Warning: Permanently added '[localhost]:48708' (ECDSA) to the list of known hosts. 2025/09/01 10:10:16 fuzzer started 2025/09/01 10:10:16 dialing manager at localhost:35473 syzkaller login: [ 59.725781] cgroup: Unknown subsys name 'net' [ 59.799292] cgroup: Unknown subsys name 'cpuset' [ 59.805941] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:10:26 syscalls: 2214 2025/09/01 10:10:26 code coverage: enabled 2025/09/01 10:10:26 comparison tracing: enabled 2025/09/01 10:10:26 extra coverage: enabled 2025/09/01 10:10:26 setuid sandbox: enabled 2025/09/01 10:10:26 namespace sandbox: enabled 2025/09/01 10:10:26 Android sandbox: enabled 2025/09/01 10:10:26 fault injection: enabled 2025/09/01 10:10:26 leak checking: enabled 2025/09/01 10:10:26 net packet injection: enabled 2025/09/01 10:10:26 net device setup: enabled 2025/09/01 10:10:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:10:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:10:26 USB emulation: enabled 2025/09/01 10:10:26 hci packet injection: enabled 2025/09/01 10:10:26 wifi device emulation: enabled 2025/09/01 10:10:26 802.15.4 emulation: enabled 2025/09/01 10:10:26 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:10:26 fetching corpus: 50, signal 20851/24325 (executing program) 2025/09/01 10:10:26 fetching corpus: 100, signal 28085/33067 (executing program) 2025/09/01 10:10:26 fetching corpus: 150, signal 33964/40306 (executing program) 2025/09/01 10:10:27 fetching corpus: 200, signal 40934/48432 (executing program) 2025/09/01 10:10:27 fetching corpus: 250, signal 47015/55613 (executing program) 2025/09/01 10:10:27 fetching corpus: 300, signal 52446/62094 (executing program) 2025/09/01 10:10:27 fetching corpus: 350, signal 58102/68566 (executing program) 2025/09/01 10:10:28 fetching corpus: 400, signal 64624/75700 (executing program) 2025/09/01 10:10:28 fetching corpus: 450, signal 68065/79939 (executing program) 2025/09/01 10:10:28 fetching corpus: 500, signal 72489/84958 (executing program) 2025/09/01 10:10:28 fetching corpus: 550, signal 75501/88672 (executing program) 2025/09/01 10:10:28 fetching corpus: 600, signal 77844/91788 (executing program) 2025/09/01 10:10:28 fetching corpus: 650, signal 79916/94617 (executing program) 2025/09/01 10:10:28 fetching corpus: 700, signal 82564/97724 (executing program) 2025/09/01 10:10:28 fetching corpus: 750, signal 84245/100108 (executing program) 2025/09/01 10:10:28 fetching corpus: 800, signal 85785/102394 (executing program) 2025/09/01 10:10:29 fetching corpus: 850, signal 88163/105226 (executing program) 2025/09/01 10:10:29 fetching corpus: 900, signal 91500/108728 (executing program) 2025/09/01 10:10:29 fetching corpus: 950, signal 93266/110991 (executing program) 2025/09/01 10:10:29 fetching corpus: 1000, signal 95545/113623 (executing program) 2025/09/01 10:10:29 fetching corpus: 1050, signal 97664/116016 (executing program) 2025/09/01 10:10:29 fetching corpus: 1100, signal 99390/118098 (executing program) 2025/09/01 10:10:29 fetching corpus: 1150, signal 100822/119904 (executing program) 2025/09/01 10:10:29 fetching corpus: 1200, signal 102003/121554 (executing program) 2025/09/01 10:10:29 fetching corpus: 1250, signal 105196/124584 (executing program) 2025/09/01 10:10:29 fetching corpus: 1300, signal 107751/126987 (executing program) 2025/09/01 10:10:30 fetching corpus: 1350, signal 109299/128776 (executing program) 2025/09/01 10:10:30 fetching corpus: 1400, signal 110674/130406 (executing program) 2025/09/01 10:10:30 fetching corpus: 1450, signal 112500/132245 (executing program) 2025/09/01 10:10:30 fetching corpus: 1500, signal 113485/133569 (executing program) 2025/09/01 10:10:30 fetching corpus: 1550, signal 114562/134936 (executing program) 2025/09/01 10:10:30 fetching corpus: 1600, signal 115685/136265 (executing program) 2025/09/01 10:10:30 fetching corpus: 1650, signal 116357/137290 (executing program) 2025/09/01 10:10:30 fetching corpus: 1700, signal 118345/139077 (executing program) 2025/09/01 10:10:30 fetching corpus: 1750, signal 119231/140179 (executing program) 2025/09/01 10:10:30 fetching corpus: 1800, signal 120164/141264 (executing program) 2025/09/01 10:10:30 fetching corpus: 1850, signal 121156/142391 (executing program) 2025/09/01 10:10:30 fetching corpus: 1900, signal 122256/143531 (executing program) 2025/09/01 10:10:31 fetching corpus: 1950, signal 123434/144655 (executing program) 2025/09/01 10:10:31 fetching corpus: 2000, signal 124207/145616 (executing program) 2025/09/01 10:10:31 fetching corpus: 2050, signal 125299/146709 (executing program) 2025/09/01 10:10:31 fetching corpus: 2100, signal 126042/147612 (executing program) 2025/09/01 10:10:31 fetching corpus: 2150, signal 126687/148419 (executing program) 2025/09/01 10:10:31 fetching corpus: 2200, signal 127146/149125 (executing program) 2025/09/01 10:10:31 fetching corpus: 2250, signal 127672/149856 (executing program) 2025/09/01 10:10:31 fetching corpus: 2300, signal 128296/150621 (executing program) 2025/09/01 10:10:31 fetching corpus: 2350, signal 129245/151478 (executing program) 2025/09/01 10:10:31 fetching corpus: 2400, signal 129945/152244 (executing program) 2025/09/01 10:10:31 fetching corpus: 2450, signal 131010/153184 (executing program) 2025/09/01 10:10:31 fetching corpus: 2500, signal 131633/153885 (executing program) 2025/09/01 10:10:32 fetching corpus: 2550, signal 132379/154613 (executing program) 2025/09/01 10:10:32 fetching corpus: 2600, signal 132861/155215 (executing program) 2025/09/01 10:10:32 fetching corpus: 2650, signal 133930/156010 (executing program) 2025/09/01 10:10:32 fetching corpus: 2700, signal 135106/156912 (executing program) 2025/09/01 10:10:32 fetching corpus: 2750, signal 135683/157526 (executing program) 2025/09/01 10:10:32 fetching corpus: 2800, signal 136359/158182 (executing program) 2025/09/01 10:10:32 fetching corpus: 2850, signal 137004/158812 (executing program) 