
[ 107.171569] perf_trace_contention_begin+0x235/0x3e0
[ 107.171978] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 107.172424] ? lock_acquire+0x15e/0x2f0
[ 107.172749] ? find_held_lock+0x2b/0x80
[ 107.173074] ? lock_acquire+0x18c/0x2f0
[ 107.173398] trace_contention_begin+0xae/0x110
[ 107.173778] __mutex_lock+0x14b/0x1020
[ 107.174099] ? mld_ifc_work+0x42/0xb60
[ 107.174419] ? mld_ifc_work+0x42/0xb60
[ 107.174731] ? __update_load_avg_se+0x428/0xa40
[ 107.175115] ? __pfx___mutex_lock+0x10/0x10
[ 107.175474] ? __pfx___perf_event_task_sched_in+0x10/0x10
[ 107.175907] ? lock_is_held_type+0x9e/0x120
[ 107.176258] ? lock_acquire+0x18c/0x2f0
[ 107.176579] ? xfd_validate_state+0x55/0x180
[ 107.176941] ? lock_release+0x1c7/0x290
[ 107.177272] mld_ifc_work+0x42/0xb60
[ 107.177570] ? lock_release+0x1c7/0x290
[ 107.177905] process_one_work+0x8e1/0x19c0
[ 107.178251] ? __pfx_process_one_work+0x10/0x10
[ 107.178625] ? move_linked_works+0x172/0x270
[ 107.178983] ? assign_work+0x196/0x240
[ 107.179304] worker_thread+0x67e/0xe90
[ 107.179621] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.180041] ? __pfx_worker_thread+0x10/0x10
[ 107.180409] kthread+0x3c8/0x740
[ 107.180689] ? __pfx_kthread+0x10/0x10
[ 107.181005] ? ret_from_fork+0x23/0x430
[ 107.181343] ? lock_release+0xc8/0x290
[ 107.181661] ? __pfx_kthread+0x10/0x10
[ 107.181982] ret_from_fork+0x34b/0x430
[ 107.182307] ? __pfx_kthread+0x10/0x10
[ 107.182622] ret_from_fork_asm+0x1a/0x30
[ 107.182959]
[ 107.183147] Modules linked in:
[ 107.187366] ---[ end trace 0000000000000000 ]---
[ 107.187761] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.188142] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.191276] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 107.191711] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.192306] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.192874] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.193459] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.194029] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.194619] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.195276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.195734] CR2: 000055558abd4c18 CR3: 00000000421ec000 CR4: 0000000000350ef0
[ 107.196320] note: kworker/0:2[58] exited with preempt_count 2
[ 107.196874] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#5] SMP KASAN NOPTI
[ 107.197768] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 107.198375] CPU: 0 UID: 0 PID: 288 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.199314] Tainted: [D]=DIE, [W]=WARN
[ 107.199621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.200274] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.200658] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.202093] RSP: 0018:ffff8880171cf6c0 EFLAGS: 00010212
[ 107.202518] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.203085] RDX: ffff888015da3700 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.203649] RBP: ffff8880171cf930 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.204213] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 107.204776] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.205347] FS: 000055556f707400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.205990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.206457] CR2: 000055558abd4c18 CR3: 00000000421ec000 CR4: 0000000000350ef0
[ 107.207025] Call Trace:
[ 107.207242]
[ 107.207424] ? kasan_save_stack+0x34/0x50
[ 107.207764] ? __do_wait+0x218/0x8f0
[ 107.208070] ? __pfx_perf_tp_event+0x10/0x10
[ 107.208436] ? delete_node+0x20e/0x730
[ 107.208754] ? destroy_inode+0x12b/0x1b0
[ 107.209098] ? __radix_tree_delete+0x13e/0x380
[ 107.209474] ? radix_tree_delete_item+0xef/0x230
[ 107.209872] ? lock_acquire+0x18c/0x2f0
