Warning: Permanently added '[localhost]:38751' (ECDSA) to the list of known hosts.
2025/08/29 08:49:00 fuzzer started
2025/08/29 08:49:00 dialing manager at localhost:43077
syzkaller login: [ 59.426394] cgroup: Unknown subsys name 'net'
[ 59.637907] cgroup: Unknown subsys name 'cpuset'
[ 59.679457] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:49:12 syscalls: 2214
2025/08/29 08:49:12 code coverage: enabled
2025/08/29 08:49:12 comparison tracing: enabled
2025/08/29 08:49:12 extra coverage: enabled
2025/08/29 08:49:12 setuid sandbox: enabled
2025/08/29 08:49:12 namespace sandbox: enabled
2025/08/29 08:49:12 Android sandbox: enabled
2025/08/29 08:49:12 fault injection: enabled
2025/08/29 08:49:12 leak checking: enabled
2025/08/29 08:49:12 net packet injection: enabled
2025/08/29 08:49:12 net device setup: enabled
2025/08/29 08:49:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:49:12 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:49:12 USB emulation: enabled
2025/08/29 08:49:12 hci packet injection: enabled
2025/08/29 08:49:12 wifi device emulation: enabled
2025/08/29 08:49:12 802.15.4 emulation: enabled
2025/08/29 08:49:12 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:49:12 fetching corpus: 50, signal 25297/28452 (executing program)
2025/08/29 08:49:12 fetching corpus: 100, signal 39091/43098 (executing program)
2025/08/29 08:49:12 fetching corpus: 150, signal 46316/51187 (executing program)
2025/08/29 08:49:12 fetching corpus: 200, signal 53876/59354 (executing program)
2025/08/29 08:49:13 fetching corpus: 250, signal 60250/66213 (executing program)
2025/08/29 08:49:13 fetching corpus: 300, signal 64896/71287 (executing program)
2025/08/29 08:49:13 fetching corpus: 350, signal 68451/75266 (executing program)
2025/08/29 08:49:13 fetching corpus: 400, signal 71142/78359 (executing program)
2025/08/29 08:49:13 fetching corpus: 450, signal 73558/81181 (executing program)
2025/08/29 08:49:13 fetching corpus: 500, signal 76531/84411 (executing program)
2025/08/29 08:49:13 fetching corpus: 550, signal 78231/86509 (executing program)
2025/08/29 08:49:13 fetching corpus: 600, signal 80094/88693 (executing program)
2025/08/29 08:49:13 fetching corpus: 650, signal 83145/91715 (executing program)
2025/08/29 08:49:14 fetching corpus: 700, signal 85028/93730 (executing program)
2025/08/29 08:49:14 fetching corpus: 750, signal 87012/95798 (executing program)
2025/08/29 08:49:14 fetching corpus: 800, signal 88746/97582 (executing program)
2025/08/29 08:49:14 fetching corpus: 850, signal 90911/99623 (executing program)
2025/08/29 08:49:14 fetching corpus: 900, signal 92614/101263 (executing program)
2025/08/29 08:49:14 fetching corpus: 950, signal 95336/103443 (executing program)
2025/08/29 08:49:14 fetching corpus: 1000, signal 96874/104875 (executing program)
2025/08/29 08:49:14 fetching corpus: 1050, signal 97767/105868 (executing program)
2025/08/29 08:49:15 fetching corpus: 1100, signal 99605/107324 (executing program)
2025/08/29 08:49:15 fetching corpus: 1150, signal 101070/108506 (executing program)
2025/08/29 08:49:15 fetching corpus: 1200, signal 103059/109976 (executing program)
2025/08/29 08:49:15 fetching corpus: 1250, signal 104503/111052 (executing program)
2025/08/29 08:49:15 fetching corpus: 1300, signal 106423/112303 (executing program)
2025/08/29 08:49:15 fetching corpus: 1350, signal 107789/113206 (executing program)
2025/08/29 08:49:15 fetching corpus: 1400, signal 109049/114037 (executing program)
2025/08/29 08:49:15 fetching corpus: 1450, signal 109919/114638 (executing program)
2025/08/29 08:49:16 fetching corpus: 1500, signal 111500/115583 (executing program)
2025/08/29 08:49:16 fetching corpus: 1550, signal 112616/116290 (executing program)
2025/08/29 08:49:16 fetching corpus: 1600, signal 114391/117267 (executing program)
2025/08/29 08:49:16 fetching corpus: 1650, signal 116137/118056 (executing program)