2025/09/01 10:10:32 fetching corpus: 2900, signal 137570/159365 (executing program) 2025/09/01 10:10:32 fetching corpus: 2950, signal 138217/159925 (executing program) 2025/09/01 10:10:32 fetching corpus: 3000, signal 138660/160409 (executing program) 2025/09/01 10:10:33 fetching corpus: 3050, signal 139574/161005 (executing program) 2025/09/01 10:10:33 fetching corpus: 3100, signal 140042/161435 (executing program) 2025/09/01 10:10:33 fetching corpus: 3150, signal 140692/161959 (executing program) 2025/09/01 10:10:33 fetching corpus: 3200, signal 141498/162488 (executing program) 2025/09/01 10:10:33 fetching corpus: 3250, signal 142193/162953 (executing program) 2025/09/01 10:10:33 fetching corpus: 3300, signal 142548/163363 (executing program) 2025/09/01 10:10:33 fetching corpus: 3350, signal 143129/163841 (executing program) 2025/09/01 10:10:33 fetching corpus: 3400, signal 143546/164233 (executing program) 2025/09/01 10:10:33 fetching corpus: 3450, signal 144402/164664 (executing program) 2025/09/01 10:10:33 fetching corpus: 3500, signal 145048/165049 (executing program) 2025/09/01 10:10:34 fetching corpus: 3550, signal 145535/165407 (executing program) 2025/09/01 10:10:34 fetching corpus: 3600, signal 146178/165844 (executing program) 2025/09/01 10:10:34 fetching corpus: 3650, signal 146795/166187 (executing program) 2025/09/01 10:10:34 fetching corpus: 3700, signal 147295/166505 (executing program) 2025/09/01 10:10:34 fetching corpus: 3750, signal 148082/166845 (executing program) 2025/09/01 10:10:34 fetching corpus: 3800, signal 148766/167180 (executing program) 2025/09/01 10:10:34 fetching corpus: 3850, signal 149432/167514 (executing program) 2025/09/01 10:10:34 fetching corpus: 3900, signal 149969/167801 (executing program) 2025/09/01 10:10:34 fetching corpus: 3950, signal 150486/168012 (executing program) 2025/09/01 10:10:35 fetching corpus: 4000, signal 151195/168247 (executing program) 2025/09/01 10:10:35 fetching corpus: 4050, signal 151686/168484 (executing program) 2025/09/01 10:10:35 fetching corpus: 4100, signal 152318/168714 (executing program) 2025/09/01 10:10:35 fetching corpus: 4150, signal 152747/168721 (executing program) 2025/09/01 10:10:35 fetching corpus: 4200, signal 153790/168759 (executing program) 2025/09/01 10:10:35 fetching corpus: 4250, signal 154270/168762 (executing program) 2025/09/01 10:10:35 fetching corpus: 4300, signal 155142/168773 (executing program) 2025/09/01 10:10:35 fetching corpus: 4350, signal 155563/168786 (executing program) 2025/09/01 10:10:35 fetching corpus: 4400, signal 155973/168789 (executing program) 2025/09/01 10:10:35 fetching corpus: 4450, signal 156530/168876 (executing program) 2025/09/01 10:10:35 fetching corpus: 4500, signal 157351/168895 (executing program) 2025/09/01 10:10:36 fetching corpus: 4550, signal 157919/168900 (executing program) 2025/09/01 10:10:36 fetching corpus: 4600, signal 158369/168902 (executing program) 2025/09/01 10:10:36 fetching corpus: 4650, signal 158864/168924 (executing program) 2025/09/01 10:10:36 fetching corpus: 4700, signal 159529/169038 (executing program) 2025/09/01 10:10:36 fetching corpus: 4750, signal 159961/169049 (executing program) 2025/09/01 10:10:36 fetching corpus: 4800, signal 160495/169054 (executing program) 2025/09/01 10:10:36 fetching corpus: 4850, signal 161102/169076 (executing program) 2025/09/01 10:10:36 fetching corpus: 4900, signal 161464/169076 (executing program) 2025/09/01 10:10:36 fetching corpus: 4950, signal 161879/169130 (executing program) 2025/09/01 10:10:36 fetching corpus: 5000, signal 162261/169139 (executing program) 2025/09/01 10:10:36 fetching corpus: 5050, signal 162731/169159 (executing program) 2025/09/01 10:10:37 fetching corpus: 5100, signal 163000/169166 (executing program) 2025/09/01 10:10:37 fetching corpus: 5150, signal 163387/169198 (executing program) 2025/09/01 10:10:37 fetching corpus: 5200, signal 163983/169203 (executing program) 2025/09/01 10:10:37 fetching corpus: 5250, signal 164292/169212 (executing program) 2025/09/01 10:10:37 fetching corpus: 5300, signal 164860/169261 (executing program) 2025/09/01 10:10:37 fetching corpus: 5350, signal 165143/169261 (executing program) 2025/09/01 10:10:37 fetching corpus: 5400, signal 165446/169267 (executing program) 2025/09/01 10:10:37 fetching corpus: 5450, signal 165741/169267 (executing program) 2025/09/01 10:10:37 fetching corpus: 5500, signal 166035/169269 (executing program) 2025/09/01 10:10:37 fetching corpus: 5550, signal 166239/169297 (executing program) 2025/09/01 10:10:37 fetching corpus: 5600, signal 166561/169405 (executing program) 2025/09/01 10:10:37 fetching corpus: 5610, signal 166620/169440 (executing program) 2025/09/01 10:10:37 fetching corpus: 5610, signal 166620/169440 (executing program) 2025/09/01 10:10:39 starting 8 fuzzer processes 10:10:39 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) 10:10:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e}) rmdir(&(0x7f0000000480)='./file0\x00') 10:10:39 executing program 6: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x5452, 0x0) 10:10:39 executing program 2: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:10:39 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:10:39 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0xf, &(0x7f0000000280), &(0x7f00000002c0)=0x1) [ 82.876721] audit: type=1400 audit(1756721439.725:7): avc: denied { execmem } for pid=280 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:10:39 executing program 4: add_key(&(0x7f00000000c0)='big_key\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) 10:10:39 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000100), 0x4) [ 