[ 107.210196] ? lock_acquire+0x18c/0x2f0
[ 107.210519] ? lock_release+0x1c7/0x290
[ 107.210843] ? __virt_addr_valid+0x100/0x5d0
[ 107.211201] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.211625] ? perf_trace_run_bpf_submit+0xef/0x180
[ 107.212027] perf_trace_run_bpf_submit+0xef/0x180
[ 107.212423] perf_trace_contention_begin+0x235/0x3e0
[ 107.212833] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 107.213274] ? __pfx_release_task+0x10/0x10
[ 107.213619] ? lock_acquire+0x18c/0x2f0
[ 107.213953] ? lock_release+0x1c7/0x290
[ 107.214274] trace_contention_begin+0xae/0x110
[ 107.214648] __mutex_lock+0x14b/0x1020
[ 107.214963] ? anon_pipe_write+0x12a/0x1a80
[ 107.215313] ? anon_pipe_write+0x12a/0x1a80
[ 107.215654] ? avc_has_perm+0x12b/0x1d0
[ 107.215987] ? __pfx___mutex_lock+0x10/0x10
[ 107.216332] ? __pfx_wait_consider_task+0x10/0x10
[ 107.216722] ? lock_acquire+0x18c/0x2f0
[ 107.217048] ? inode_has_perm+0x170/0x1c0
[ 107.217386] anon_pipe_write+0x12a/0x1a80
[ 107.217719] ? lock_release+0x1c7/0x290
[ 107.218052] ? lock_acquire+0x18c/0x2f0
[ 107.218373] ? __pfx_anon_pipe_write+0x10/0x10
[ 107.218742] ? selinux_file_permission+0x99/0x600
[ 107.219136] ? security_file_permission+0x22/0x90
[ 107.219535] vfs_write+0xbe9/0x1150
[ 107.219830] ? __pfx_anon_pipe_write+0x10/0x10
[ 107.220204] ? __pfx_vfs_write+0x10/0x10
[ 107.220533] ? task_mm_cid_work+0x21a/0x840
[ 107.220886] ? __pfx_task_mm_cid_work+0x10/0x10
[ 107.221269] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.221642] ? blkcg_maybe_throttle_current+0x2cc/0xe60
[ 107.222086] ksys_write+0x1ef/0x240
[ 107.222380] ? __pfx_ksys_write+0x10/0x10
[ 107.222718] do_syscall_64+0xbf/0x360
[ 107.223024] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.223438] RIP: 0033:0x7eff7b0095ff
[ 107.223737] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 107.225166] RSP: 002b:00007fff26c87550 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 107.225784] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007eff7b0095ff
[ 107.226347] RDX: 000000000000000c RSI: 00007fff26c87640 RDI: 00000000000000f8
[ 107.226920] RBP: 00007fff26c875dc R08: 0000000000000000 R09: 00007eff7b146000
[ 107.227494] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[ 107.228065] R13: 000000000001a084 R14: 0000000000000003 R15: 00007fff26c87640
[ 107.228642]
[ 107.228836] Modules linked in:
[ 107.234680] ---[ end trace 0000000000000000 ]---
[ 107.235064] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.236046] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.237585] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 107.238032] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.238690] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.239353] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.239942] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.240605] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.241193] FS: 000055556f707400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.241940] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.242504] CR2: 000055558abd4c18 CR3: 00000000421ec000 CR4: 0000000000350ef0
[ 107.243098] note: syz-executor.7[288] exited with preempt_count 2
[ 107.243775] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#6] SMP KASAN NOPTI
[ 107.244687] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 107.245297] CPU: 0 UID: 0 PID: 355 Comm: kworker/u10:4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.246246] Tainted: [D]=DIE, [W]=WARN
[ 107.246560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.247219] Workqueue: events_unbound cfg80211_wiphy_work
[ 107.247671] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.248051] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.249503] RSP: 0018:ffff88800b697700 EFLAGS: 00010212
