Warning: Permanently added '[localhost]:40420' (ECDSA) to the list of known hosts. 2025/09/01 11:02:39 fuzzer started 2025/09/01 11:02:40 dialing manager at localhost:35473 syzkaller login: [ 59.793599] cgroup: Unknown subsys name 'net' [ 60.013918] cgroup: Unknown subsys name 'cpuset' [ 60.069780] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:02:51 syscalls: 2214 2025/09/01 11:02:51 code coverage: enabled 2025/09/01 11:02:51 comparison tracing: enabled 2025/09/01 11:02:51 extra coverage: enabled 2025/09/01 11:02:51 setuid sandbox: enabled 2025/09/01 11:02:51 namespace sandbox: enabled 2025/09/01 11:02:51 Android sandbox: enabled 2025/09/01 11:02:51 fault injection: enabled 2025/09/01 11:02:51 leak checking: enabled 2025/09/01 11:02:51 net packet injection: enabled 2025/09/01 11:02:51 net device setup: enabled 2025/09/01 11:02:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:02:51 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:02:51 USB emulation: enabled 2025/09/01 11:02:51 hci packet injection: enabled 2025/09/01 11:02:51 wifi device emulation: enabled 2025/09/01 11:02:51 802.15.4 emulation: enabled 2025/09/01 11:02:51 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:02:51 fetching corpus: 50, signal 18238/21821 (executing program) 2025/09/01 11:02:51 fetching corpus: 100, signal 29310/34358 (executing program) 2025/09/01 11:02:51 fetching corpus: 150, signal 39058/45367 (executing program) 2025/09/01 11:02:52 fetching corpus: 200, signal 47629/55030 (executing program) 2025/09/01 11:02:52 fetching corpus: 250, signal 52266/60852 (executing program) 2025/09/01 11:02:52 fetching corpus: 300, signal 59048/68543 (executing program) 2025/09/01 11:02:52 fetching corpus: 350, signal 65667/75975 (executing program) 2025/09/01 11:02:52 fetching corpus: 400, signal 67495/78920 (executing program) 2025/09/01 11:02:52 fetching corpus: 450, signal 69483/81990 (executing program) 2025/09/01 11:02:52 fetching corpus: 500, signal 72578/86000 (executing program) 2025/09/01 11:02:52 fetching corpus: 550, signal 75437/89719 (executing program) 2025/09/01 11:02:52 fetching corpus: 599, signal 78589/93645 (executing program) 2025/09/01 11:02:53 fetching corpus: 649, signal 83660/99106 (executing program) 2025/09/01 11:02:53 fetching corpus: 699, signal 85948/102125 (executing program) 2025/09/01 11:02:53 fetching corpus: 749, signal 88532/105327 (executing program) 2025/09/01 11:02:53 fetching corpus: 799, signal 91015/108378 (executing program) 2025/09/01 11:02:53 fetching corpus: 849, signal 92339/110451 (executing program) 2025/09/01 11:02:53 fetching corpus: 899, signal 93384/112265 (executing program) 2025/09/01 11:02:53 fetching corpus: 949, signal 95134/114618 (executing program) 2025/09/01 11:02:53 fetching corpus: 999, signal 97186/117171 (executing program) 2025/09/01 11:02:53 fetching corpus: 1049, signal 98552/119152 (executing program) 2025/09/01 11:02:53 fetching corpus: 1099, signal 100118/121292 (executing program) 2025/09/01 11:02:54 fetching corpus: 1149, signal 102259/123869 (executing program) 2025/09/01 11:02:54 fetching corpus: 1199, signal 103473/125705 (executing program) 2025/09/01 11:02:54 fetching corpus: 1249, signal 107456/129561 (executing program) 2025/09/01 11:02:54 fetching corpus: 1299, signal 108726/131307 (executing program) 2025/09/01 11:02:54 fetching corpus: 1349, signal 110168/133211 (executing program) 2025/09/01 11:02:54 fetching corpus: 1399, signal 112006/135256 (executing program) 2025/09/01 11:02:54 fetching corpus: 1449, signal 113263/136906 (executing program) 2025/09/01 11:02:54 fetching corpus: 1499, signal 114376/138474 (executing program) 2025/09/01 11:02:54 fetching corpus: 1549, signal 115586/140071 (executing program) 2025/09/01 11:02:54 fetching corpus: 1599, signal 116802/141582 (executing program) 2025/09/01 11:02:55 fetching corpus: 1649, signal 118060/143183 (executing program) 2025/09/01 11:02:55 fetching corpus: 1698, signal 118924/144471 (executing program) 2025/09/01 11:02:55 fetching corpus: 1747, signal 119593/145631 (executing program) 2025/09/01 11:02:55 fetching corpus: 1797, signal 120447/146826 (executing program) 2025/09/01 11:02:55 fetching corpus: 1847, signal 121460/148118 (executing program) 2025/09/01 11:02:55 fetching corpus: 1897, signal 122376/149365 (executing program) 2025/09/01 11:02:55 fetching corpus: 1947, signal 123264/150624 (executing program) 2025/09/01 11:02:55 fetching corpus: 1997, signal 124006/151698 (executing program) 2025/09/01 11:02:55 fetching corpus: 2047, signal 124739/152828 (executing program) 2025/09/01 11:02:55 fetching corpus: 2097, signal 125566/153963 (executing program) 2025/09/01 11:02:55 fetching corpus: 2147, signal 126585/155187 (executing program) 2025/09/01 11:02:55 fetching corpus: 2197, signal 127276/156224 (executing program) 2025/09/01 11:02:56 fetching corpus: 2247, signal 128149/157321 (executing program) 2025/09/01 11:02:56 fetching corpus: 2297, signal 128963/158344 (executing program) 2025/09/01 11:02:56 fetching corpus: 2347, signal 129537/159198 (executing program) 2025/09/01 11:02:56 fetching corpus: 2397, signal 130241/160119 (executing program) 2025/09/01 11:02:56 fetching corpus: 2447, signal 130863/160990 (executing program) 2025/09/01 11:02:56 fetching corpus: 2497, signal 131742/162021 (executing program) 2025/09/01 11:02:56 fetching corpus: 2547, signal 132442/162982 (executing program) 2025/09/01 11:02:56 fetching corpus: 2597, signal 133047/163832 (executing program) 2025/09/01 11:02:56 fetching corpus: 2647, signal 133817/164723 (executing program) 2025/09/01 11:02:56 fetching corpus: 2695, signal 134790/165702 (executing program) 2025/09/01 11:02:56 fetching corpus: 2745, signal 135399/166469 (executing program) 2025/09/01 11:02:57 fetching corpus: 2795, signal 136033/167274 (executing program) 2025/09/01 11:02:57 fetching corpus: 2845, signal 137112/168208 (executing program) 2025/09/01 11:02:57 fetching corpus: 2895, signal 138512/169300 (executing program) 2025/09/01 11:02:57 fetching corpus: 2945, signal 139156/170050 (executing program) 2025/09/01 11:02:57 fetching corpus: 2995, signal 139715/170774 (executing program) 2025/09/01 11:02:57 fetching corpus: 3045, signal 140164/171446 (executing program) 2025/09/01 11:02:57 fetching corpus: 3095, signal 140606/172170 (executing program) 2025/09/01 11:02:57 fetching corpus: 3145, signal 141331/172919 (executing program) 2025/09/01 11:02:57 fetching corpus: 3195, signal 142034/173613 (executing program) 2025/09/01 11:02:57 fetching corpus: 3244, signal 142941/174397 (executing program) 2025/09/01 11:02:58 fetching corpus: 3294, signal 143405/174973 (executing program) 2025/09/01 11:02:58 fetching corpus: 3344, signal 144283/175717 (executing program) 2025/09/01 11:02:58 fetching corpus: 3394, signal 144715/176299 (executing program) 2025/09/01 11:02:58 fetching corpus: 3444, signal 147051/177317 (executing program) 2025/09/01 11:02:58 fetching corpus: 3493, signal 147448/177832 (executing program) 2025/09/01 11:02:58 fetching corpus: 3543, signal 148110/178403 (executing program) 2025/09/01 11:02:58 fetching corpus: 3592, signal 148663/178961 (executing program) 2025/09/01 11:02:58 fetching corpus: 3641, signal 149230/179510 (executing program) 2025/09/01 11:02:58 fetching corpus: 3691, signal 149891/180051 (executing program) 2025/09/01 11:02:58 fetching corpus: 3741, signal 150435/180589 (executing program) 2025/09/01 11:02:59 fetching corpus: 3791, signal 151320/181148 (executing program) 2025/09/01 11:02:59 fetching corpus: 3841, signal 151840/181631 (executing program) 2025/09/01 11:02:59 fetching corpus: 3891, signal 152199/182037 (executing program) 2025/09/01 11:02:59 fetching corpus: 3941, signal 152818/182521 (executing program) 2025/09/01 11:02:59 fetching corpus: 3991, signal 153383/182987 (executing program) 2025/09/01 11:02:59 fetching corpus: 4041, signal 153954/183436 (executing program) 2025/09/01 11:02:59 fetching corpus: 4091, signal 154509/183846 (executing program) 2025/09/01 11:02:59 fetching corpus: 4141, signal 155057/184231 (executing program) 2025/09/01 11:02:59 fetching corpus: 4191, signal 155612/184619 (executing program) 2025/09/01 11:02:59 fetching corpus: 4241, signal 156211/185046 (executing program) 2025/09/01 11:03:00 fetching corpus: 4291, signal 156643/185402 (executing program) 2025/09/01 11:03:00 fetching corpus: 4341, signal 157041/185755 (executing program) 2025/09/01 11:03:00 fetching corpus: 4391, signal 157538/186108 (executing program) 