84.035208] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.038727] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.041764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.044451] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.046569] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.049909] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.055824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.058020] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.064224] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.074093] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.174711] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.176574] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.177882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.183942] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.185875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.190390] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.194436] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.198200] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.200977] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.209991] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.211424] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.216211] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.220007] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.234514] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.237768] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.252559] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 84.254524] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 84.261975] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 84.264411] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.266131] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.268372] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 84.270662] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.272184] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 84.275918] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 84.278919] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 84.287315] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.290507] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 84.291844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 84.296590] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 84.303656] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 86.129704] Bluetooth: hci1: command tx timeout [ 86.130385] Bluetooth: hci0: command tx timeout [ 86.257239] Bluetooth: hci2: command tx timeout [ 86.257850] Bluetooth: hci4: command tx timeout [ 86.321129] Bluetooth: hci7: command tx timeout [ 86.321640] Bluetooth: hci3: command tx timeout [ 86.385248] Bluetooth: hci5: command tx timeout [ 86.385777] Bluetooth: hci6: command tx timeout [ 88.177390] Bluetooth: hci1: command tx timeout [ 88.177834] Bluetooth: hci0: command tx timeout [ 88.305197] Bluetooth: hci4: command tx timeout [ 88.305648] Bluetooth: hci2: command tx timeout [ 88.370233] Bluetooth: hci3: command tx timeout [ 88.370655] Bluetooth: hci7: command tx timeout [ 88.433168] Bluetooth: hci6: command tx timeout [ 88.433578] Bluetooth: hci5: command tx timeout [ 90.225098] Bluetooth: hci0: command tx timeout [ 90.225557] Bluetooth: hci1: command tx timeout [ 90.353111] Bluetooth: hci2: command tx timeout [ 90.353563] Bluetooth: hci4: command tx timeout [ 90.417090] Bluetooth: hci7: command tx timeout [ 90.417517] Bluetooth: hci3: command tx timeout [ 90.481099] Bluetooth: hci6: command tx timeout [ 90.481530] Bluetooth: hci5: command tx timeout [ 92.273180] Bluetooth: hci1: command tx timeout [ 92.273632] Bluetooth: hci0: command tx timeout [ 92.401188] Bluetooth: hci4: command tx timeout [ 92.401643] Bluetooth: hci2: command tx timeout [ 92.466052] Bluetooth: hci3: command tx timeout [ 92.466497] Bluetooth: hci7: command tx timeout [ 92.529120] Bluetooth: hci5: command tx timeout [ 92.529547] Bluetooth: hci6: command tx timeout [ 119.996274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.996941] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.155995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.156623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.491814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.492487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e}) rmdir(&(0x7f0000000480)='./file0\x00') [ 120.645785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.646425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e}) rmdir(&(0x7f0000000480)='./file0\x00') [ 120.751462] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.752123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e}) rmdir(&(0x7f0000000480)='./file0\x00') 10:11:17 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0, 0x0, 0x0, 0xee01}}, {{@in6=@private1}}}, 0xe8) [ 120.859673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.860555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0, 0x0, 0x0, 0xee01}}, {{@in6=@private1}}}, 0xe8) [ 120.893463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.894225] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0, 0x0, 0x0, 0xee01}}, {{@in6=@private1}}}, 0xe8) [ 120.933955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.934573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0, 0x0, 0x0, 0xee01}}, {{@in6=@private1}}}, 0xe8) [ 120.976242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.976843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000540)={0x0, 0x30}}, 0x0) [ 121.064345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.064941] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.118597] audit: type=1400 audit(1756721477.966:8): avc: denied { open } for pid=3895 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.122131] audit: type=1400 audit(1756721477.966:9): avc: denied { kernel } for pid=3895 