[ 107.249948] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.250523] RDX: ffff888015f38000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.251093] RBP: ffff88800b697970 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.251661] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 107.252234] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.252807] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.253448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.253925] CR2: 000055558abd4c18 CR3: 0000000041e8d000 CR4: 0000000000350ef0
[ 107.254503] Call Trace:
[ 107.254716]
[ 107.254902] ? __pfx_perf_tp_event+0x10/0x10
[ 107.255275] ? ret_from_fork_asm+0x1a/0x30
[ 107.255625] ? stack_trace_save+0x8e/0xc0
[ 107.255971] ? stack_depot_save_flags+0x2c/0xa20
[ 107.256365] ? kasan_save_stack+0x34/0x50
[ 107.256711] ? kasan_save_stack+0x24/0x50
[ 107.257052] ? kasan_save_track+0x14/0x30
[ 107.257392] ? __kasan_save_free_info+0x3a/0x60
[ 107.257781] ? __kasan_slab_free+0x3f/0x50
[ 107.258131] ? kmem_cache_free+0x2a1/0x540
[ 107.258480] ? kfree_skbmem+0x18a/0x1f0
[ 107.258809] ? sk_skb_reason_drop+0x10e/0x1b0
[ 107.259183] ? perf_trace_run_bpf_submit+0xef/0x180
[ 107.259595] perf_trace_run_bpf_submit+0xef/0x180
[ 107.260001] perf_trace_contention_begin+0x235/0x3e0
[ 107.260421] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 107.260874] ? lock_acquire+0x18c/0x2f0
[ 107.261203] trace_contention_begin+0xae/0x110
[ 107.261579] __mutex_lock+0x14b/0x1020
[ 107.261912] ? cfg80211_wiphy_work+0x7e/0x480
[ 107.262275] ? cfg80211_wiphy_work+0x7e/0x480
[ 107.262650] ? lock_release+0x1c7/0x290
[ 107.262975] ? __pfx___mutex_lock+0x10/0x10
[ 107.263334] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 107.263755] ? xfd_validate_state+0x55/0x180
[ 107.264125] ? __pfx_try_to_wake_up+0x10/0x10
[ 107.264502] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.264933] cfg80211_wiphy_work+0x7e/0x480
[ 107.265293] process_one_work+0x8e1/0x19c0
[ 107.265642] ? __pfx_process_one_work+0x10/0x10
[ 107.266036] ? move_linked_works+0x172/0x270
[ 107.266406] ? assign_work+0x196/0x240
[ 107.266735] worker_thread+0x67e/0xe90
[ 107.267062] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.267488] ? __pfx_worker_thread+0x10/0x10
[ 107.267852] kthread+0x3c8/0x740
[ 107.268143] ? __pfx_kthread+0x10/0x10
[ 107.268464] ? ret_from_fork+0x23/0x430
[ 107.268808] ? lock_release+0xc8/0x290
[ 107.269131] ? __pfx_kthread+0x10/0x10
[ 107.269457] ret_from_fork+0x34b/0x430
[ 107.269793] ? __pfx_kthread+0x10/0x10
[ 107.270117] ret_from_fork_asm+0x1a/0x30
[ 107.270456]
[ 107.270647] Modules linked in:
[ 107.271019] ---[ end trace 0000000000000000 ]---
[ 107.271530] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.271922] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.273457] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 107.273904] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.274588] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.275168] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.275913] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.276568] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.277142] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.277851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.278349] CR2: 000055558abd4c18 CR3: 0000000041e8d000 CR4: 0000000000350ef0
[ 107.278919] note: kworker/u10:4[355] exited with preempt_count 2
[ 107.279914] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#7] SMP KASAN NOPTI
[ 107.280814] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 107.281554] CPU: 0 UID: 0 PID: 176 Comm: rs:main Q:Reg Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.282621] Tainted: [D]=DIE, [W]=WARN