2025/09/01 11:03:00 fetching corpus: 4441, signal 158197/186519 (executing program) 2025/09/01 11:03:00 fetching corpus: 4491, signal 158889/186847 (executing program) 2025/09/01 11:03:00 fetching corpus: 4541, signal 160136/187181 (executing program) 2025/09/01 11:03:00 fetching corpus: 4591, signal 160532/187213 (executing program) 2025/09/01 11:03:00 fetching corpus: 4641, signal 160820/187230 (executing program) 2025/09/01 11:03:00 fetching corpus: 4691, signal 161283/187239 (executing program) 2025/09/01 11:03:00 fetching corpus: 4741, signal 161652/187246 (executing program) 2025/09/01 11:03:00 fetching corpus: 4791, signal 162206/187248 (executing program) 2025/09/01 11:03:01 fetching corpus: 4841, signal 162626/187254 (executing program) 2025/09/01 11:03:01 fetching corpus: 4890, signal 162928/187265 (executing program) 2025/09/01 11:03:01 fetching corpus: 4940, signal 163311/187267 (executing program) 2025/09/01 11:03:01 fetching corpus: 4990, signal 163709/187279 (executing program) 2025/09/01 11:03:01 fetching corpus: 5040, signal 164032/187296 (executing program) 2025/09/01 11:03:01 fetching corpus: 5090, signal 164463/187300 (executing program) 2025/09/01 11:03:01 fetching corpus: 5140, signal 164753/187311 (executing program) 2025/09/01 11:03:01 fetching corpus: 5190, signal 164991/187326 (executing program) 2025/09/01 11:03:01 fetching corpus: 5240, signal 165382/187358 (executing program) 2025/09/01 11:03:01 fetching corpus: 5290, signal 165712/187362 (executing program) 2025/09/01 11:03:01 fetching corpus: 5340, signal 166130/187440 (executing program) 2025/09/01 11:03:01 fetching corpus: 5390, signal 166482/187441 (executing program) 2025/09/01 11:03:02 fetching corpus: 5440, signal 166896/187446 (executing program) 2025/09/01 11:03:02 fetching corpus: 5490, signal 167298/187446 (executing program) 2025/09/01 11:03:02 fetching corpus: 5540, signal 168005/187450 (executing program) 2025/09/01 11:03:02 fetching corpus: 5590, signal 168292/187458 (executing program) 2025/09/01 11:03:02 fetching corpus: 5640, signal 168567/187459 (executing program) 2025/09/01 11:03:02 fetching corpus: 5690, signal 169061/187502 (executing program) 2025/09/01 11:03:02 fetching corpus: 5740, signal 169590/187506 (executing program) 2025/09/01 11:03:02 fetching corpus: 5790, signal 170068/187507 (executing program) 2025/09/01 11:03:02 fetching corpus: 5839, signal 170482/187512 (executing program) 2025/09/01 11:03:02 fetching corpus: 5889, signal 170923/187516 (executing program) 2025/09/01 11:03:02 fetching corpus: 5939, signal 171298/187519 (executing program) 2025/09/01 11:03:02 fetching corpus: 5989, signal 171591/187524 (executing program) 2025/09/01 11:03:03 fetching corpus: 6038, signal 171956/187526 (executing program) 2025/09/01 11:03:03 fetching corpus: 6088, signal 172240/187531 (executing program) 2025/09/01 11:03:03 fetching corpus: 6138, signal 172698/187550 (executing program) 2025/09/01 11:03:03 fetching corpus: 6188, signal 173062/187554 (executing program) 2025/09/01 11:03:03 fetching corpus: 6238, signal 173674/187582 (executing program) 2025/09/01 11:03:03 fetching corpus: 6288, signal 174099/187591 (executing program) 2025/09/01 11:03:03 fetching corpus: 6338, signal 174616/187603 (executing program) 2025/09/01 11:03:03 fetching corpus: 6388, signal 174873/187609 (executing program) 2025/09/01 11:03:03 fetching corpus: 6438, signal 175159/187614 (executing program) 2025/09/01 11:03:03 fetching corpus: 6488, signal 175481/187618 (executing program) 2025/09/01 11:03:03 fetching corpus: 6538, signal 175859/187619 (executing program) 2025/09/01 11:03:03 fetching corpus: 6588, signal 176186/187622 (executing program) 2025/09/01 11:03:04 fetching corpus: 6638, signal 176487/187676 (executing program) 2025/09/01 11:03:04 fetching corpus: 6688, signal 176964/187680 (executing program) 2025/09/01 11:03:04 fetching corpus: 6738, signal 177368/187687 (executing program) 2025/09/01 11:03:04 fetching corpus: 6788, signal 177756/187690 (executing program) 2025/09/01 11:03:04 fetching corpus: 6838, signal 178067/187698 (executing program) 2025/09/01 11:03:04 fetching corpus: 6888, signal 178393/187702 (executing program) 2025/09/01 11:03:04 fetching corpus: 6938, signal 178685/187708 (executing program) 2025/09/01 11:03:04 fetching corpus: 6988, signal 178935/187720 (executing program) 2025/09/01 11:03:04 fetching corpus: 7038, signal 179173/187723 (executing program) 2025/09/01 11:03:04 fetching corpus: 7088, signal 179541/187729 (executing program) 2025/09/01 11:03:04 fetching corpus: 7138, signal 179745/187739 (executing program) 2025/09/01 11:03:04 fetching corpus: 7188, signal 180011/187758 (executing program) 2025/09/01 11:03:05 fetching corpus: 7237, signal 180175/187759 (executing program) 2025/09/01 11:03:05 fetching corpus: 7286, signal 180496/187786 (executing program) 2025/09/01 11:03:05 fetching corpus: 7336, signal 180713/187793 (executing program) 2025/09/01 11:03:05 fetching corpus: 7386, signal 181162/187801 (executing program) 2025/09/01 11:03:05 fetching corpus: 7436, signal 181474/187804 (executing program) 2025/09/01 11:03:05 fetching corpus: 7486, signal 181722/187881 (executing program) 2025/09/01 11:03:05 fetching corpus: 7536, signal 182132/187912 (executing program) 2025/09/01 11:03:05 fetching corpus: 7586, signal 182418/187932 (executing program) 2025/09/01 11:03:05 fetching corpus: 7635, signal 182611/187939 (executing program) 2025/09/01 11:03:05 fetching corpus: 7685, signal 182939/187949 (executing program) 2025/09/01 11:03:05 fetching corpus: 7735, signal 183348/187966 (executing program) 2025/09/01 11:03:05 fetching corpus: 7785, signal 183669/187966 (executing program) 2025/09/01 11:03:06 fetching corpus: 7835, signal 183901/187972 (executing program) 2025/09/01 11:03:06 fetching corpus: 7885, signal 184182/188013 (executing program) 2025/09/01 11:03:06 fetching corpus: 7935, signal 184531/188028 (executing program) 2025/09/01 11:03:06 fetching corpus: 7984, signal 184871/188044 (executing program) 2025/09/01 11:03:06 fetching corpus: 8034, signal 185143/188052 (executing program) 2025/09/01 11:03:06 fetching corpus: 8083, signal 185435/188064 (executing program) 2025/09/01 11:03:06 fetching corpus: 8108, signal 185522/188067 (executing program) 2025/09/01 11:03:06 fetching corpus: 8108, signal 185522/188067 (executing program) 2025/09/01 11:03:08 starting 8 fuzzer processes 11:03:08 executing program 0: r0 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40000000) 11:03:08 executing program 1: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000080)={r0}, &(0x7f00000000c0)={'enc=', 'pkcs1', ' hash=', {'sha3-512\x00'}}, 0x0, 0x0) 11:03:08 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000040)="bbb2066b091d42e0", 0x8, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) 11:03:08 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000000c40)={'#! ', './file0', [], 0xa, "a7e987e221795cfdadbb39dc7cf2e00799ceeef28f1cdca9ea953aceb227fcd51aa6b4c3cdafbdac8ce344b9b542cd818b956f51ffbd65a86e7d65fb3db72bf244d27018f5e4b030a20a6b380dfd4ac51d684491b403729005c0d2c1b9fd73606a947674f60e032b9a9508b6319273149c63ccfd9ac8937a78beab7fe8aff432870adb8e29e0df7ffe582695f29d41cecc92354525322d9829db97e90fecb92c25d00f2e2f0e0ba660dd99140be7957fa23a9c6f193854785c6b73c37eabf286ca99a98a4ca3a474f4c61dd794397877b975ef2a29b2482ae4b853f17ad5401d9bf3f29285e93bd2b4a7db68c4532451352b594fd56d759234404c5d874be5cd83190efb6e44dd428bde916f76b1b4447f64467a5e0169b8e57b8454c2e071ba726ee50ca46df7c975b243a2da78b55813e370a435900c899166f1ec047002e442af547f284eb689c7fb44f44ef7e9da313fdb11d54a4ede88e9321264e52ed2fba0434363ce8d2a8584c9bb744f3a7119a6d416797552860b3c5949321ef764f7d74713a202009fd8af97d6648b1fd099bf5ed4f09dbd6fa0d1c65d6ced20246e96e964655dcc798a395895e8f10087226dcb1c162dbacb84d39332056b54aec078108403336f6f2cfb48734c0b9798e96c0019cfc315debf86526b7ee871980b2c74ed07e24d5bd00afd0457b52b6b390b2e3325bff4d644653b9ecea93b2dcc0d20f2139bf6dfd061e6957817d54827f4efe9be9cdb8ea14c63c332085cfc0f45b68a5f42d68bea1b9509d16c5c63c7e9f7f3f8fd024c4d1f06ff6e11c44bf085c1198fecded6da0a538e3d89cd0f26cbd069f1cce052d7beeed8492ed99eaa40518159e461f34adf0d30ff74785dba0b3c02000000c78d64b53cef821f68fbdd90da891a36fb6d6f4ea1449a2195f67c9d1b8b7bd532b2d972097a6925308d3387acb8ff7d68747e3171f6b736260f0f1646a7cf88385148890c8afdc1deee57dbef7bfa56e725c1ca4c7f1728e9abd05dc72037111eb7bd3d590c16e279376bbdc32a2a28c4599b4817d593025888e12bfbbb400945ab460462984f7e0eb95d7c536d5f12c05f95ca9964dd84b9b223dbc5db7da8f88625