2025/08/29 08:49:16 fetching corpus: 1700, signal 116936/118432 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118562 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118604 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118644 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118686 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118720 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118756 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118798 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118833 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118866 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118903 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/118945 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119008 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119054 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119087 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119135 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119170 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119212 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119250 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119285 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119313 (executing program)
2025/08/29 08:49:16 fetching corpus: 1712, signal 117122/119342 (executing program)
2025/08/29 08:49:17 fetching corpus: 1712, signal 117122/119377 (executing program)
2025/08/29 08:49:17 fetching corpus: 1712, signal 117122/119405 (executing program)
2025/08/29 08:49:17 fetching corpus: 1712, signal 117122/119405 (executing program)
2025/08/29 08:49:18 starting 8 fuzzer processes
08:49:18 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
08:49:18 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
fallocate(r0, 0x0, 0x0, 0x5)
08:49:18 executing program 6:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0))
capset(&(0x7f0000000480)={0x19980330}, &(0x7f00000004c0)={0x0, 0x0, 0x8})
08:49:19 executing program 2:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
process_madvise(r1, 0x0, 0x0, 0x0, 0x0)
08:49:19 executing program 7:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0f85403, &(0x7f0000000040)={{0x1}})
08:49:19 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r0)
[ 77.608078] audit: type=1400 audit(1756457359.052:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:49:19 executing program 4:
r0 = fsopen(&(0x7f0000000000)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
08:49:19 executing program 5:
select(0x40, &(0x7f00000022c0), &(0x7f0000002300), &(0x7f0000002340)={0x800}, &(0x7f0000002380)={0x77359400})
[ 78.861706] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 78.867595] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 78.869810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 78.872429] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 78.874428] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 78.878985] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 78.881566] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 78.883826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 78.887018] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 78.888992] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 78.891021] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 78.891416] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 78.896600] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 78.896740] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 78.898349] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 78.901350] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 78.903655] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 78.912347] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 78.914621] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 78.920500] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 78.924706] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 78.924784] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 