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.161276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.161888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.189697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.190608] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.250746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.251402] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.275925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.276758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.330573] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.331213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.356811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.357464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:11:18 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0xf, &(0x7f0000000280), &(0x7f00000002c0)=0x1) 10:11:18 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) 10:11:18 executing program 6: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x5452, 0x0) 10:11:18 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000100), 0x4) 10:11:18 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:11:18 executing program 2: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:11:18 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:11:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) 10:11:18 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) 10:11:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) 10:11:18 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0xf, &(0x7f0000000280), &(0x7f00000002c0)=0x1) 10:11:18 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:11:18 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:11:18 executing program 2: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:11:18 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000100), 0x4) 10:11:18 executing program 6: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x5452, 0x0) 10:11:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) 10:11:18 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) 10:11:18 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) 10:11:18 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) 10:11:18 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:11:18 executing program 2: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:11:18 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:11:18 executing program 6: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x5452, 0x0) 10:11:18 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) 10:11:18 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000100), 0x4) 10:11:18 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0xf, &(0x7f0000000280), &(0x7f00000002c0)=0x1) 10:11:18 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) 10:11:18 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0xffff8000}) [ 121.901985] kmemleak: Found object by alias at 0x607f1a63d7b4 [ 121.902007] CPU: 0 UID: 0 PID: 3961 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.902029] Tainted: [W]=WARN [ 121.902033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.902042] Call Trace: [ 121.902046] [ 121.902051] dump_stack_lvl+0xca/0x120 [ 121.902085] __lookup_object+0x94/0xb0 [ 121.902104] delete_object_full+0x27/0x70 [ 121.902121] free_percpu+0x30/0x1160 [ 121.902139] ? arch_uprobe_clear_state+0x16/0x140 [ 121.902160] futex_hash_free+0x38/0xc0 [ 121.902176] mmput+0x2d3/0x390 [ 121.902196] do_exit+0x79d/0x2970 [ 121.902210] ? signal_wake_up_state+0x85/0x120 [ 121.902226] ? zap_other_threads+0x2b9/0x3a0 [ 121.902243] ? __pfx_do_exit+0x10/0x10 [ 121.902256] ? do_group_exit+0x1c3/0x2a0 [ 121.902270] ? lock_release+0xc8/0x290 [ 121.902288] do_group_exit+0xd3/0x2a0 [ 121.902303] __x64_sys_exit_group+0x3e/0x50 [ 121.902317] x64_sys_call+0x18c5/0x18d0 [ 121.902334] do_syscall_64+0xbf/0x360 [ 121.902348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.902360] RIP: 0033:0x7f8b461f3b19 [ 121.902369] Code: Unable to access opcode bytes at 0x7f8b461f3aef. [ 121.902374] RSP: 002b:00007ffc39f0e2b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 121.902386] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8b461f3b19 [ 121.902394] RDX: 00007f8b461a672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 121.902402] RBP: 0000000000000000 R08: 0000001b2e021e2c R09: 0000000000000000 [ 121.902409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.902416] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc39f0e3a0 [ 121.902432] [ 121.902436] kmemleak: Object (percpu) 0x607f1a63d7b0 (size 8): [ 121.902443] kmemleak: comm "syz-executor.2", pid 3967, jiffies 4294788758 [ 121.902450] kmemleak: min_count = 1 [ 121.902454] kmemleak: count = 0 [ 121.902458] kmemleak: flags = 0x21 [ 121.902462] kmemleak: checksum = 0 [ 121.902465] kmemleak: backtrace: [ 121.902469] pcpu_alloc_noprof+0x87a/0x1170 [ 121.902485] percpu_ref_init+0x37/0x400 [ 121.902497] io_uring_setup+0x44c/0x2000 [ 121.902509] __x64_sys_io_uring_setup+0xc8/0x170 [ 121.902521] do_syscall_64+0xbf/0x360 [ 121.902531] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:11:18 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:11:18 executing program 6: time(0xffffffffffffffff) 10:11:18 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fchownat(0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x0) 10:11:18 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@seclabel}]}}) 10:11:18 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) 10:11:18 executing program 6: time(0xffffffffffffffff) 10:11:18 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010", 0x4c, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) futimesat(r0, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20, 0x0) 10:11:18 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:18 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:11:18 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0}, {@in6=@private2, 0x0, 0x6c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 10:11:18 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x56, 0x7d, 0x0, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6, '(#)%\x9d\'', 0x3, ':]/', 0xd, '}#)+&./$&/\x88)$', 0x6, '[*!