c18de06e1895c806c05cb3a4c55feee9b12336cc50ef1c2e29e0e80e7ab0de210e197ead2d9c609b4191592d3f02ca23ebccf22ad2475ec99f5c1aca70455a6f9a089b8a36c70c4655beb3ac520d4a2cd4e4ee9bd16720f29523333b174c5dc27ed4350584e74b712e3a0e4bd6accff8b934643d39a92ff72185288104112dad4b5f778ee9001edfafb08070a9a82d521cb56d56f74fb511fc4321073aee821b5247ea6c09bd314c695f79c5c7ed2f288f9caf8dfd60b79eeeb254064fd15117d5c263aad597897c750027a9b11fbd6fa7a2be6ae35c0470c452ac1c2ab0e7c766642e024ecddddb745e212794b70624578965ccbeed3ab4a6efa079f6aaa9cc95e46827f3637939754643c4ee4003b39aaf94c3bc7466d204c5b368cf3098fa17e448f6c02633826ac7af9249a77ceb42012d19a30d6de500000000000000bf12d48b8e0561e9aa2d638e23276c55a0252568de61c2b227db5e8f1f08b6d53290ec8d02503a3ddc8a6e728ac963ed02aef7c1b9648812acadbf0efff233a8a168b0dc3db8e9a6acbe4449dfbe0000000000000000579d612b107911241eb1325f7540d9bbaf9fada3c37dbf877edec5a3c2a81ff8b23592134229b97c95359d52ae341911ff60de2f9b336c0000000000000000000000000000000035f36fcce4f28ac233a3c1b4e0f9a629b20949dae7ccb04684c49b20e511c6313ea040aec0f4fa1e15abb9b087f18ef22ba3761e744cdbe7a9ea143b7ee7a93c3145b0ed70d33529bc1b0cc7e83b64cc235451179029f0b4e2e83a739103125be0e1f8a63bee7c725489659bb75000e305a3ccfeeaa488684ab77f300f28a4a409a400c24737757322bdd0cc0c0090d5bf43add45204c5aaa8180ce24b28c0b285ee8f345caceb5d05325bba10c1b5307c44ff625250d7ecce7e32922a4db880a3363bf5740c8e631e5063334fd8b0628b307543e59e273cf16da502e715bd738e6edba0a1550263a726a7c4edbf89"}, 0x5f0) [ 86.936510] audit: type=1400 audit(1756724588.879:7): avc: denied { execmem } for pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:03:08 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) lstat(&(0x7f00000041c0)='./file0\x00', &(0x7f0000004200)) 11:03:08 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chroot(&(0x7f0000000680)='./file0/../file0\x00') creat(&(0x7f0000000200)='./file0/../file0\x00', 0x0) 11:03:08 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)) io_setup(0x0, &(0x7f0000000040)) 11:03:08 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000400)={&(0x7f0000000100), 0x7, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c}, 0x4c}}, 0x0) [ 88.168537] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.170054] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.172803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.174148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.175853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.177264] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.185078] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.187934] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.189735] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.193093] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.257272] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.269012] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.276541] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.287010] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.289411] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.327637] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.346557] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.350116] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.373972] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.386010] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.407629] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.409424] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.412252] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.415077] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.420505] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.425139] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.446460] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.448413] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.456530] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.457962] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.460046] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.464565] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 88.464949] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.467355] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.468927] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.480897] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.482920] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.485242] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.519603] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.541091] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.227146] Bluetooth: hci0: command tx timeout [ 90.227327] Bluetooth: hci1: command tx timeout [ 90.356073] Bluetooth: hci2: command tx timeout [ 90.482844] Bluetooth: hci5: command tx timeout [ 90.482884] Bluetooth: hci6: command tx timeout [ 90.546773] Bluetooth: hci7: command tx timeout [ 90.547318] Bluetooth: hci3: command tx timeout [ 90.612740] Bluetooth: hci4: command tx timeout [ 92.274774] Bluetooth: hci0: command tx timeout [ 92.275846] Bluetooth: hci1: command tx timeout [ 92.402733] Bluetooth: hci2: command tx timeout [ 92.530884] Bluetooth: hci6: command tx timeout [ 92.530954] Bluetooth: hci5: command tx timeout [ 92.595882] Bluetooth: hci3: command tx timeout [ 92.595918] Bluetooth: hci7: command tx timeout [ 92.659826] Bluetooth: hci4: command tx timeout [ 94.322784] Bluetooth: hci1: command tx timeout [ 94.322885] Bluetooth: hci0: command tx timeout [ 94.451816] Bluetooth: hci2: command tx timeout [ 94.579757] Bluetooth: hci5: command tx timeout [ 94.579788] Bluetooth: hci6: command tx timeout [ 94.644803] Bluetooth: hci3: command tx timeout [ 94.645214] Bluetooth: hci7: command tx timeout [ 94.706807] Bluetooth: hci4: command tx timeout [ 96.371648] Bluetooth: hci0: command tx timeout [ 96.371750] Bluetooth: hci1: command tx timeout [ 96.498750] Bluetooth: hci2: command tx timeout [ 96.626754] Bluetooth: hci5: command tx timeout [ 96.626796] Bluetooth: hci6: command tx timeout [ 96.691890] Bluetooth: hci7: command tx timeout [ 96.691909] Bluetooth: hci3: command tx timeout [ 96.754741] Bluetooth: hci4: command tx timeout [ 125.154332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.155009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.320142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.321214] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.481495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.482138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.707789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.709158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.898292] audit: type=1400 audit(1756724627.842:8): avc: denied { open } for pid=3772 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.911042] audit: type=1400 audit(1756724627.842:9): avc: denied { kernel } for pid=3772 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:03:47 executing program 7: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000007ec0)=[{{0x0, 0x0, &(0x7f00000026c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) 11:03:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000001b00)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x11}}}}}}}, 0x0) 11:03:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000001b00)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x11}}}}}}}, 0x0) 11:03:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000001b00)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x11}}}}}}}, 0x0) 11:03:48 executing program 4: r0 = gettid() perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0xf) [ 126.484085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.485792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:03:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000001b00)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x11}}}}}}}, 0x0) [ 126.590328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.591009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:03:48 executing program 4: prctl$PR_GET_PDEATHSIG(0x21, &(0x7f0000001400)) 11:03:48 executing program 4: prctl$PR_GET_PDEATHSIG(0x21, &(0x7f0000001400)) [ 