78.928080] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 78.928108] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 78.938823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 78.943882] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 78.945317] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 78.947531] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 78.949784] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 78.951413] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 78.951648] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 78.954976] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 78.956126] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 78.962374] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 78.963917] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 78.970063] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 78.971470] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 78.975575] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 78.994489] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 79.003557] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 80.943803] Bluetooth: hci2: command tx timeout
[ 81.008253] Bluetooth: hci1: command tx timeout
[ 81.008848] Bluetooth: hci4: command tx timeout
[ 81.009343] Bluetooth: hci0: command tx timeout
[ 81.071443] Bluetooth: hci7: command tx timeout
[ 81.072051] Bluetooth: hci6: command tx timeout
[ 81.072881] Bluetooth: hci5: command tx timeout
[ 81.073369] Bluetooth: hci3: command tx timeout
[ 82.990923] Bluetooth: hci2: command tx timeout
[ 83.054465] Bluetooth: hci0: command tx timeout
[ 83.054900] Bluetooth: hci4: command tx timeout
[ 83.055717] Bluetooth: hci1: command tx timeout
[ 83.119391] Bluetooth: hci5: command tx timeout
[ 83.119820] Bluetooth: hci3: command tx timeout
[ 83.120586] Bluetooth: hci6: command tx timeout
[ 83.120970] Bluetooth: hci7: command tx timeout
[ 85.038702] Bluetooth: hci2: command tx timeout
[ 85.103395] Bluetooth: hci0: command tx timeout
[ 85.103839] Bluetooth: hci1: command tx timeout
[ 85.105242] Bluetooth: hci4: command tx timeout
[ 85.168247] Bluetooth: hci7: command tx timeout
[ 85.168676] Bluetooth: hci5: command tx timeout
[ 85.169065] Bluetooth: hci6: command tx timeout
[ 85.169901] Bluetooth: hci3: command tx timeout
[ 87.086424] Bluetooth: hci2: command tx timeout
[ 87.152255] Bluetooth: hci1: command tx timeout
[ 87.153008] Bluetooth: hci4: command tx timeout
[ 87.153772] Bluetooth: hci0: command tx timeout
[ 87.214361] Bluetooth: hci6: command tx timeout
[ 87.215115] Bluetooth: hci3: command tx timeout
[ 87.215874] Bluetooth: hci5: command tx timeout
[ 87.217115] Bluetooth: hci7: command tx timeout
[ 120.350922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.351617] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.678250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.678881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.044189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.046262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:50:02 executing program 5:
select(0x40, &(0x7f00000022c0), &(0x7f0000002300), &(0x7f0000002340)={0x800}, &(0x7f0000002380)={0x77359400})
08:50:02 executing program 5:
select(0x40, &(0x7f00000022c0), &(0x7f0000002300), &(0x7f0000002340)={0x800}, &(0x7f0000002380)={0x77359400})
08:50:02 executing program 5:
select(0x40, &(0x7f00000022c0), &(0x7f0000002300), &(0x7f0000002340)={0x800}, &(0x7f0000002380)={0x77359400})
[ 121.317619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.318278] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:50:02 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
08:50:02 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
08:50:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
08:50:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
[ 121.707556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.708139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.818662] capability: warning: `syz-executor.6' uses deprecated v2 capabilities in a way that may be insecure