[ 107.282927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.283580] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.283961] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.285406] RSP: 0018:ffff88801724f940 EFLAGS: 00010212
[ 107.285838] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.286403] RDX: ffff888016375280 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.286963] RBP: ffff88801724fbb0 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.287528] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 107.288055] kmemleak: Found object by alias at 0x607f1a639858
[ 107.288073] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.288093] Tainted: [D]=DIE, [W]=WARN
[ 107.288097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.288104] Call Trace:
[ 107.288108]
[ 107.288113] dump_stack_lvl+0xca/0x120
[ 107.288137] __lookup_object+0x94/0xb0
[ 107.288154] delete_object_full+0x27/0x70
[ 107.288169] free_percpu+0x30/0x1160
[ 107.288186] ? arch_uprobe_clear_state+0x16/0x140
[ 107.288209] futex_hash_free+0x38/0xc0
[ 107.288223] mmput+0x2d3/0x390
[ 107.288242] do_exit+0x79d/0x2970
[ 107.288255] ? lock_release+0x1c7/0x290
[ 107.288270] ? __pfx_do_exit+0x10/0x10
[ 107.288282] ? do_raw_spin_lock+0x123/0x260
[ 107.288297] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.288313] do_group_exit+0xd3/0x2a0
[ 107.288326] get_signal+0x2315/0x2340
[ 107.288346] ? __pfx_get_signal+0x10/0x10
[ 107.288362] ? do_futex+0x135/0x370
[ 107.288375] ? __pfx_do_futex+0x10/0x10
[ 107.288387] arch_do_signal_or_restart+0x80/0x790
[ 107.288405] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.288423] ? __x64_sys_futex+0x1c9/0x4d0
[ 107.288437] ? __x64_sys_futex+0x1d2/0x4d0
[ 107.288450] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.288463] ? xfd_validate_state+0x55/0x180
[ 107.288480] ? fput+0x6a/0x100
[ 107.288495] exit_to_user_mode_loop+0x8b/0x110
[ 107.288507] do_syscall_64+0x2f7/0x360
[ 107.288518] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.288531] RIP: 0033:0x7f7aaac95b19
[ 107.288539] Code: Unable to access opcode bytes at 0x7f7aaac95aef.
[ 107.288545] RSP: 002b:00007f7aa820b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.288556] RAX: fffffffffffffe00 RBX: 00007f7aaada8f68 RCX: 00007f7aaac95b19
[ 107.288564] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7aaada8f68
[ 107.288571] RBP: 00007f7aaada8f60 R08: 0000000000000000 R09: 0000000000000000
[ 107.288578] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7aaada8f6c
[ 107.288585] R13: 00007ffedd258c5f R14: 00007f7aa820b300 R15: 0000000000022000
[ 107.288596]
[ 107.288599] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 107.288606] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 107.288613] kmemleak: min_count = 1
[ 107.288616] kmemleak: count = 0
[ 107.288620] kmemleak: flags = 0x21
[ 107.288624] kmemleak: checksum = 0
[ 107.288628] kmemleak: backtrace:
[ 107.288631] pcpu_alloc_noprof+0x87a/0x1170
[ 107.288646] mm_init+0x99b/0x1170
[ 107.288654] copy_process+0x3ab7/0x73c0
[ 107.288663] kernel_clone+0xea/0x7f0
[ 107.288673] __do_sys_clone+0xce/0x120
[ 107.288683] do_syscall_64+0xbf/0x360
[ 107.288691] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.319887] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.321026] FS: 00007f6e25e7c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.322337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.323270] CR2: 00007f6e1c0380d8 CR3: 000000000e81a000 CR4: 0000000000350ef0
[ 107.324430] Call Trace:
[ 107.324849]
[ 107.325224] ? should_fail_alloc_page+0xe8/0x110
[ 107.326013] ? __pfx_perf_tp_event+0x10/0x10
[ 107.326738] ? propagate_protected_usage+0x1bc/0x340
[ 107.327555] ? __pfx_propagate_protected_usage+0x10/0x10
[ 107.328428] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.329267] ? lock_acquire+0x18c/0x2f0