127.041984] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.042613] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.127481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.128083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.299469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.300134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.352368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.352977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.432990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.433593] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.536747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.537377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.152869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.154018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.219925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.220808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.249823] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.250437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.283429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.284028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:03:50 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]}) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:03:50 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0xc0189436, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x117, 0x0}) 11:03:50 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00') write$tcp_mem(r0, &(0x7f00000000c0)={0xfffffffffffffffd}, 0x48) 11:03:50 executing program 4: prctl$PR_GET_PDEATHSIG(0x21, &(0x7f0000001400)) 11:03:50 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000400)={&(0x7f0000000100), 0x7, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c}, 0x4c}}, 0x0) 11:03:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000000c40)={'#! ', './file0', [], 0xa, "a7e987e221795cfdadbb39dc7cf2e00799ceeef28f1cdca9ea953aceb227fcd51aa6b4c3cdafbdac8ce344b9b542cd818b956f51ffbd65a86e7d65fb3db72bf244d27018f5e4b030a20a6b380dfd4ac51d684491b403729005c0d2c1b9fd73606a947674f60e032b9a9508b6319273149c63ccfd9ac8937a78beab7fe8aff432870adb8e29e0df7ffe582695f29d41cecc92354525322d9829db97e90fecb92c25d00f2e2f0e0ba660dd99140be7957fa23a9c6f193854785c6b73c37eabf286ca99a98a4ca3a474f4c61dd794397877b975ef2a29b2482ae4b853f17ad5401d9bf3f29285e93bd2b4a7db68c4532451352b594fd56d759234404c5d874be5cd83190efb6e44dd428bde916f76b1b4447f64467a5e0169b8e57b8454c2e071ba726ee50ca46df7c975b243a2da78b55813e370a435900c899166f1ec047002e442af547f284eb689c7fb44f44ef7e9da313fdb11d54a4ede88e9321264e52ed2fba0434363ce8d2a8584c9bb744f3a7119a6d416797552860b3c5949321ef764f7d74713a202009fd8af97d6648b1fd099bf5ed4f09dbd6fa0d1c65d6ced20246e96e964655dcc798a395895e8f10087226dcb1c162dbacb84d39332056b54aec078108403336f6f2cfb48734c0b9798e96c0019cfc315debf86526b7ee871980b2c74ed07e24d5bd00afd0457b52b6b390b2e3325bff4d644653b9ecea93b2dcc0d20f2139bf6dfd061e6957817d54827f4efe9be9cdb8ea14c63c332085cfc0f45b68a5f42d68bea1b9509d16c5c63c7e9f7f3f8fd024c4d1f06ff6e11c44bf085c1198fecded6da0a538e3d89cd0f26cbd069f1cce052d7beeed8492ed99eaa40518159e461f34adf0d30ff74785dba0b3c02000000c78d64b53cef821f68fbdd90da891a36fb6d6f4ea1449a2195f67c9d1b8b7bd532b2d972097a6925308d3387acb8ff7d68747e3171f6b736260f0f1646a7cf88385148890c8afdc1deee57dbef7bfa56e725c1ca4c7f1728e9abd05dc72037111eb7bd3d590c16e279376bbdc32a2a28c4599b4817d593025888e12bfbbb400945ab460462984f7e0eb95d7c536d5f12c05f95ca9964dd84b9b223dbc5db7da8f88625c18de06e1895c806c05cb3a4c55feee9b12336cc50ef1c2e29e0e80e7ab0de210e197ead2d9c609b4191592d3f02ca23ebccf22ad2475ec99f5c1aca70455a6f9a089b8a36c70c4655beb3ac520d4a2cd4e4ee9bd16720f29523333b174c5dc27ed4350584e74b712e3a0e4bd6accff8b934643d39a92ff72185288104112dad4b5f778ee9001edfafb08070a9a82d521cb56d56f74fb511fc4321073aee821b5247ea6c09bd314c695f79c5c7ed2f288f9caf8dfd60b79eeeb254064fd15117d5c263aad597897c750027a9b11fbd6fa7a2be6ae35c0470c452ac1c2ab0e7c766642e024ecddddb745e212794b70624578965ccbeed3ab4a6efa079f6aaa9cc95e46827f3637939754643c4ee4003b39aaf94c3bc7466d204c5b368cf3098fa17e448f6c02633826ac7af9249a77ceb42012d19a30d6de500000000000000bf12d48b8e0561e9aa2d638e23276c55a0252568de61c2b227db5e8f1f08b6d53290ec8d02503a3ddc8a6e728ac963ed02aef7c1b9648812acadbf0efff233a8a168b0dc3db8e9a6acbe4449dfbe0000000000000000579d612b107911241eb1325f7540d9bbaf9fada3c37dbf877edec5a3c2a81ff8b23592134229b97c95359d52ae341911ff60de2f9b336c0000000000000000000000000000000035f36fcce4f28ac233a3c1b4e0f9a629b20949dae7ccb04684c49b20e511c6313ea040aec0f4fa1e15abb9b087f18ef22ba3761e744cdbe7a9ea143b7ee7a93c3145b0ed70d33529bc1b0cc7e83b64cc235451179029f0b4e2e83a739103125be0e1f8a63bee7c725489659bb75000e305a3ccfeeaa488684ab77f300f28a4a409a400c24737757322bdd0cc0c0090d5bf43add45204c5aaa8180ce24b28c0b285ee8f345caceb5d05325bba10c1b5307c44ff625250d7ecce7e32922a4db880a3363bf5740c8e631e5063334fd8b0628b307543e59e273cf16da502e715bd738e6edba0a1550263a726a7c4edbf89"}, 0x5f0) 11:03:50 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) write$P9_RATTACH(r0, 0x0, 0x0) 11:03:50 executing program 0: r0 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40000000) 11:03:50 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00') write$tcp_mem(r0, &(0x7f00000000c0)={0xfffffffffffffffd}, 0x48) 11:03:50 executing program 4: prctl$PR_GET_PDEATHSIG(0x21, &(0x7f0000001400)) 11:03:50 executing program 0: r0 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40000000) 11:03:50 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]}) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:03:50 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000000)=0x9, 0x4) 11:03:50 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000400)={&(0x7f0000000100), 0x7, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c}, 0x4c}}, 0x0) 11:03:50 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f00000000c0)={0x22, 0x31, 0x8, 0x1e, 0xb, 0xc8, 0x6}) 11:03:50 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00') write$tcp_mem(r0, &(0x7f00000000c0)={0xfffffffffffffffd}, 0x48) 11:03:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000000c40)={'#! ', './file0', [], 0xa, "a7e987e221795cfdadbb39dc7cf2e00799ceeef28f1cdca9ea953aceb227fcd51aa6b4c3cdafbdac8ce344b9b542cd818b956f51ffbd65a86e7d65fb3db72bf244d27018f5e4b030a20a6b380dfd4ac51d684491b403729005c0d2c1b9fd73606a947674f60e032b9a9508b6319273149c63ccfd9ac8937a78beab7fe8aff432870adb8e29e0df7ffe582695f29d41cecc92354525322d9829db97e90fecb92c25d00f2e2f0e0ba660dd99140be7957fa23a9c6f193854785c6b73c37eabf286ca99a98a4ca3a474f4c61dd794397877b975ef2a29b2482ae4b853f17ad5401d9bf3f29285e93bd2b4a7db68c4532451352b594fd56d759234404c5d874be5cd83190efb6e44dd428bde916f76b1b4447f64467a5e0169b8e57b8454c2e071ba726ee50ca46df7c975b243a2da78b55813e370a435900c899166f1ec047002e442af547f284eb689c7fb44f44ef7e9da313fdb11d54a4ede88e9321264e52ed2fba0434363ce8d2a8584c9bb744f3a7119a6d416797552860b3c5949321ef764f7d74713a202009fd8af97d6648b1fd099bf5ed4f09dbd6fa0d1c65d6ced20246e96e964655dcc798a395895e8f10087226dcb1c162dbacb84d39332056b54aec078108403336f6f2cfb48734c0b9798e96c0019cfc315debf86526b7ee871980b2c74ed07e24d5bd00afd0457b52b6b390b2e3325bff4d644653b9ecea93b2dcc0d20f2139bf6dfd061e6957817d54827f4efe9be9cdb8ea14c63c332085cfc0f45b68a5f42d68bea1b9509d16c5c63c7e9f7f3f8fd024c4d1f06ff6e11c44bf085c1198fecded6da0a538e3d89cd0f26cbd069f1cce052d7beeed8492ed99eaa40518159e461f34adf0d30ff74785dba0b3c02000000c78d64b53cef821f68fbdd90da891a36fb6d6f4ea1449a2195f67c9d1b8b7bd532b2d972097a6925308d3387acb8ff7d68747e3171f6b736260f0f1646a7cf88385148890c8afdc1deee57dbef7bfa56e725c1ca4c7f1728e9abd05dc72037111eb7bd3d590c16e279376bbdc32a2a28c4599b4817d593025888e12bfbbb400945ab460462984f7e0eb95d7c536d5f12c05f95ca9964dd84b9b223dbc5db7da8f88625c18de06e1895c806c05cb3a4c55feee9b12336cc50ef1c2e29e0e80e7ab0de210e197ead2d9c609b4191592d3f02ca23ebccf22ad2475ec99f5c1aca70455a6f9a089b8a36c70c4655beb3ac520d4a2cd4e4ee9bd16720f29523333b174c5dc27ed4350584e74b712e3a0e4bd6accff8b934643d39a92ff72185288104112dad4b5f778ee9001edfafb08070a9a82d521cb56d56f74fb511fc4321073aee821b5247ea6c09bd314c695f79c5c7ed2f288f9caf8dfd60b79eeeb254064fd15117d5c263aad597897c750027a9b11fbd6fa7a2be6ae35c0470c452ac1c2ab0e7c766642e024ecddddb745e212794b70624578965ccbeed3ab4a6efa079f6aaa9cc95e46827f3637939754643c4ee4003b39aaf94c3bc7466d204c5b368cf3098fa17e448f6c02633826ac7af9249a77ceb42012d19a30d6de500000000000000bf12d48b8e0561e9aa2d638e23276c55a0252568de61c2b227db5e8f1f08b6d53290ec8d02503a3ddc8a6e728ac963ed02aef7c1b9648812acadbf0efff233a8a168b0dc3db8e9a6acbe4449dfbe0000000000000000579d612b107911241eb1325f7540d9bbaf9fada3c37dbf877edec5a3c2a81ff8b23592134229b97c95359d52ae341911ff60de2f9b336c0000000000000000000000000000000035f36fcce4f28ac233a3c1b4e0f9a629b20949dae7ccb04684c49b20e511c6313ea040aec0f4fa1e15abb9b087f18ef22ba3761e744cdbe7a9ea143b7ee7a93c3145b0ed70d33529bc1b0cc7e83b64cc235451179029f0b4e2e83a739103125be0e1f8a63bee7c725489659bb75000e305a3ccfeeaa488684ab77f300f28a4a409a400c24737757322bdd0cc0c0090d5bf43add45204c5aaa8180ce24b28c0b285ee8f345caceb5d05325bba10c1b5307c44ff625250d7ecce7e32922a4db880a3363bf5740c8e631e5063334fd8b0628b307543e59e273cf16da502e715bd738e6edba0a1550263a726a7c4edbf89"}, 