[ 121.821419] capability: warning: `syz-executor.6' uses 32-bit capabilities (legacy support in use)
08:50:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
[ 121.864325] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.864909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.718648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.719349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.748637] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.749338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.811379] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.812013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.869064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.869997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.908817] audit: type=1400 audit(1756457404.353:8): avc: denied { open } for pid=3877 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 122.911315] audit: type=1400 audit(1756457404.353:9): avc: denied { kernel } for pid=3877 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 122.966535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.967101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.057889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.058634] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.211745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.212415] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.267011] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.268085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.435810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.436565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.462793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.463572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:50:04 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
fallocate(r0, 0x0, 0x0, 0x5)
08:50:04 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r0)
08:50:04 executing program 2:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
process_madvise(r1, 0x0, 0x0, 0x0, 0x0)
08:50:04 executing program 4:
r0 = fsopen(&(0x7f0000000000)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
08:50:04 executing program 6:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0))
capset(&(0x7f0000000480)={0x19980330}, &(0x7f00000004c0)={0x0, 0x0, 0x8})
08:50:04 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
08:50:04 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
08:50:05 executing program 7:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0f85403, &(0x7f0000000040)={{0x1}})
08:50:05 executing program 7:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0f85403, &(0x7f0000000040)={{0x1}})
08:50:05 executing program 2:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
process_madvise(r1, 0x0, 0x0, 0x0, 0x0)
08:50:05 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
fallocate(r0, 0x0, 0x0, 0x5)
08:50:05 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
08:50:05 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
08:50:05 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r0)
08:50:05 executing program 7:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0f85403, &(0x7f0000000040)={{0x1}})
08:50:05 executing program 2:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
process_madvise(r1, 0x0, 0x0, 0x0, 0x0)
08:50:05 executing program 6:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0))
capset(&(0x7f0000000480)={0x19980330}, &(0x7f00000004c0)={0x0, 0x0, 0x8})
08:50:05 executing program 4:
r0 = fsopen(&(0x7f0000000000)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
[ 123.755405] kmemleak: Found object by alias at 0x607f1a639884
[ 123.755426] CPU: 1 UID: 0 PID: 3938 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 123.755443] Tainted: [W]=WARN
[ 123.755447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 123.755454] Call Trace:
[ 123.755458]
[ 123.755463] dump_stack_lvl+0xca/0x120
[ 123.755488] __lookup_object+0x94/0xb0
[ 123.755504] delete_object_full+0x27/0x70
[ 123.755520] free_percpu+0x30/0x1160
[ 123.755536] ? arch_uprobe_clear_state+0x16/0x140
[ 123.755556] futex_hash_free+0x38/0xc0
[ 123.755570] mmput+0x2d3/0x390
[ 123.755588] do_exit+0x79d/0x2970
[ 123.755605] ? __pfx_do_exit+0x10/0x10
[ 123.755619] ? find_held_lock+0x2b/0x80
[ 123.755636] ? get_signal+0x835/0x2340
[ 123.755656] do_group_exit+0xd3/0x2a0
[ 123.755671] get_signal+0x2315/0x2340
[ 123.755688] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 123.755704] ? __pfx_get_signal+0x10/0x10
[ 123.755720] ? __schedule+0xe91/0x3590
[ 123.755740] arch_do_signal_or_restart+0x80/0x790
[ 123.755757] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 123.755773] ? __x64_sys_futex+0x1c9/0x4d0
[ 123.755785] ? __x64_sys_futex+0x1d2/0x4d0
[ 123.755798] ? __pfx___do_sys_fsconfig+0x10/0x10
[ 123.755811] ? __pfx___x64_sys_futex+0x10/0x10
[ 123.755829] exit_to_user_mode_loop+0x8b/0x110
[ 123.755842] do_syscall_64+0x2f7/0x360
[ 123.755854] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.755865] RIP: 0033:0x7f091ae99b19
[ 123.755874] Code: Unable to access opcode bytes at 0x7f091ae99aef.
[ 123.755879] RSP: 002b:00007f091840f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 123.755890] RAX: 0000000000000001 RBX: 00007f091afacf68 RCX: 00007f091ae99b19
[ 123.755898] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091afacf6c
[ 123.755904] RBP: 00007f091afacf60 R08: 0000000000000016 R09: 0000000000000000
[ 123.755911] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f091afacf6c
[ 123.755918] R13: 00007fff6b34467f R14: 00007f091840f300 R15: 0000000000022000
[ 123.755934]
[ 123.755937] kmemleak: Object (percpu) 0x607f1a639880 (size 8):
[ 123.755944] kmemleak: comm "syz-executor.3", pid 3943, jiffies 4294790639
[ 123.755951] kmemleak: min_count = 1
[ 123.755954] kmemleak: count = 0
[ 123.755958] kmemleak: flags = 0x21
[ 123.755961] kmemleak: checksum = 0
[ 123.755965] kmemleak: backtrace:
[ 123.755968] pcpu_alloc_noprof+0x87a/0x1170
[ 123.755983] fib_nh_common_init+0x30/0xd0
[ 123.755995] fib6_nh_init+0x968/0x1a00
[ 123.756005] ip6_route_info_create_nh+0x530/0xf80
[ 123.756015] addrconf_f6i_alloc+0x208/0x430
[ 123.756025] __ipv6_dev_ac_inc+0x2fc/0xd80
[ 123.756040] ipv6_sock_ac_join+0x8aa/0x1100
[ 123.756053] do_ipv6_setsockopt+0x3f54/0x47b0
[ 123.756068] ipv6_setsockopt+0xcb/0x170
[ 123.756082] udpv6_setsockopt+0x84/0xd0
[ 123.756092] do_sock_setsockopt+0xf7/0x1e0
[ 123.756103] __sys_setsockopt+0x11f/0x1a0
[ 123.756116] __x64_sys_setsockopt+0xbe/0x160
[ 123.756130] do_syscall_64+0xbf/0x360
[ 123.756139] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.775802] kmemleak: Found object by alias at 0x607f1a638104
[ 123.775822] CPU: 0 UID: 0 PID: 3940 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 123.775841] Tainted: [W]=WARN
[ 123.775845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 123.775853] Call Trace:
[ 123.775857]
[ 123.775862] dump_stack_lvl+0xca/0x120
[ 123.775892] __lookup_object+0x94/0xb0
[ 123.775911] delete_object_full+0x27/0x70
[ 123.775928] free_percpu+0x30/0x1160
[ 123.775945] ? arch_uprobe_clear_state+0x16/0x140
[ 123.775966] futex_hash_free+0x38/0xc0
[ 123.775982] mmput+0x2d3/0x390
[ 123.776002] do_exit+0x79d/0x2970
[ 123.776016] ? signal_wake_up_state+0x85/0x120
[ 123.776033] ? zap_other_threads+0x2b9/0x3a0
[ 123.776049] ? __pfx_do_exit+0x10/0x10
[ 123.776062] ? do_group_exit+0x1c3/0x2a0
[ 123.776075] ? lock_release+0xc8/0x290
[ 123.776093] do_group_exit+0xd3/0x2a0
[ 123.776108] __x64_sys_exit_group+0x3e/0x50
[ 123.776122] x64_sys_call+0x18c5/0x18d0
[ 123.776138] do_syscall_64+0xbf/0x360
[ 123.776151] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.776162] RIP: 0033:0x7f47be284b19
[ 123.776171] Code: Unable to access opcode bytes at 0x7f47be284aef.
[ 123.776176] RSP: 002b:00007ffc90bcdd38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 123.776188] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f47be284b19