[ 107.329921] ? get_random_u8+0x3ab/0x680
[ 107.330579] ? lock_acquire+0x18c/0x2f0
[ 107.331230] ? lock_release+0x1c7/0x290
[ 107.331869] ? lock_release+0x1c7/0x290
[ 107.332516] ? css_rstat_updated+0x1b8/0x4d0
[ 107.333246] ? perf_trace_run_bpf_submit+0xef/0x180
[ 107.334059] perf_trace_run_bpf_submit+0xef/0x180
[ 107.334848] perf_trace_contention_begin+0x235/0x3e0
[ 107.335666] ? lock_release+0x1c7/0x290
[ 107.336309] ? __pfx_perf_trace_contention_begin+0x10/0x10
[ 107.337192] ? __pfx_lru_add+0x10/0x10
[ 107.337840] ? lock_release+0x1c7/0x290
[ 107.338481] ? lock_acquire+0x18c/0x2f0
[ 107.339119] trace_contention_begin+0xae/0x110
[ 107.339855] __mutex_lock+0x14b/0x1020
[ 107.340494] ? fdget_pos+0x2a8/0x380
[ 107.341110] ? fdget_pos+0x2a8/0x380
[ 107.341712] ? __pfx___handle_mm_fault+0x10/0x10
[ 107.342488] ? css_rstat_updated+0x1b8/0x4d0
[ 107.343213] ? __pfx___mutex_lock+0x10/0x10
[ 107.343909] ? lock_acquire+0x18c/0x2f0
[ 107.344566] ? lock_release+0x1c7/0x290
[ 107.345200] ? __fget_files+0x20d/0x3b0
[ 107.345839] fdget_pos+0x2a8/0x380
[ 107.346410] ksys_write+0x71/0x240
[ 107.346987] ? __pfx_ksys_write+0x10/0x10
[ 107.347643] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.348467] do_syscall_64+0xbf/0x360
[ 107.349078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.349932] RIP: 0033:0x7f6e26cbffef
[ 107.350532] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c fd ff ff 48
[ 107.353373] RSP: 002b:00007f6e25e7b830 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 107.354574] RAX: ffffffffffffffda RBX: 0000000000001000 RCX: 00007f6e26cbffef
[ 107.355693] RDX: 0000000000001000 RSI: 00007f6e1c011370 RDI: 0000000000000007
[ 107.356814] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[ 107.357943] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f6e1c011370
[ 107.359075] R13: 0000000000000000 R14: 0000000000000015 R15: 00007f6e1c0110b0
[ 107.360210]
[ 107.360596] Modules linked in:
[ 107.362817] ---[ end trace 0000000000000000 ]---
[ 107.365926] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.366771] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.369670] RSP: 0018:ffff888017527900 EFLAGS: 00010212
[ 107.370549] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.371698] RDX: ffff888015d18000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.372841] RBP: ffff888017527b70 R08: ffff88806ce31340 R09: ffffe8ffffc16870
[ 107.374001] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.375151] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.376292] FS: 00007f6e25e7c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.377570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.378531] CR2: 00007f6e1c0380d8 CR3: 000000000e81a000 CR4: 0000000000350ef0
[ 107.379725] note: rs:main Q:Reg[176] exited with preempt_count 2
[ 107.396647] kmemleak: Found object by alias at 0x607f1a639854
[ 107.396664] CPU: 1 UID: 0 PID: 288 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.396684] Tainted: [D]=DIE, [W]=WARN
[ 107.396688] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.396696] Call Trace:
[ 107.396699]
[ 107.396704] dump_stack_lvl+0xca/0x120
[ 107.396728] __lookup_object+0x94/0xb0
[ 107.396744] delete_object_full+0x27/0x70
[ 107.396759] free_percpu+0x30/0x1160
[ 107.396775] ? arch_uprobe_clear_state+0x16/0x140
[ 107.396792] futex_hash_free+0x38/0xc0
[ 107.396806] mmput+0x2d3/0x390
[ 107.396823] do_exit+0x79d/0x2970
[ 107.396836] ? _printk+0xbe/0xf0
[ 107.396849] ? __pfx__printk+0x10/0x10
[ 107.396862] ? __pfx_do_exit+0x10/0x10
[ 107.396874] ? __pfx_ksys_write+0x10/0x10
[ 107.396887] make_task_dead+0x174/0x3b0
[ 107.396900] ? do_syscall_64+0xbf/0x360
[ 107.396910] rewind_stack_and_make_dead+0x16/0x20
[ 107.396927] RIP: 0033:0x7eff7b0095ff
[ 107.396935] Code: Unable to access opcode bytes at 0x7eff7b0095d5.