0x5f0) 11:03:50 executing program 0: r0 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40000000) 11:03:50 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000080)) 11:03:50 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]}) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:03:50 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') unlinkat(r0, &(0x7f0000000400)='./file0\x00', 0x0) 11:03:50 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000001240)=[{&(0x7f0000010000)="eb", 0x1}], 0x8000, &(0x7f0000000040)=ANY=[]) 11:03:50 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000400)={&(0x7f0000000100), 0x7, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c}, 0x4c}}, 0x0) 11:03:50 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00') write$tcp_mem(r0, &(0x7f00000000c0)={0xfffffffffffffffd}, 0x48) 11:03:50 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) copy_file_range(r0, &(0x7f0000000000)=0xfffffffffffffffa, r0, 0x0, 0x0, 0x0) [ 128.734178] kmemleak: Found object by alias at 0x607f1a63e054 [ 128.734200] CPU: 1 UID: 0 PID: 3957 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.734219] Tainted: [W]=WARN [ 128.734223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.734230] Call Trace: [ 128.734235] [ 128.734240] dump_stack_lvl+0xca/0x120 [ 128.734267] __lookup_object+0x94/0xb0 [ 128.734284] delete_object_full+0x27/0x70 [ 128.734301] free_percpu+0x30/0x1160 [ 128.734318] ? arch_uprobe_clear_state+0x16/0x140 [ 128.734339] futex_hash_free+0x38/0xc0 [ 128.734353] mmput+0x2d3/0x390 [ 128.734373] do_exit+0x79d/0x2970 [ 128.734386] ? signal_wake_up_state+0x85/0x120 [ 128.734402] ? zap_other_threads+0x2b9/0x3a0 [ 128.734418] ? __pfx_do_exit+0x10/0x10 [ 128.734431] ? do_group_exit+0x1c3/0x2a0 [ 128.734445] ? lock_release+0xc8/0x290 [ 128.734463] do_group_exit+0xd3/0x2a0 [ 128.734478] __x64_sys_exit_group+0x3e/0x50 [ 128.734492] x64_sys_call+0x18c5/0x18d0 [ 128.734508] do_syscall_64+0xbf/0x360 [ 128.734521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.734532] RIP: 0033:0x7f2e00b4ab19 [ 128.734541] Code: Unable to access opcode bytes at 0x7f2e00b4aaef. [ 128.734547] RSP: 002b:00007ffd0da56198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.734559] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f2e00b4ab19 [ 128.734566] RDX: 00007f2e00afd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.734573] RBP: 0000000000000000 R08: 0000001b2db221d4 R09: 0000000000000000 [ 128.734580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.734587] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd0da56280 [ 128.734602] [ 128.734606] kmemleak: Object (percpu) 0x607f1a63e050 (size 8): [ 128.734613] kmemleak: comm "syz-executor.4", pid 3971, jiffies 4294795622 [ 128.734620] kmemleak: min_count = 1 [ 128.734624] kmemleak: count = 0 [ 128.734627] kmemleak: flags = 0x21 [ 128.734631] kmemleak: checksum = 0 [ 128.734635] kmemleak: backtrace: [ 128.734639] pcpu_alloc_noprof+0x87a/0x1170 [ 128.734654] __alloc_workqueue+0x74b/0x1820 [ 128.734673] alloc_workqueue_noprof+0xc7/0x200 [ 128.734687] loop_configure+0xf73/0x1590 [ 128.734702] lo_ioctl+0x66d/0x1c70 [ 128.734715] blkdev_ioctl+0x27c/0x6c0 [ 128.734726] __x64_sys_ioctl+0x18f/0x210 [ 128.734742] do_syscall_64+0xbf/0x360 [ 128.734752] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:03:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f00000000c0)='ext4\x00', 0x0) readv(r0, &(0x7f00000022c0)=[{&(0x7f0000000180)=""/33, 0x21}], 0x1) 11:03:50 executing program 1: setresuid(0x0, 0xee01, 0x0) r0 = semget$private(0x0, 0x5, 0x0) semctl$SETALL(r0, 0x0, 0x11, 0x0) [ 128.779406] kmemleak: Cannot insert 0x607f1a63e054 into the object search tree (overlaps existing) [ 128.779425] CPU: 0 UID: 0 PID: 3971 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.779444] Tainted: [W]=WARN [ 128.779448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.779455] Call Trace: [ 128.779459] [ 128.779464] dump_stack_lvl+0xca/0x120 [ 128.779490] __link_object+0x190/0x210 [ 128.779510] __create_object+0x48/0x80 [ 128.779528] pcpu_alloc_noprof+0x87a/0x1170 [ 128.779554] __percpu_init_rwsem+0x2d/0x160 [ 128.779572] ? security_sb_alloc+0x75/0x140 [ 128.779590] alloc_super+0x29e/0xb80 [ 128.779605] ? __pfx_super_s_dev_test+0x10/0x10 [ 128.779623] sget_fc+0xfe/0xb80 [ 128.779635] ? __pfx_super_s_dev_set+0x10/0x10 [ 128.779654] get_tree_bdev_flags+0x1b8/0x620 [ 128.779665] ? __pfx_vfat_fill_super+0x10/0x10 [ 128.779679] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 128.779696] ? cap_capable+0xdb/0x3b0 [ 128.779713] ? security_capable+0x2f/0x90 [ 128.779729] vfs_get_tree+0x93/0x340 [ 128.779747] path_mount+0x132d/0x1dd0 [ 128.779763] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.779778] ? __pfx_path_mount+0x10/0x10 [ 128.779791] ? kmem_cache_free+0x2a1/0x540 [ 128.779803] ? putname.part.0+0x11b/0x160 [ 128.779821] ? getname_flags.part.0+0x1c6/0x540 [ 128.779839] ? putname.part.0+0x11b/0x160 [ 128.779857] __x64_sys_mount+0x27b/0x300 [ 128.779871] ? __pfx___x64_sys_mount+0x10/0x10 [ 128.779890] do_syscall_64+0xbf/0x360 [ 128.779903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.779916] RIP: 0033:0x7fd5980ca04a [ 128.779926] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.779937] RSP: 002b:00007fd59563dfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.779949] RAX: ffffffffffffffda RBX: 0000000020001240 RCX: 00007fd5980ca04a [ 128.779957] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fd59563e000 [ 128.779964] RBP: 00007fd59563e040 R08: 00007fd59563e040 R09: 0000000020000000 [ 128.779971] R10: 0000000000008000 R11: 0000000000000206 R12: 0000000020000000 [ 128.779978] R13: 0000000020000100 R14: 00007fd59563e000 R15: 0000000020000040 [ 128.779994] [ 128.780284] kmemleak: Kernel memory leak detector disabled [ 128.780289] kmemleak: Object (percpu) 0x607f1a63e050 (size 8): [ 128.780296] kmemleak: comm "syz-executor.4", pid 3971, jiffies 4294795622 [ 128.780303] kmemleak: min_count = 1 [ 128.780307] kmemleak: count = 0 [ 128.780311] kmemleak: flags = 0x21 [ 128.780315] kmemleak: checksum = 0 [ 128.780319] kmemleak: backtrace: [ 128.780322] pcpu_alloc_noprof+0x87a/0x1170 [ 128.780339] __alloc_workqueue+0x74b/0x1820 [ 128.780358] alloc_workqueue_noprof+0xc7/0x200 [ 128.780368] loop_configure+0xf73/0x1590 [ 128.780384] lo_ioctl+0x66d/0x1c70 [ 128.780397] blkdev_ioctl+0x27c/0x6c0 [ 128.780408] __x64_sys_ioctl+0x18f/0x210 [ 128.780425] do_syscall_64+0xbf/0x360 [ 128.780434] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:03:50 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]}) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 128.805534] Oops: general protection fault, probably for non-canonical address 0xdffffc0002ec0860: 0000 [#1] SMP KASAN NOPTI [ 128.806409] KASAN: probably user-memory-access in range [0x0000000017604300-0x0000000017604307] [ 128.807046] CPU: 0 UID: 0 PID: 3971 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.807926] Tainted: [W]=WARN [ 128.808746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.810486] RIP: 0010:__queue_work+0x202/0x1240 [ 128.811487] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 128.815968] RSP: 0018:ffff88800f0173f0 EFLAGS: 00010016 [ 128.816363] RAX: 0000000002ec0860 RBX: ffff88800c7ace18 RCX: ffffc90009457000 [ 128.816886] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 128.817409] RBP: 0000000017604300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 128.817931] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 128.818458] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044c98800 [ 128.818983] FS: 00007fd59563e700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 128.819582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.820009] CR2: 00007fdc70036068 CR3: 000000001e351000 CR4: 0000000000350ef0 [ 128.820532] Call Trace: [ 128.820726] [ 128.820900] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.821255] queue_work_on+0xd0/0xe0 [ 128.821539] loop_queue_rq+0x5c8/0x1180 [ 128.821841] __blk_mq_issue_directly+0xd5/0x260 [ 128.822195] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 128.822586] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 128.822985] blk_mq_request_issue_directly+0x11c/0x1e0 [ 128.823371] blk_mq_issue_direct+0x192/0x640 [ 