[ 123.776200] RDX: 00007f47be23772b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 123.776207] RBP: 0000000000000000 R08: 0000001b2ce228c4 R09: 0000000000000000
[ 123.776215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 123.776222] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc90bcde20
[ 123.776238]
[ 123.776242] kmemleak: Object (percpu) 0x607f1a638100 (size 8):
[ 123.776249] kmemleak: comm "syz-executor.3", pid 3943, jiffies 4294790631
[ 123.776256] kmemleak: min_count = 1
[ 123.776260] kmemleak: count = 0
[ 123.776264] kmemleak: flags = 0x21
[ 123.776268] kmemleak: checksum = 0
[ 123.776272] kmemleak: backtrace:
[ 123.776275] pcpu_alloc_noprof+0x87a/0x1170
[ 123.776290] perf_trace_event_init+0x366/0xa10
[ 123.776305] perf_trace_init+0x1a4/0x2f0
[ 123.776324] perf_tp_event_init+0xa6/0x120
[ 123.776343] perf_try_init_event+0x140/0x9f0
[ 123.776355] perf_event_alloc.part.0+0x118e/0x45f0
[ 123.776372] __do_sys_perf_event_open+0x719/0x2c20
[ 123.776385] do_syscall_64+0xbf/0x360
[ 123.776393] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:50:05 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
08:50:05 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
fallocate(r0, 0x0, 0x0, 0x5)
08:50:05 executing program 6:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0))
capset(&(0x7f0000000480)={0x19980330}, &(0x7f00000004c0)={0x0, 0x0, 0x8})
08:50:05 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r0)
08:50:05 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
08:50:05 executing program 1:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
08:50:05 executing program 2:
r0 = fsopen(&(0x7f0000000000)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
08:50:05 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close(r0)
08:50:05 executing program 4:
r0 = fsopen(&(0x7f0000000000)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
08:50:05 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x6, 0x0, 0x413}}}, 0x7)
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
renameat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0xfffffffb}}, './file0\x00'})
[ 123.965320] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
[ 123.966301] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 123.966911] CPU: 1 UID: 0 PID: 280 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 123.968374] Tainted: [W]=WARN
[ 123.968992] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 123.970327] kmemleak: Found object by alias at 0x607f1a639884
[ 123.970348] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 123.970367] Tainted: [W]=WARN
[ 123.970371] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 123.970379] Call Trace:
[ 123.970383]
[ 123.970388] dump_stack_lvl+0xca/0x120
[ 123.970419] __lookup_object+0x94/0xb0
[ 123.970435] delete_object_full+0x27/0x70
[ 123.970451] free_percpu+0x30/0x1160
[ 123.970467] ? arch_uprobe_clear_state+0x16/0x140
[ 123.970485] futex_hash_free+0x38/0xc0
[ 123.970498] mmput+0x2d3/0x390
[ 123.970516] do_exit+0x79d/0x2970
[ 123.970530] ? __pfx_do_exit+0x10/0x10
[ 123.970543] ? find_held_lock+0x2b/0x80
[ 123.970561] ? get_signal+0x835/0x2340
[ 123.970579] do_group_exit+0xd3/0x2a0
[ 123.970592] get_signal+0x2315/0x2340
[ 123.970608] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 123.970622] ? __pfx_get_signal+0x10/0x10
[ 123.970638] ? __schedule+0xe91/0x3590
[ 123.970655] arch_do_signal_or_restart+0x80/0x790
[ 123.970672] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 123.970687] ? __x64_sys_futex+0x1c9/0x4d0
[ 123.970700] ? __x64_sys_futex+0x1d2/0x4d0
[ 123.970712] ? __pfx___do_sys_fsconfig+0x10/0x10
[ 123.970726] ? __pfx___x64_sys_futex+0x10/0x10
[ 123.970741] exit_to_user_mode_loop+0x8b/0x110
[ 123.970753] do_syscall_64+0x2f7/0x360
[ 123.970764] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.970776] RIP: 0033:0x7f091ae99b19