+}/'}}, 0x56) tee(r0, r2, 0x20000000a, 0x0) [ 122.112667] kmemleak: Found object by alias at 0x607f1a63d7b4 [ 122.112687] CPU: 1 UID: 0 PID: 3985 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.112705] Tainted: [W]=WARN [ 122.112709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.112717] Call Trace: [ 122.112721] [ 122.112726] dump_stack_lvl+0xca/0x120 [ 122.112762] __lookup_object+0x94/0xb0 [ 122.112780] delete_object_full+0x27/0x70 [ 122.112797] free_percpu+0x30/0x1160 [ 122.112814] ? arch_uprobe_clear_state+0x16/0x140 [ 122.112835] futex_hash_free+0x38/0xc0 [ 122.112851] mmput+0x2d3/0x390 [ 122.112870] do_exit+0x79d/0x2970 [ 122.112888] ? __pfx_do_exit+0x10/0x10 [ 122.112902] ? find_held_lock+0x2b/0x80 [ 122.112921] ? get_signal+0x835/0x2340 [ 122.112941] do_group_exit+0xd3/0x2a0 [ 122.112957] get_signal+0x2315/0x2340 [ 122.112974] ? put_task_stack+0xd2/0x240 [ 122.112989] ? __pfx_get_signal+0x10/0x10 [ 122.113006] ? __schedule+0xe91/0x3590 [ 122.113027] arch_do_signal_or_restart+0x80/0x790 [ 122.113046] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.113063] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.113075] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.113091] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.113110] exit_to_user_mode_loop+0x8b/0x110 [ 122.113124] do_syscall_64+0x2f7/0x360 [ 122.113137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.113149] RIP: 0033:0x7f8b461f3b19 [ 122.113159] Code: Unable to access opcode bytes at 0x7f8b461f3aef. [ 122.113165] RSP: 002b:00007f8b43769218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.113176] RAX: 0000000000000001 RBX: 00007f8b46306f68 RCX: 00007f8b461f3b19 [ 122.113184] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8b46306f6c [ 122.113191] RBP: 00007f8b46306f60 R08: 000000000000000e R09: 0000000000000000 [ 122.113199] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b46306f6c [ 122.113206] R13: 00007ffc39f0e08f R14: 00007f8b43769300 R15: 0000000000022000 [ 122.113221] [ 122.113225] kmemleak: Object (percpu) 0x607f1a63d7b0 (size 8): [ 122.113232] kmemleak: comm "syz-executor.7", pid 3986, jiffies 4294788956 [ 122.113239] kmemleak: min_count = 1 [ 122.113243] kmemleak: count = 0 [ 122.113247] kmemleak: flags = 0x21 [ 122.113250] kmemleak: checksum = 0 [ 122.113254] kmemleak: backtrace: [ 122.113258] pcpu_alloc_noprof+0x87a/0x1170 [ 122.113274] alloc_vfsmnt+0x135/0x6e0 [ 122.113288] vfs_create_mount.part.0+0x40/0x440 [ 122.113303] path_mount+0x1637/0x1dd0 [ 122.113316] __x64_sys_mount+0x27b/0x300 [ 122.113327] do_syscall_64+0xbf/0x360 [ 122.113337] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:11:18 executing program 6: time(0xffffffffffffffff) [ 122.155061] loop0: detected capacity change from 0 to 6 [ 122.174127] ------------[ cut here ]------------ [ 122.174590] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.7/293 [ 122.175438] Modules linked in: [ 122.175763] CPU: 1 UID: 0 PID: 293 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.177843] Tainted: [W]=WARN [ 122.178620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.180274] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 122.181820] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 122.185090] RSP: 0018:ffff888016a2fce0 EFLAGS: 00010293 [ 122.185518] RAX: 0000000000000000 RBX: 1ffff11002d45fa1 RCX: ffffffff81bfaf93 [ 122.186220] RDX: ffff888016f29b80 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 122.186799] RBP: ffff88801652a380 R08: 0000000000000001 R09: 0000000000000000 [ 122.187501] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888016a2fd48 [ 122.188096] R13: 00000000ffffffff R14: ffff88801652a380 R15: ffff88801652a468 [ 122.188669] FS: 0000555575490400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.189325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.189786] CR2: 0000555575499c58 CR3: 00000000401fc000 CR4: 0000000000350ef0 [ 122.190378] Call Trace: [ 122.190591] [ 122.190797] ? __pfx_mntput_no_expire+0x10/0x10 [ 122.191203] ? dput.part.0+0xce/0x930 [ 122.191521] ? lock_release+0xc8/0x290 [ 122.191851] path_umount+0x6e0/0x1100 [ 122.192182] ? kmem_cache_free+0x2a1/0x540 [ 122.192538] ? __pfx_path_umount+0x10/0x10 [ 122.192878] ? putname.part.0+0x11b/0x160 [ 122.193240] __x64_sys_umount+0x15c/0x190 [ 122.193583] ? __pfx___x64_sys_umount+0x10/0x10 [ 122.193961] do_syscall_64+0xbf/0x360 [ 122.194290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.194709] RIP: 0033:0x7fd4c8e37f87 [ 122.195014] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.196496] RSP: 002b:00007fff2b746818 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 122.197120] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fd4c8e37f87 [ 122.197688] RDX: 00007fff2b7468e9 RSI: 000000000000000a RDI: 00007fff2b7468e0 [ 122.198270] RBP: 00007fff2b7468e0 R08: 00000000ffffffff R09: 00007fff2b7466b0 [ 122.198846] R10: 0000555575491c7b R11: 0000000000000206 R12: 00007fd4c8e90105 [ 122.199426] R13: 00007fff2b7479a0 R14: 0000555575491c20 R15: 00007fff2b7479e0 [ 122.200000] [ 122.200209] irq event stamp: 156263 [ 122.200498] hardirqs last enabled at (156271): [] __up_console_sem+0x78/0x80 [ 122.201211] hardirqs last disabled at (156280): [] __up_console_sem+0x5d/0x80 [ 122.201897] softirqs last enabled at (156184): [] handle_softirqs+0x50c/0x770 [ 122.202615] softirqs last disabled at (156179): [] __irq_exit_rcu+0xc4/0x100 [ 122.203326] ---[ end trace 0000000000000000 ]--- [ 122.230116] FAT-fs (loop0): Directory bread(block 6) failed [ 122.230956] FAT-fs (loop0): Directory bread(block 7) failed [ 122.231841] FAT-fs (loop0): Directory bread(block 8) failed [ 122.249147] FAT-fs (loop0): Directory bread(block 9) failed 10:11:19 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:19 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0}, {@in6=@private2, 0x0, 