128.823713] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 128.824106] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 128.824455] ? read_tsc+0x9/0x20 [ 128.824716] ? ktime_get+0x16d/0x270 [ 128.824999] ? trace_block_plug+0x149/0x1b0 [ 128.825323] ? blk_add_rq_to_plug+0x234/0x550 [ 128.825659] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 128.826044] ? blk_mq_submit_bio+0x4fd/0x2220 [ 128.826381] __blk_flush_plug+0x25c/0x460 [ 128.826690] ? __pfx___blk_flush_plug+0x10/0x10 [ 128.827036] ? bio_associate_blkg_from_css+0x4fe/0x1380 [ 128.827447] __submit_bio+0x480/0x5b0 [ 128.827732] ? __pfx___submit_bio+0x10/0x10 [ 128.828053] ? read_tsc+0x9/0x20 [ 128.828314] ? ktime_get+0x16d/0x270 [ 128.828596] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 128.828962] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 128.829364] submit_bio_noacct+0x359/0x1350 [ 128.829686] __bread_gfp+0x18b/0x3c0 [ 128.829970] fat_fill_super+0x5e1/0x3fd0 [ 128.830283] ? __pfx_setup+0x10/0x10 [ 128.830563] ? __pfx_fat_fill_super+0x10/0x10 [ 128.830905] ? snprintf+0xbe/0x100 [ 128.831180] ? __pfx_snprintf+0x10/0x10 [ 128.831491] ? find_held_lock+0x2b/0x80 [ 128.831794] ? setup_bdev_super+0x2ed/0x6e0 [ 128.832120] ? set_blocksize+0x1b4/0x470 [ 128.832421] ? lock_release+0xc8/0x290 [ 128.832716] ? sb_set_blocksize+0x177/0x1c0 [ 128.833038] ? setup_bdev_super+0x31f/0x6e0 [ 128.833365] get_tree_bdev_flags+0x38a/0x620 [ 128.833693] ? __pfx_vfat_fill_super+0x10/0x10 [ 128.834034] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 128.834399] ? cap_capable+0xdb/0x3b0 [ 128.834690] ? security_capable+0x2f/0x90 [ 128.835001] vfs_get_tree+0x93/0x340 [ 128.835287] path_mount+0x132d/0x1dd0 [ 128.835580] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.835970] ? __pfx_path_mount+0x10/0x10 [ 128.836279] ? kmem_cache_free+0x2a1/0x540 [ 128.836593] ? putname.part.0+0x11b/0x160 [ 128.836908] ? getname_flags.part.0+0x1c6/0x540 [ 128.837261] ? putname.part.0+0x11b/0x160 [ 128.837574] __x64_sys_mount+0x27b/0x300 [ 128.837879] ? __pfx___x64_sys_mount+0x10/0x10 [ 128.838227] do_syscall_64+0xbf/0x360 [ 128.838513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.838894] RIP: 0033:0x7fd5980ca04a [ 128.839172] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.840496] RSP: 002b:00007fd59563dfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.841051] RAX: ffffffffffffffda RBX: 0000000020001240 RCX: 00007fd5980ca04a [ 128.841572] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fd59563e000 [ 128.842094] RBP: 00007fd59563e040 R08: 00007fd59563e040 R09: 0000000020000000 [ 128.842613] R10: 0000000000008000 R11: 0000000000000206 R12: 0000000020000000 [ 128.843133] R13: 0000000020000100 R14: 00007fd59563e000 R15: 0000000020000040 [ 128.843664] [ 128.843842] Modules linked in: [ 128.844085] ---[ end trace 0000000000000000 ]--- [ 128.844431] RIP: 0010:__queue_work+0x202/0x1240 [ 128.844785] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 128.846101] RSP: 0018:ffff88800f0173f0 EFLAGS: 00010016 [ 128.846493] RAX: 0000000002ec0860 RBX: ffff88800c7ace18 RCX: ffffc90009457000 [ 128.847015] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 128.847558] RBP: 0000000017604300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 128.848079] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 128.848599] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044c98800 [ 128.849123] FS: 00007fd59563e700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 128.849710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.850137] CR2: 00007fdc70036068 CR3: 000000001e351000 CR4: 0000000000350ef0 [ 128.850659] note: syz-executor.4[3971] exited with irqs disabled [ 128.851201] note: syz-executor.4[3971] exited with preempt_count 1 [ 128.851723] ------------[ cut here ]------------ [ 128.852070] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.4/3971 [ 128.852705] Modules linked in: [ 128.852952] CPU: 0 UID: 0 PID: 3971 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.853837] Tainted: [D]=DIE, [W]=WARN [ 128.854123] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.854737] RIP: 0010:do_exit+0x1c36/0x2970 [ 128.855066] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 128.856432] RSP: 0018:ffff88800f017e40 EFLAGS: 00010246 [ 128.856848] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc90009457000 [ 128.857374] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff8880168811e8 [ 128.857910] RBP: ffff888016880000 R08: 0000000000000001 R09: fffffbfff0f126d8 [ 128.858440] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 128.858992] R13: 0000000000002710 R14: dffffc0002ec0860 R15: 0000000000000000 [ 128.859544] FS: 00007fd59563e700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 128.860165] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.860596] CR2: 00007fdc70036068 CR3: 000000001e351000 CR4: 0000000000350ef0 [ 128.861154] Call Trace: [ 128.861353] [ 128.861526] ? _printk+0xbe/0xf0 [ 128.861815] ? __pfx__printk+0x10/0x10 [ 128.862125] ? __pfx_do_exit+0x10/0x10 [ 128.862444] make_task_dead+0x174/0x3b0 [ 128.862760] ? do_syscall_64+0xbf/0x360 [ 128.863061] rewind_stack_and_make_dead+0x16/0x20 [ 128.863439] RIP: 0033:0x7fd5980ca04a [ 128.863731] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.865070] RSP: 002b:00007fd59563dfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.865631] RAX: ffffffffffffffda RBX: 0000000020001240 RCX: 00007fd5980ca04a [ 128.866188] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fd59563e000 [ 128.866727] RBP: 00007fd59563e040 R08: 00007fd59563e040 R09: 0000000020000000 [ 128.867251] R10: 0000000000008000 R11: 0000000000000206 R12: 0000000020000000 [ 128.867796] R13: 0000000020000100 R14: 00007fd59563e000 R15: 0000000020000040 [ 128.868326] [ 128.868504] irq event stamp: 2244 [ 128.868775] hardirqs last enabled at (2243): [] ktime_get+0x1c7/0x270 [ 128.869372] hardirqs last disabled at (2244): [] _raw_spin_lock_irq+0x42/0x50 [ 128.870027] softirqs last enabled at (2218): [] handle_softirqs+0x50c/0x770 [ 128.870666] softirqs last disabled at (1923): [] __irq_exit_rcu+0xc4/0x100 [ 128.871306] ---[ end trace 0000000000000000 ]--- [ 128.871665] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 128.872334] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3971, name: syz-executor.4 [ 128.872968] preempt_count: 0, expected: 0 [ 128.873274] RCU nest depth: 2, expected: 0 [ 128.873583] INFO: lockdep is turned off. [ 128.873898] CPU: 0 UID: 0 PID: 3971 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.873917] Tainted: [D]=DIE, [W]=WARN [ 128.873921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.873927] Call Trace: [ 128.873931] [ 128.873935] dump_stack_lvl+0xfa/0x120 [ 128.873954] __might_resched+0x2f3/0x510 [ 128.873968] exit_signals+0x25/0x940 [ 128.873987] do_exit+0x2db/0x2970 [ 128.874000] ? _printk+0xbe/0xf0 [ 128.874012] ? __pfx__printk+0x10/0x10 [ 128.874025] ? __pfx_do_exit+0x10/0x10 [ 128.874041] make_task_dead+0x174/0x3b0 [ 128.874054] ? do_syscall_64+0xbf/0x360 [ 128.874065] rewind_stack_and_make_dead+0x16/0x20 [ 128.874080] RIP: 0033:0x7fd5980ca04a [ 128.874089] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.874100] RSP: 002b:00007fd59563dfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.874110] RAX: ffffffffffffffda RBX: 0000000020001240 RCX: 00007fd5980ca04a [ 128.874118] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fd59563e000 [ 128.874125] RBP: 00007fd59563e040 R08: 00007fd59563e040 R09: 0000000020000000 [ 128.874133] R10: 0000000000008000 R11: 0000000000000206 R12: 0000000020000000 [ 128.874140] R13: 0000000020000100 R14: 00007fd59563e000 R15: 0000000020000040 [ 128.874151] 11:03:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000000c40)={'#! ', './file0', [], 