[ 107.396940] RSP: 002b:00007fff26c87550 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 107.396951] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007eff7b0095ff
[ 107.396958] RDX: 000000000000000c RSI: 00007fff26c87640 RDI: 00000000000000f8
[ 107.396965] RBP: 00007fff26c875dc R08: 0000000000000000 R09: 00007eff7b146000
[ 107.396972] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[ 107.396978] R13: 000000000001a084 R14: 0000000000000003 R15: 00007fff26c87640
[ 107.396988]
[ 107.396992] kmemleak: Object (percpu) 0x607f1a639850 (size 16):
[ 107.396999] kmemleak: comm "syz-executor.1", pid 287, jiffies 4294773387
[ 107.397006] kmemleak: min_count = 1
[ 107.397010] kmemleak: count = 0
[ 107.397013] kmemleak: flags = 0x21
[ 107.397017] kmemleak: checksum = 0
[ 107.397021] kmemleak: backtrace:
[ 107.397024] pcpu_alloc_noprof+0x87a/0x1170
[ 107.397038] mm_init+0x99b/0x1170
[ 107.397047] copy_process+0x3ab7/0x73c0
[ 107.397056] kernel_clone+0xea/0x7f0
[ 107.397066] __do_sys_clone+0xce/0x120
[ 107.397075] do_syscall_64+0xbf/0x360
[ 107.397084] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.420900] kmemleak: Found object by alias at 0x607f1a639874
[ 107.420933] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.420971] Tainted: [D]=DIE, [W]=WARN
[ 107.420979] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.420992] Call Trace:
[ 107.420998]
[ 107.421007] dump_stack_lvl+0xca/0x120
[ 107.421047] __lookup_object+0x94/0xb0
[ 107.421077] delete_object_full+0x27/0x70
[ 107.421106] free_percpu+0x30/0x1160
[ 107.421136] ? arch_uprobe_clear_state+0x16/0x140
[ 107.421170] futex_hash_free+0x38/0xc0
[ 107.421196] mmput+0x2d3/0x390
[ 107.421238] do_exit+0x79d/0x2970
[ 107.421262] ? lock_release+0x1c7/0x290
[ 107.421290] ? __pfx_do_exit+0x10/0x10
[ 107.421314] ? do_raw_spin_lock+0x123/0x260
[ 107.421343] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.421374] do_group_exit+0xd3/0x2a0
[ 107.421400] get_signal+0x2315/0x2340
[ 107.421435] ? do_vfs_ioctl+0x125/0x1470
[ 107.421466] ? __pfx_get_signal+0x10/0x10
[ 107.421497] ? do_futex+0x135/0x370
[ 107.421522] ? __pfx_do_futex+0x10/0x10
[ 107.421547] arch_do_signal_or_restart+0x80/0x790
[ 107.421578] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.421609] ? __x64_sys_futex+0x1c9/0x4d0
[ 107.421632] ? __x64_sys_futex+0x1d2/0x4d0
[ 107.421658] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.421683] ? __sys_setsockopt+0x13f/0x1a0
[ 107.421717] exit_to_user_mode_loop+0x8b/0x110
[ 107.421739] do_syscall_64+0x2f7/0x360
[ 107.421771] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.421794] RIP: 0033:0x7f7a4e79bb19
[ 107.421810] Code: Unable to access opcode bytes at 0x7f7a4e79baef.