0x6c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 10:11:19 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:19 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fchownat(0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x0) 10:11:19 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{0x0}], 0x1) 10:11:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000b80)={0x0, 0x9}, 0xc) 10:11:19 executing program 6: time(0xffffffffffffffff) 10:11:19 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@seclabel}]}}) [ 122.355859] kmemleak: Found object by alias at 0x607f1a63d7b4 [ 122.355877] CPU: 1 UID: 0 PID: 4006 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.355896] Tainted: [W]=WARN [ 122.355900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.355907] Call Trace: [ 122.355912] [ 122.355916] dump_stack_lvl+0xca/0x120 [ 122.355942] __lookup_object+0x94/0xb0 [ 122.355961] delete_object_full+0x27/0x70 [ 122.355978] free_percpu+0x30/0x1160 [ 122.355995] ? arch_uprobe_clear_state+0x16/0x140 [ 122.356016] futex_hash_free+0x38/0xc0 [ 122.356037] mmput+0x2d3/0x390 [ 122.356056] do_exit+0x79d/0x2970 [ 122.356071] ? lock_release+0xc8/0x290 [ 122.356088] ? __pfx_do_exit+0x10/0x10 [ 122.356103] ? find_held_lock+0x2b/0x80 [ 122.356121] ? get_signal+0x835/0x2340 [ 122.356142] do_group_exit+0xd3/0x2a0 [ 122.356157] get_signal+0x2315/0x2340 [ 122.356175] ? kasan_quarantine_put+0x84/0x1e0 [ 122.356194] ? __pfx_get_signal+0x10/0x10 [ 122.356211] ? do_futex+0x135/0x370 [ 122.356225] ? __pfx_do_futex+0x10/0x10 [ 122.356240] arch_do_signal_or_restart+0x80/0x790 [ 122.356259] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.356275] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.356288] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.356303] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.356322] exit_to_user_mode_loop+0x8b/0x110 [ 122.356336] do_syscall_64+0x2f7/0x360 [ 122.356349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.356361] RIP: 0033:0x7f8b461f3b19 [ 122.356370] Code: Unable to access opcode bytes at 0x7f8b461f3aef. [ 122.356376] RSP: 002b:00007f8b43769218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.356387] RAX: fffffffffffffe00 RBX: 00007f8b46306f68 RCX: 00007f8b461f3b19 [ 122.356395] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8b46306f68 [ 122.356403] RBP: 00007f8b46306f60 R08: 0000000000000000 R09: 0000000000000000 [ 122.356410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b46306f6c [ 122.356417] R13: 00007ffc39f0e08f R14: 00007f8b43769300 R15: 0000000000022000 [ 122.356433] [ 122.356438] kmemleak: Object (percpu) 0x607f1a63d7b0 (size 8): [ 122.356444] kmemleak: comm "syz-executor.3", pid 4012, jiffies 4294789235 [ 122.356452] kmemleak: min_count = 1 [ 122.356456] kmemleak: count = 0 [ 122.356460] kmemleak: flags = 0x21 [ 122.356464] kmemleak: checksum = 0 [ 122.356467] kmemleak: backtrace: [ 122.356471] pcpu_alloc_noprof+0x87a/0x1170 [ 122.356487] percpu_ref_init+0x37/0x400 [ 122.356498] io_uring_setup+0x44c/0x2000 [ 122.356511] __x64_sys_io_uring_setup+0xc8/0x170 [ 122.356522] do_syscall_64+0xbf/0x360 [ 122.356532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.388509] kmemleak: Cannot insert 0x607f1a63d7b4 into the object search tree (overlaps existing) [ 122.388527] CPU: 1 UID: 0 PID: 4016 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.388563] Tainted: [W]=WARN [ 122.388567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.388574] Call Trace: [ 122.388577] [ 122.388581] dump_stack_lvl+0xca/0x120 [ 122.388603] __link_object+0x190/0x210 [ 122.388622] __create_object+0x48/0x80 [ 122.388640] pcpu_alloc_noprof+0x87a/0x1170 [ 122.388663] __percpu_init_rwsem+0x2d/0x160 [ 122.388678] ? security_sb_alloc+0x75/0x140 [ 122.388696] alloc_super+0x29e/0xb80 [ 122.388712] sget_fc+0xfe/0xb80 [ 122.388723] ? __pfx_set_anon_super_fc+0x10/0x10 [ 122.388744] ? __pfx_ramfs_fill_super+0x10/0x10 [ 122.388761] get_tree_nodev+0x28/0x190 [ 122.388774] vfs_get_tree+0x93/0x340 [ 122.388792] path_mount+0x132d/0x1dd0 [ 122.388807] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.388823] ? __pfx_path_mount+0x10/0x10 [ 122.388838] ? kmem_cache_free+0x2a1/0x540 [ 122.388853] ? putname.part.0+0x11b/0x160 [ 122.388870] ? getname_flags.part.0+0x1c6/0x540 [ 122.388888] ? putname.part.0+0x11b/0x160 [ 122.388906] __x64_sys_mount+0x27b/0x300 [ 122.388920] ? __pfx___x64_sys_mount+0x10/0x10 [ 122.388939] do_syscall_64+0xbf/0x360 [ 122.388951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.388963] RIP: 0033:0x7fd4c8e36b19 [ 122.388971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.388983] RSP: 002b:00007fd4c63ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 122.388994] RAX: ffffffffffffffda RBX: 00007fd4c8f49f60 RCX: 00007fd4c8e36b19 [ 122.389002] RDX: 0000000020000180 RSI: 00000000200000c0 RDI: 0000000000000000 [ 122.389009] RBP: 00007fd4c8e90f6d R08: 0000000000000000 R09: 0000000000000000 [ 122.389016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.389023] R13: 00007fff2b7476cf R14: 00007fd4c63ac300 R15: 0000000000022000 [ 122.389043] [ 122.389766] kmemleak: Kernel memory leak detector disabled [ 122.389770] kmemleak: Object (percpu) 0x607f1a63d7b0 (size 8): [ 122.389777] kmemleak: comm "syz-executor.3", pid 4012, jiffies 4294789235 [ 122.389784] kmemleak: min_count = 1 [ 122.389789] kmemleak: count = 0 [ 122.389792] kmemleak: flags = 0x21 [ 122.389796] kmemleak: checksum = 0 [ 122.389800] kmemleak: backtrace: [ 122.389803] pcpu_alloc_noprof+0x87a/0x1170 [ 122.389819] percpu_ref_init+0x37/0x400 [ 122.389828] io_uring_setup+0x44c/0x2000 [ 122.389839] __x64_sys_io_uring_setup+0xc8/0x170 [ 122.389851] do_syscall_64+0xbf/0x360 [ 122.389860] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:11:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000b80)={0x0, 0x9}, 0xc) 10:11:19 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0}, {@in6=@private2, 0x0, 