0xa, "a7e987e221795cfdadbb39dc7cf2e00799ceeef28f1cdca9ea953aceb227fcd51aa6b4c3cdafbdac8ce344b9b542cd818b956f51ffbd65a86e7d65fb3db72bf244d27018f5e4b030a20a6b380dfd4ac51d684491b403729005c0d2c1b9fd73606a947674f60e032b9a9508b6319273149c63ccfd9ac8937a78beab7fe8aff432870adb8e29e0df7ffe582695f29d41cecc92354525322d9829db97e90fecb92c25d00f2e2f0e0ba660dd99140be7957fa23a9c6f193854785c6b73c37eabf286ca99a98a4ca3a474f4c61dd794397877b975ef2a29b2482ae4b853f17ad5401d9bf3f29285e93bd2b4a7db68c4532451352b594fd56d759234404c5d874be5cd83190efb6e44dd428bde916f76b1b4447f64467a5e0169b8e57b8454c2e071ba726ee50ca46df7c975b243a2da78b55813e370a435900c899166f1ec047002e442af547f284eb689c7fb44f44ef7e9da313fdb11d54a4ede88e9321264e52ed2fba0434363ce8d2a8584c9bb744f3a7119a6d416797552860b3c5949321ef764f7d74713a202009fd8af97d6648b1fd099bf5ed4f09dbd6fa0d1c65d6ced20246e96e964655dcc798a395895e8f10087226dcb1c162dbacb84d39332056b54aec078108403336f6f2cfb48734c0b9798e96c0019cfc315debf86526b7ee871980b2c74ed07e24d5bd00afd0457b52b6b390b2e3325bff4d644653b9ecea93b2dcc0d20f2139bf6dfd061e6957817d54827f4efe9be9cdb8ea14c63c332085cfc0f45b68a5f42d68bea1b9509d16c5c63c7e9f7f3f8fd024c4d1f06ff6e11c44bf085c1198fecded6da0a538e3d89cd0f26cbd069f1cce052d7beeed8492ed99eaa40518159e461f34adf0d30ff74785dba0b3c02000000c78d64b53cef821f68fbdd90da891a36fb6d6f4ea1449a2195f67c9d1b8b7bd532b2d972097a6925308d3387acb8ff7d68747e3171f6b736260f0f1646a7cf88385148890c8afdc1deee57dbef7bfa56e725c1ca4c7f1728e9abd05dc72037111eb7bd3d590c16e279376bbdc32a2a28c4599b4817d593025888e12bfbbb400945ab460462984f7e0eb95d7c536d5f12c05f95ca9964dd84b9b223dbc5db7da8f88625c18de06e1895c806c05cb3a4c55feee9b12336cc50ef1c2e29e0e80e7ab0de210e197ead2d9c609b4191592d3f02ca23ebccf22ad2475ec99f5c1aca70455a6f9a089b8a36c70c4655beb3ac520d4a2cd4e4ee9bd16720f29523333b174c5dc27ed4350584e74b712e3a0e4bd6accff8b934643d39a92ff72185288104112dad4b5f778ee9001edfafb08070a9a82d521cb56d56f74fb511fc4321073aee821b5247ea6c09bd314c695f79c5c7ed2f288f9caf8dfd60b79eeeb254064fd15117d5c263aad597897c750027a9b11fbd6fa7a2be6ae35c0470c452ac1c2ab0e7c766642e024ecddddb745e212794b70624578965ccbeed3ab4a6efa079f6aaa9cc95e46827f3637939754643c4ee4003b39aaf94c3bc7466d204c5b368cf3098fa17e448f6c02633826ac7af9249a77ceb42012d19a30d6de500000000000000bf12d48b8e0561e9aa2d638e23276c55a0252568de61c2b227db5e8f1f08b6d53290ec8d02503a3ddc8a6e728ac963ed02aef7c1b9648812acadbf0efff233a8a168b0dc3db8e9a6acbe4449dfbe0000000000000000579d612b107911241eb1325f7540d9bbaf9fada3c37dbf877edec5a3c2a81ff8b23592134229b97c95359d52ae341911ff60de2f9b336c0000000000000000000000000000000035f36fcce4f28ac233a3c1b4e0f9a629b20949dae7ccb04684c49b20e511c6313ea040aec0f4fa1e15abb9b087f18ef22ba3761e744cdbe7a9ea143b7ee7a93c3145b0ed70d33529bc1b0cc7e83b64cc235451179029f0b4e2e83a739103125be0e1f8a63bee7c725489659bb75000e305a3ccfeeaa488684ab77f300f28a4a409a400c24737757322bdd0cc0c0090d5bf43add45204c5aaa8180ce24b28c0b285ee8f345caceb5d05325bba10c1b5307c44ff625250d7ecce7e32922a4db880a3363bf5740c8e631e5063334fd8b0628b307543e59e273cf16da502e715bd738e6edba0a1550263a726a7c4edbf89"}, 0x5f0) 11:03:50 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x11, 0x0, 0x300) 11:03:50 executing program 3: syz_emit_ethernet(0x56, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x20, 0x0, 0x0, @local, @local, {[@hopopts={0x0, 0x3, '\x00', [@enc_lim, @calipso={0x7, 0x10, {0x0, 0x2, 0x0, 0x90, [0x0]}}, @enc_lim]}]}}}}}, 0x0) 11:03:50 executing program 6: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{@fat=@dmask}]}) 11:03:50 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000001240)=[{&(0x7f0000010000)="eb", 0x1}], 0x8000, &(0x7f0000000040)=ANY=[]) [ 128.950277] No source specified 11:03:50 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) copy_file_range(r0, &(0x7f0000000000)=0xfffffffffffffffa, r0, 0x0, 0x0, 0x0) 11:03:50 executing program 0: setresuid(0x0, 0xee01, 0x0) r0 = semget$private(0x0, 0x5, 0x0) semctl$SETALL(r0, 0x0, 0x11, 0x0) 11:03:50 executing program 1: setresuid(0x0, 0xee01, 0x0) r0 = semget$private(0x0, 0x5, 0x0) semctl$SETALL(r0, 0x0, 0x11, 0x0) [ 128.956942] No source specified [ 128.959796] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:03:50 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x5414, &(0x7f00000000c0)) 11:03:51 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000001240)=[{&(0x7f0000010000)="eb", 0x1}], 0x8000, &(0x7f0000000040)=ANY=[]) 11:03:51 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x5414, &(0x7f00000000c0)) 11:03:51 executing program 3: syz_emit_ethernet(0x56, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x20, 0x0, 0x0, @local, @local, {[@hopopts={0x0, 0x3, '\x00', [@enc_lim, @calipso={0x7, 0x10, {0x0, 0x2, 0x0, 0x90, [0x0]}}, @enc_lim]}]}}}}}, 0x0) 11:03:51 executing program 0: setresuid(0x0, 0xee01, 0x0) r0 = semget$private(0x0, 0x5, 0x0) semctl$SETALL(r0, 0x0, 0x11, 0x0) 11:03:51 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) copy_file_range(r0, &(0x7f0000000000)=0xfffffffffffffffa, r0, 0x0, 0x0, 0x0) 11:03:51 executing program 2: prctl$PR_SET_MM(0x29, 0x0, &(0x7f0000ffa000/0x4000)=nil) 11:03:51 executing program 1: setresuid(0x0, 0xee01, 0x0) r0 = semget$private(0x0, 0x5, 0x0) semctl$SETALL(r0, 0x0, 0x11, 0x0) 11:03:51 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 129.096424] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 129.097279] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 129.097840] CPU: 0 UID: 0 PID: 4011 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.098712] Tainted: [D]=DIE, [W]=WARN [ 129.098997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.099617] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.099981] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.101308] RSP: 0018:ffff88804656f800 EFLAGS: 00010212 [ 129.101703] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 129.102225] RDX: ffff88800ef10000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.102748] RBP: ffff88804656fa70 R08: ffff88806ce31340 R09: ffffe8ffffc16050 [ 129.103271] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 129.103807] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 129.104330] FS: 000055559322c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.104918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.105347] CR2: 00007f902620d018 CR3: 0000000043490000 CR4: 0000000000350ef0 [ 129.105870] Call Trace: [ 129.106066] [ 129.106242] ? arch_scale_cpu_capacity+0x17/0xa0 [ 129.106606] ? __pfx_perf_tp_event+0x10/0x10 [ 129.106939] ? __asan_memset+0x24/0x50 [ 129.107240] ? lock_release+0x1c7/0x290 [ 129.107555] ? __pfx___mutex_lock+0x10/0x10 [ 129.107886] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 129.108303] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 129.108701] ? kvm_sched_clock_read+0x16/0x30 [ 129.109044] ? sched_clock+0x37/0x60 [ 129.109332] ? sched_clock_cpu+0x6c/0x4e0 [ 129.109652] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.110028] perf_trace_run_bpf_submit+0xef/0x180 [ 129.110394] perf_trace_lock_acquire+0x3c2/0x700 [ 129.110752] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.111145] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.111547] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.111939] ? lock_acquire+0xc5/0x2f0 [ 129.112233] ? lock_acquire+0x18c/0x2f0 [ 129.112535] lock_acquire+0xc5/0x2f0 [ 129.112818] ? futex_wake+0x228/0x540 [ 129.113109] ? futex_hash+0x15c/0x390 [ 129.113399] _raw_spin_lock+0x2b/0x40 [ 129.113689] ? futex_wake+0x228/0x540 [ 129.113978] futex_wake+0x228/0x540 [ 129.114261] ? __pfx_futex_wake+0x10/0x10 [ 129.114574] ? xfd_validate_state+0x55/0x180 [ 129.114914] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 129.115305] ? finish_task_switch.isra.0+0x206/0x840 [ 129.115703] do_futex+0x26d/0x370 [ 129.115970] ? __pfx_do_futex+0x10/0x10 [ 129.116275] ? __pfx___schedule+0x10/0x10 [ 129.116591] __x64_sys_futex+0x1c9/0x4d0 [ 129.116898] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.117331] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.117674] ? xfd_validate_state+0x55/0x180 [ 129.118015] do_syscall_64+0xbf/0x360 [ 129.118303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.118685] RIP: 0033:0x7f93aebddb19 [ 129.118963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.120292] RSP: 002b:00007fff17cd0f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.120848] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93aebddb19 [ 129.121370] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f93aecf0f68 [ 129.121891] RBP: 00007f93aecf0f60 R08: 00007f93ac153700 R09: 0000000000000000 [ 129.122413] R10: 00007f93ac153700 R11: 0000000000000246 R12: 00007f93aecf5150 [ 129.122935] R13: 00007fff17cd10a0 R14: 00007f93aecf0f60 R15: 000000000001f7dc [ 129.123473] [ 129.123651] Modules linked in: [ 129.123923] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 129.124733] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 129.125286] CPU: 0 UID: 0 PID: 4011 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.126156] Tainted: [D]=DIE, [W]=WARN [ 129.126441] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.127042] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.127403] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.128721] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 129.129114] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 