[ 123.970784] Code: Unable to access opcode bytes at 0x7f091ae99aef.
[ 123.970790] RSP: 002b:00007f091840f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 123.970801] RAX: 0000000000000001 RBX: 00007f091afacf68 RCX: 00007f091ae99b19
[ 123.970809] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091afacf6c
[ 123.970816] RBP: 00007f091afacf60 R08: 0000000000000016 R09: 0000000000000000
[ 123.970823] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f091afacf6c
[ 123.970830] R13: 00007fff6b34467f R14: 00007f091840f300 R15: 0000000000022000
[ 123.970841]
[ 123.970845] kmemleak: Object (percpu) 0x607f1a639880 (size 8):
[ 123.970851] kmemleak: comm "syz-executor.3", pid 3962, jiffies 4294790846
[ 123.970858] kmemleak: min_count = 1
[ 123.970862] kmemleak: count = 0
[ 123.970866] kmemleak: flags = 0x21
[ 123.970870] kmemleak: checksum = 0
[ 123.970874] kmemleak: backtrace:
[ 123.970878] pcpu_alloc_noprof+0x87a/0x1170
[ 123.970892] fib_nh_common_init+0x30/0xd0
[ 123.970906] fib6_nh_init+0x968/0x1a00
[ 123.970916] ip6_route_info_create_nh+0x530/0xf80
[ 123.970926] addrconf_f6i_alloc+0x208/0x430
[ 123.970936] __ipv6_dev_ac_inc+0x2fc/0xd80
[ 123.970950] ipv6_sock_ac_join+0x8aa/0x1100
[ 123.970964] do_ipv6_setsockopt+0x3f54/0x47b0
[ 123.970979] ipv6_setsockopt+0xcb/0x170
[ 123.970993] udpv6_setsockopt+0x84/0xd0
[ 123.971003] do_sock_setsockopt+0xf7/0x1e0
[ 123.971014] __sys_setsockopt+0x11f/0x1a0
[ 123.971028] __x64_sys_setsockopt+0xbe/0x160
[ 123.971042] do_syscall_64+0xbf/0x360
[ 123.971050] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.997442] RIP: 0010:dst_dev_put+0x21/0x250
[ 123.997816] Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb e8 40 c6 a8 fd 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 01 00 00 48 8d 7b 3a 48 8b 2b 48 b8 00 00 00
[ 123.999262] RSP: 0018:ffff88806cf08da0 EFLAGS: 00010256
[ 123.999693] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff84103a71
[ 124.000264] RDX: 0000000000000000 RSI: ffffffff83cb2140 RDI: 0000000000000001
[ 124.000841] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000001
[ 124.001413] R10: 0000000000000001 R11: 0000000000000001 R12: fffffbfff0b0a4ac
[ 124.001978] R13: 0000607f1a639880 R14: 0000607f1a639880 R15: 0000000000000001
[ 124.002551] FS: 000055558dcb6400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 124.003187] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 124.003653] CR2: 0000001b2d226000 CR3: 0000000039181000 CR4: 0000000000350ef0
[ 124.004222] Call Trace:
[ 124.004440]
[ 124.004621] rt_fibinfo_free_cpus.part.0+0xdb/0x1a0
[ 124.005036] ? rcu_core+0x7c3/0x1800
[ 124.005352] fib_nh_common_release+0xa8/0x2c0
[ 124.005737] ? rcu_core+0x7c3/0x1800
[ 124.006066] ? rcu_core+0x7c3/0x1800
[ 124.006391] fib6_info_destroy_rcu+0x18b/0x1f0
[ 124.006779] ? rcu_core+0x7c3/0x1800
[ 124.007098] rcu_core+0x7c8/0x1800
[ 124.007408] ? __pfx_rcu_core+0x10/0x10
[ 124.007746] ? clockevents_program_event+0x135/0x360
[ 124.008175] ? mark_held_locks+0x49/0x80
[ 124.008530] handle_softirqs+0x1b1/0x770
[ 124.008890] __irq_exit_rcu+0xc4/0x100
[ 124.009229] irq_exit_rcu+0x9/0x20
[ 124.009533] sysvec_apic_timer_interrupt+0x70/0x80
[ 124.009956]
[ 124.010146]
[ 124.010340] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 124.010792] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80
[ 124.011244] Code: 4a 03 48 c7 c0 f4 ff ff ff eb 92 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 <65> 48 8b 15 88 48 10 06 65 8b 05 99 48 10 06 a9 00 01 ff 00 74 27
[ 124.012771] RSP: 0018:ffff888013e376b8 EFLAGS: 00000202
[ 124.013218] RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffffffff819e524b
[ 124.013818] RDX: 0000000000000000 RSI: ffffffff819e4738 RDI: 0000000000000001
[ 124.014408] RBP: ffff888013e37938 R08: 0000000000000000 R09: fffff9400018fee0
[ 124.015006] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 124.015602] R13: ffffea0000c7f700 R14: ffffea0000c7f700 R15: dffffc0000000000
[ 124.016200] ? copy_page_range+0x1f2b/0x5140
[ 124.016591] ? copy_page_range+0x1418/0x5140