[ 107.421820] RSP: 002b:00007f7a4bcf0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.421842] RAX: fffffffffffffe00 RBX: 00007f7a4e8af028 RCX: 00007f7a4e79bb19
[ 107.421857] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7a4e8af028
[ 107.421870] RBP: 00007f7a4e8af020 R08: 0000000000000000 R09: 0000000000000000
[ 107.421883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a4e8af02c
[ 107.421897] R13: 00007ffe5ceab9cf R14: 00007f7a4bcf0300 R15: 0000000000022000
[ 107.421917]
[ 107.421924] kmemleak: Object (percpu) 0x607f1a639870 (size 8):
[ 107.421937] kmemleak: comm "syz-executor.1", pid 3936, jiffies 4294773447
[ 107.421951] kmemleak: min_count = 1
[ 107.421958] kmemleak: count = 0
[ 107.421965] kmemleak: flags = 0x21
[ 107.421972] kmemleak: checksum = 0
[ 107.421979] kmemleak: backtrace:
[ 107.421985] pcpu_alloc_noprof+0x87a/0x1170
[ 107.422014] perf_trace_event_init+0x366/0xa10
[ 107.422039] perf_trace_init+0x1a4/0x2f0
[ 107.422061] perf_tp_event_init+0xa6/0x120
[ 107.422091] perf_try_init_event+0x140/0x9f0
[ 107.422116] perf_event_alloc.part.0+0x118e/0x45f0
[ 107.422147] __do_sys_perf_event_open+0x719/0x2c20
[ 107.422171] do_syscall_64+0xbf/0x360
[ 107.422187] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:18:50 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004d8000/0x3000)=nil, 0x2)
08:18:50 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c00)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@broadcast}, @in6=@private0, {@in6=@private2, @in6=@local}, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x134}}, 0x0)
08:18:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgsnd(0x0, 0x0, 0x0, 0x0)
08:18:50 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x25, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x401}, 0x1c)
08:18:50 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)={0x14, 0x52, 0xfffffffffffffcef, 0x0, 0x0, "", [@generic="02"]}, 0x14}], 0x1}, 0x0)
08:18:50 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
08:18:50 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
08:18:50 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3c}, 0x0, @in6=@ipv4}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@multicast2}}, 0xe8)
08:18:50 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c00)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@broadcast}, @in6=@private0, {@in6=@private2, @in6=@local}, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x134}}, 0x0)
08:18:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgsnd(0x0, 0x0, 0x0, 0x0)
08:18:50 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)={0x14, 0x52, 0xfffffffffffffcef, 0x0, 0x0, "", [@generic="02"]}, 0x14}], 0x1}, 0x0)
08:18:50 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004d8000/0x3000)=nil, 0x2)
08:18:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c00)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@broadcast}, @in6=@private0, {@in6=@private2, @in6=@local}, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x134}}, 0x0)
08:18:50 executing program 0:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004d8000/0x3000)=nil, 0x2)
08:18:50 executing program 5:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004d8000/0x3000)=nil, 0x2)
08:18:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c00)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@broadcast}, @in6=@private0, {@in6=@private2, @in6=@local}, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x134}}, 0x0)
08:18:50 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c00)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@broadcast}, @in6=@private0, {@in6=@private2, @in6=@local}, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x134}}, 0x0)
08:18:50 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)={0x14, 0x52, 0xfffffffffffffcef, 0x0, 0x0, "", [@generic="02"]}, 0x14}], 0x1}, 0x0)
08:18:50 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004d8000/0x3000)=nil, 0x2)
08:18:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c00)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@broadcast}, @in6=@private0, {@in6=@private2, @in6=@local}, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x134}}, 0x0)
[ 110.070727] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 110.075053] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 110.080590] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 110.087495] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 110.090828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 112.116250] Bluetooth: hci1: command tx timeout
[ 114.163278] Bluetooth: hci1: command tx timeout
[ 116.211293] Bluetooth: hci1: command tx timeout
VM DIAGNOSIS:
08:18:50 Registers:
info registers vcpu 0
RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880175272d8
R8 =0000000000000000 R9 =ffffed10016d6046 R10=0000000000000062 R11=756b6f6f6c5f5f20
R12=0000000000000062 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fb6744bf8c0 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe6d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cf24000 CR3=000000000d880000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000040000 RBX=ffff88806ce3de00 RCX=ffffc90000801000 RDX=0000000000040000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880176075a8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7ecc025700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5800000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0d954c0050 CR3=000000001e6e5000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffffffffffffffffffff XMM01=30306234386136303638616663356134
XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572
XMM04=da905026ce0d4130000000000014c968 XMM05=d3fdd5f48436fbd700000000000aead0
XMM06=25e02a05fa604c3700000000000ae988 XMM07=00000000000000000000000000000000
XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000
XMM10=20000000000000002000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000