129.129635] RDX: ffff88800ef10000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.130157] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16050 [ 129.130678] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 129.131199] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 129.131729] FS: 000055559322c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.132317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.132745] CR2: 00007f902620d018 CR3: 0000000043490000 CR4: 0000000000350ef0 [ 129.133268] Call Trace: [ 129.133462] [ 129.133633] ? __pfx_perf_tp_event+0x10/0x10 [ 129.133970] ? rcu_core+0x7c3/0x1800 [ 129.134254] ? stack_trace_save+0x8e/0xc0 [ 129.134580] ? stack_depot_save_flags+0x2c/0xa20 [ 129.134951] ? kasan_save_stack+0x24/0x50 [ 129.135287] ? kasan_save_track+0x14/0x30 [ 129.135617] ? __kasan_save_free_info+0x3a/0x60 [ 129.135980] ? __kasan_slab_free+0x3f/0x50 [ 129.136315] ? rcu_core+0x7c3/0x1800 [ 129.136614] ? kasan_save_stack+0x34/0x50 [ 129.136942] ? kasan_save_stack+0x24/0x50 [ 129.137269] ? kasan_record_aux_stack+0x89/0xa0 [ 129.137632] ? __call_rcu_common.constprop.0+0x70/0x960 [ 129.138047] ? delayed_put_task_struct+0xde/0x260 [ 129.138427] ? rcu_core+0x7c8/0x1800 [ 129.138725] ? handle_softirqs+0x1b1/0x770 [ 129.139061] ? do_softirq+0x48/0x80 [ 129.139346] ? __local_bh_enable_ip+0xf1/0x110 [ 129.139709] ? cfg80211_inform_single_bss_data+0x877/0x1bd0 [ 129.140157] ? cfg80211_inform_bss_data+0x20e/0x34e0 [ 129.140555] ? cfg80211_inform_bss_frame_data+0x253/0x6b0 [ 129.140985] ? ieee80211_bss_info_update+0x2f5/0xa90 [ 129.141382] ? ieee80211_ibss_rx_queued_mgmt+0x18b3/0x2f50 [ 129.141820] ? ieee80211_iface_work+0xd52/0x1220 [ 129.142192] ? cfg80211_wiphy_work+0x245/0x480 [ 129.142552] ? process_one_work+0x8e1/0x19c0 [ 129.142901] ? worker_thread+0x67e/0xe90 [ 129.143217] ? kthread+0x3c8/0x740 [ 129.143514] ? ret_from_fork+0x34b/0x430 [ 129.143840] ? ret_from_fork_asm+0x1a/0x30 [ 129.144177] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.144589] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.144980] perf_trace_run_bpf_submit+0xef/0x180 [ 129.145368] perf_trace_lock_acquire+0x3c2/0x700 [ 129.145744] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.146153] ? trace_rcu_batch_end+0x32/0x1e0 [ 129.146509] lock_acquire+0xc5/0x2f0 [ 129.146803] ? hrtimer_interrupt+0xd6/0x830 [ 129.147137] ? __pfx_lapic_next_deadline+0x10/0x10 [ 129.147533] _raw_spin_lock_irqsave+0x3a/0x60 [ 129.147892] ? hrtimer_interrupt+0xd6/0x830 [ 129.148227] hrtimer_interrupt+0xd6/0x830 [ 129.148551] ? __pfx_do_sync_core+0x10/0x10 [ 129.148889] ? trace_csd_function_exit+0x134/0x190 [ 129.149277] ? __flush_smp_call_function_queue+0x28c/0x740 [ 129.149714] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 129.150121] sysvec_apic_timer_interrupt+0x6b/0x80 [ 129.150506] [ 129.150686] [ 129.150865] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 129.151274] RIP: 0010:oops_exit+0x0/0x50 [ 129.151607] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 129.152999] RSP: 0018:ffff88804656f690 EFLAGS: 00000202 [ 129.153410] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 129.153960] RDX: ffff88800ef10000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 129.154507] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 129.155053] R10: 0000000000000000 R11: 000000000000002c R12: ffff88804656f758 [ 129.155607] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 129.156156] ? add_taint+0x5f/0xd0 [ 129.156438] ? oops_end+0x4a/0xe0 [ 129.156719] oops_end+0x65/0xe0 [ 129.156988] exc_general_protection+0x1a2/0x330 [ 129.157358] asm_exc_general_protection+0x26/0x30 [ 129.157735] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.158100] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.159495] RSP: 0018:ffff88804656f800 EFLAGS: 00010212 [ 129.159905] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 129.160448] RDX: ffff88800ef10000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.160994] RBP: ffff88804656fa70 R08: ffff88806ce31340 R09: ffffe8ffffc16050 [ 129.161538] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 129.162085] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 129.162635] ? perf_tp_event+0x167/0xe70 [ 129.162963] ? arch_scale_cpu_capacity+0x17/0xa0 [ 129.163335] ? __pfx_perf_tp_event+0x10/0x10 [ 129.163693] ? __asan_memset+0x24/0x50 [ 129.164004] ? lock_release+0x1c7/0x290 [ 129.164320] ? __pfx___mutex_lock+0x10/0x10 [ 129.164661] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 129.165096] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 129.165512] ? kvm_sched_clock_read+0x16/0x30 [ 129.165870] ? sched_clock+0x37/0x60 [ 129.166167] ? sched_clock_cpu+0x6c/0x4e0 [ 129.166496] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.166891] perf_trace_run_bpf_submit+0xef/0x180 [ 129.167277] perf_trace_lock_acquire+0x3c2/0x700 [ 129.167659] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.168069] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.168476] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 129.168884] ? lock_acquire+0xc5/0x2f0 [ 129.169193] ? lock_acquire+0x18c/0x2f0 [ 129.169508] lock_acquire+0xc5/0x2f0 [ 129.169803] ? futex_wake+0x228/0x540 [ 129.170111] ? futex_hash+0x15c/0x390 [ 129.170411] _raw_spin_lock+0x2b/0x40 [ 129.170713] ? futex_wake+0x228/0x540 [ 129.171017] futex_wake+0x228/0x540 [ 129.171307] ? __pfx_futex_wake+0x10/0x10 [ 129.171642] ? xfd_validate_state+0x55/0x180 [ 129.171993] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 129.172400] ? finish_task_switch.isra.0+0x206/0x840 [ 129.172802] do_futex+0x26d/0x370 [ 129.173079] ? __pfx_do_futex+0x10/0x10 [ 129.173394] ? __pfx___schedule+0x10/0x10 [ 129.173723] __x64_sys_futex+0x1c9/0x4d0 [ 129.174042] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.174493] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.174853] ? xfd_validate_state+0x55/0x180 [ 129.175208] do_syscall_64+0xbf/0x360 [ 129.175517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.175918] RIP: 0033:0x7f93aebddb19 [ 129.176210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.177600] RSP: 002b:00007fff17cd0f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.178188] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93aebddb19 [ 129.178733] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f93aecf0f68 [ 129.179277] RBP: 00007f93aecf0f60 R08: 00007f93ac153700 R09: 0000000000000000 [ 129.179834] R10: 00007f93ac153700 R11: 0000000000000246 R12: 00007f93aecf5150 [ 129.180384] R13: 00007fff17cd10a0 R14: 00007f93aecf0f60 R15: 000000000001f7dc [ 129.180942] [ 129.181129] Modules linked in: [ 129.181384] ---[ end trace 0000000000000000 ]--- [ 129.181750] RIP: 0010:__queue_work+0x202/0x1240 [ 129.182123] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 129.183519] RSP: 0018:ffff88800f0173f0 EFLAGS: 00010016 [ 129.183929] RAX: 0000000002ec0860 RBX: ffff88800c7ace18 RCX: ffffc90009457000 [ 129.184477] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 129.185032] RBP: 0000000017604300 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 129.185583] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 129.186136] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888044c98800 [ 129.186687] FS: 000055559322c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.187305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.187765] CR2: 00007f902620d018 CR3: 0000000043490000 CR4: 0000000000350ef0 [ 129.188315] Kernel panic - not syncing: Fatal exception in interrupt [ 129.189006] Kernel Offset: disabled [ 129.189293] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:03:50 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88800f016ce0 R8 =0000000000000000 R9 =ffffed10015f7046 R10=0000000000000038 R11=0000000065646f43 R12=0000000000000038 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd59563e700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdc70036068 CR3=000000001e351000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000008 RCX=ffffffff819e60bd RDX=ffff88801b813700 RSI=ffffffff819e60cb RDI=0000000000000006 RBP=00007fc7c6918000 RSP=ffff888016b0f6b8 R8 =0000000000000001 R9 =ffffed1002d61eca R10=00007fc7c6918000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=00007fc7c6856000 R15=dffffc0000000000 RIP=ffffffff8173f6b8 RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557954e400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc7c9bed3a4 CR3=000000004318b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000