[ 124.016973] copy_page_range+0x1418/0x5140
[ 124.017346] ? __pfx_copy_page_range+0x10/0x10
[ 124.017733] ? mas_destroy+0x5ce/0x9c0
[ 124.018067] ? lock_acquire+0x15e/0x2f0
[ 124.018411] ? dup_mmap+0xc95/0x1d10
[ 124.018734] ? find_held_lock+0x2b/0x80
[ 124.019079] ? dup_mmap+0xce8/0x1d10
[ 124.019404] ? lock_release+0xc8/0x290
[ 124.019739] ? down_write+0x119/0x1f0
[ 124.020066] ? up_write+0x195/0x520
[ 124.020391] ? lock_is_held_type+0x9e/0x120
[ 124.020763] dup_mmap+0xd2f/0x1d10
[ 124.021073] ? __pfx_dup_mmap+0x10/0x10
[ 124.021416] ? lock_is_held_type+0x9e/0x120
[ 124.021788] copy_process+0x3ad5/0x73c0
[ 124.022132] ? __pfx_copy_process+0x10/0x10
[ 124.022495] ? do_raw_spin_lock+0x123/0x260
[ 124.022868] kernel_clone+0xea/0x7f0
[ 124.023188] ? __pfx_kernel_clone+0x10/0x10
[ 124.023555] ? __lock_acquire+0x694/0x1b70
[ 124.023918] ? css_rstat_updated+0x1b8/0x4d0
[ 124.024298] ? __pfx_css_rstat_updated+0x10/0x10
[ 124.024725] __do_sys_clone+0xce/0x120
[ 124.025059] ? __pfx___do_sys_clone+0x10/0x10
[ 124.025448] ? find_held_lock+0x2b/0x80
[ 124.025797] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 124.026249] do_syscall_64+0xbf/0x360
[ 124.026579] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 124.027011] RIP: 0033:0x7f47be28310b
[ 124.027330] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00
[ 124.028840] RSP: 002b:00007ffc90bcdd40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 124.029453] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f47be28310b
[ 124.030030] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 124.030602] RBP: 0000000000000001 R08: 0000000000000000 R09: 000055558dcb6400
[ 124.031163] R10: 000055558dcb66d0 R11: 0000000000000246 R12: 0000000000000001
[ 124.031729] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc90bcde20
[ 124.032300]
[ 124.032499] Modules linked in:
[ 124.032798] ---[ end trace 0000000000000000 ]---
[ 124.033178] RIP: 0010:dst_dev_put+0x21/0x250
[ 124.033558] Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 55 53 48 89 fb e8 40 c6 a8 fd 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 01 00 00 48 8d 7b 3a 48 8b 2b 48 b8 00 00 00
[ 124.035013] RSP: 0018:ffff88806cf08da0 EFLAGS: 00010256
[ 124.035457] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff84103a71
[ 124.036024] RDX: 0000000000000000 RSI: ffffffff83cb2140 RDI: 0000000000000001
[ 124.036616] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000001
[ 124.037181] R10: 0000000000000001 R11: 0000000000000001 R12: fffffbfff0b0a4ac
[ 124.037765] R13: 0000607f1a639880 R14: 0000607f1a639880 R15: 0000000000000001
[ 124.038346] FS: 000055558dcb6400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 124.038988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 124.039468] CR2: 0000001b2d226000 CR3: 0000000039181000 CR4: 0000000000350ef0
[ 124.040042] Kernel panic - not syncing: Fatal exception in interrupt
[ 124.040751] Kernel Offset: disabled
[ 124.041043] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:50:05 Registers:
info registers vcpu 0
RAX=1ffffd40001a43f8 RBX=ffffea0000d21fc0 RCX=ffffffff819cf589 RDX=dffffc0000000000
RSI=0000000000000008 RDI=ffffea0000d21fc0 RBP=0000000000000000 RSP=ffff888045ac7880
R8 =0000000000000000 R9 =fffff940001a43f8 R10=ffffea0000d21fc7 R11=ffff888009fa84b8
R12=ffff888045ac79e0 R13=00007fa9d1463000 R14=ffff888045ac7ce0 R15=800000003487f007
RIP=ffffffff819cf59e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2500000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055556f4e3c58 CR3=000000000ce96000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88806cf08740
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=6572617764726148
R12=000000000000005f R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400
RIP=ffffffff828e3285 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558dcb6400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d226000 CR3=0000000039181000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000