0x6c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 10:11:19 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:19 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fchownat(0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x0) 10:11:19 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:19 executing program 6: msgrcv(0x0, 0x0, 0x0, 0x0, 0x5000) msgctl$IPC_RMID(0x0, 0x0) r0 = msgget(0x0, 0x4) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/149) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setfsuid(r1) r2 = getpgid(0x0) r3 = fork() kcmp(r3, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:11:19 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0}, {@in6=@private2, 0x0, 0x6c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 10:11:19 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000b80)={0x0, 0x9}, 0xc) 10:11:19 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@seclabel}]}}) 10:11:19 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fchownat(0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x0) 10:11:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000b80)={0x0, 0x9}, 0xc) 10:11:19 executing program 4: madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x66) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8) 10:11:19 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x80004507, 0x0) 10:11:19 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:11:19 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x1}, 0x0, 0x2}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:11:19 executing program 6: msgrcv(0x0, 0x0, 0x0, 0x0, 0x5000) msgctl$IPC_RMID(0x0, 0x0) r0 = msgget(0x0, 0x4) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/149) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setfsuid(r1) r2 = getpgid(0x0) r3 = fork() kcmp(r3, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:11:19 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x80004507, 0x0) 10:11:19 executing program 4: madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x66) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8) 10:11:19 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@seclabel}]}}) 10:11:19 executing program 0: msgrcv(0x0, 0x0, 0x0, 0x0, 0x5000) msgctl$IPC_RMID(0x0, 0x0) r0 = msgget(0x0, 0x4) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/149) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setfsuid(r1) r2 = getpgid(0x0) r3 = fork() kcmp(r3, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:11:19 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x3, 0x0, 0x82, 0xff, 0x0, 0x2, 0x49080, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x3c, 0x7}, 0x0, 0x0, 0x2e5, 0x9, 0x7fff, 0x8, 0xfffb, 0x0, 0x8001, 0x0, 0x80000001}, 0x0, 0x7, r0, 0x2) openat$sr(0xffffffffffffff9c, &(0x7f0000004880), 0x80, 0x0) 10:11:19 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:11:19 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x3, 0x0, 0x82, 0xff, 0x0, 0x2, 0x49080, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x3c, 0x7}, 0x0, 0x0, 0x2e5, 0x9, 0x7fff, 0x8, 0xfffb, 0x0, 0x8001, 0x0, 0x80000001}, 0x0, 0x7, r0, 0x2) openat$sr(0xffffffffffffff9c, &(0x7f0000004880), 0x80, 0x0) 10:11:19 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000080), 0x4) 10:11:19 executing program 0: msgrcv(0x0, 0x0, 0x0, 0x0, 0x5000) msgctl$IPC_RMID(0x0, 0x0) r0 = msgget(0x0, 0x4) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/149) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setfsuid(r1) r2 = getpgid(0x0) r3 = fork() kcmp(r3, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:11:19 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x80004507, 0x0) 10:11:19 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:11:19 executing program 4: madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x66) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8) 10:11:19 executing program 6: msgrcv(0x0, 0x0, 0x0, 0x0, 0x5000) msgctl$IPC_RMID(0x0, 0x0) r0 = msgget(0x0, 0x4) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/149) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setfsuid(r1) r2 = getpgid(0x0) r3 = fork() kcmp(r3, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:11:19 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000300)={@local, @multicast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast1}, {0x14, 0x0, 0x0, @dev}}}}}, 0x0) 10:11:19 executing program 4: madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x66) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8) [ 122.974185] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 122.975137] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 122.975830] CPU: 0 UID: 0 PID: 4091 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.976769] Tainted: [W]=WARN [ 122.977024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.977676] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.978064] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 10:11:19 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 122.979579] RSP: 0018:ffff88800f46f800 EFLAGS: 00010212 [ 122.980022] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 122.980583] RDX: ffff888016451b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 122.981147] RBP: ffff88800f46fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15798 [ 122.981706] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.982264] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.982834] FS: 0000555561283400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.983465] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.983925] CR2: 0000555561284c18 CR3: 000000000bece000 CR4: 0000000000350ef0 [ 122.984486] Call Trace: [ 122.984693] [ 122.984879] ? arch_scale_cpu_capacity+0x17/0xa0 [ 122.985269] ? __pfx_perf_tp_event+0x10/0x10 [ 122.985625] ? __asan_memset+0x24/0x50 [ 122.985954] ? perf_trace_lock+0xb5/0x5d0 [ 122.986291] ? kvm_sched_clock_read+0x16/0x30 [ 122.986655] ? sched_clock+0x37/0x60 [ 122.986967] ? sched_clock_cpu+0x6c/0x4e0 [ 122.987306] ? lock_is_held_type+0x9e/0x120 [ 122.987654] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.988053] perf_trace_run_bpf_submit+0xef/0x180 [ 122.988442] perf_trace_lock+0x337/0x5d0 [ 122.988773] ? __pfx_perf_trace_lock+0x10/0x10 [ 122.989142] ? lock_acquire+0x15e/0x2f0 [ 122.989466] ? futex_ref_get+0x48/0x300 [ 122.989785] ? futex_ref_get+0x114/0x300 [ 122.990109] ? futex_hash+0x15c/0x390 [ 122.990414] lock_release+0x1ab/0x290 [ 122.990722] ? futex_hash+0x15c/0x390 [ 122.991036] futex_ref_get+0x119/0x300 [ 122.991348] ? futex_hash+0x15c/0x390 [ 122.991654] futex_hash+0x70/0x390 [ 122.991943] futex_wake+0x143/0x540 [ 122.992243] ? put_pid+0x1f/0x30 [ 122.992518] ? kernel_clone+0x204/0x7f0 [ 122.992836] ? __pfx_futex_wake+0x10/0x10 [ 122.993173] ? __pfx_kernel_clone+0x10/0x10 [ 122.993516] ? perf_trace_lock+0xb5/0x5d0 [ 122.993849] do_futex+0x26d/0x370 [ 122.994135] ? __pfx_do_futex+0x10/0x10 [ 122.994455] ? __pfx___do_sys_clone+0x10/0x10 [ 122.994820] ? find_held_lock+0x2b/0x80 [ 122.995146] __x64_sys_futex+0x1c9/0x4d0 [ 122.995474] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.995841] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.996261] do_syscall_64+0xbf/0x360 [ 122.996572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.996979] RIP: 0033:0x7fa32c007b19 [ 122.997278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.998694] RSP: 002b:00007ffc1fc4a1a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.999292] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa32c007b19 [ 122.999853] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa32c11af68 [ 123.000413] RBP: 00007fa32c11af60 R08: 00007fa32957d700 R09: 0000000000000000 [ 123.000973] R10: 00007fa32957d700 R11: 0000000000000246 R12: 00007fa32c11f060 [ 123.001538] R13: 00007ffc1fc4a2b0 R14: 00007fa32c11af60 R15: 000000000001dff8 [ 123.002108] [ 123.002295] Modules linked in: [ 123.002578] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 123.003450] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.004134] CPU: 0 UID: 0 PID: 4091 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.005066] Tainted: [D]=DIE, [W]=WARN [ 123.005368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.006008] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.006388] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.007808] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 123.008228] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.008784] RDX: ffff888016451b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 123.009340] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15798 [ 123.009899] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 123.010455] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 123.011016] FS: 0000555561283400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.011639] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.012097] CR2: 0000555561284c18 CR3: 000000000bece000 CR4: 0000000000350ef0 [ 123.012654] Call Trace: [ 123.012863] [ 123.013044] ? __pfx_perf_tp_event+0x10/0x10 [ 123.013403] ? perf_trace_lock+0xb5/0x5d0 [ 123.013739] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.014101] ? trace_softirq_raise+0xbe/0x100 [ 123.014468] ? lock_acquire+0x15e/0x2f0 [ 123.014791] ? select_task_rq_fair+0x2b6/0x38b0 [ 123.015167] ? find_held_lock+0x2b/0x80 [ 123.015487] ? select_task_rq_fair+0x48c/0x38b0 [ 123.015855] ? perf_trace_lock+0xb5/0x5d0 [ 123.016188] ? kvm_sched_clock_read+0x16/0x30 [ 123.016548] ? sched_clock+0x37/0x60 [ 123.016850] ? sched_clock_cpu+0x6c/0x4e0 [ 123.017184] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.017583] perf_trace_run_bpf_submit+0xef/0x180 [ 123.017969] perf_trace_lock+0x337/0x5d0 [ 123.018295] ? place_entity+0x300/0x410 [ 123.018613] ? kvm_sched_clock_read+0x16/0x30 [ 123.018980] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.019345] ? check_preempt_wakeup_fair+0x6e/0x950 [ 123.019742] ? sched_ttwu_pending+0x2e0/0x4a0 [ 123.020111] lock_release+0x1ab/0x290 [ 123.020421] ? ttwu_do_activate+0x1a4/0x8a0 [ 123.020777] _raw_spin_unlock+0x16/0x40 [ 123.021104] sched_ttwu_pending+0x2e0/0x4a0 [ 123.021458] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 123.021871] ? flush_tlb_func+0x24d/0x560 [ 123.022213] __flush_smp_call_function_queue+0x434/0x740 [ 123.022649] __sysvec_call_function_single+0x6d/0x370 [ 123.023072] sysvec_call_function_single+0xa1/0xc0 [ 123.023464] [ 123.023647] [ 123.023831] asm_sysvec_call_function_single+0x1a/0x20 [ 123.024245] RIP: 0010:oops_exit+0x0/0x50 [ 123.024573] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 123.025980] RSP: 0018:ffff88800f46f690 EFLAGS: 00000202 [ 123.026394] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 123.026960] RDX: ffff888016451b80 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 123.027518] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 123.028076] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f46f758 [ 123.028636] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 123.029196] ? add_taint+0x5f/0xd0 [ 123.029484] ? oops_end+0x4a/0xe0 [ 123.029771] oops_end+0x65/0xe0 [ 123.030045] exc_general_protection+0x1a2/0x330 [ 123.030425] asm_exc_general_protection+0x26/0x30 [ 123.030814] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.031187] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.032594] RSP: 0018:ffff88800f46f800 EFLAGS: 00010212 [ 123.033010] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.033566] RDX: ffff888016451b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 123.034121] RBP: ffff88800f46fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15798 [ 123.034674] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.035233] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.035790] ? perf_tp_event+0x167/0xe70 [ 123.036122] ? arch_scale_cpu_capacity+0x17/0xa0 [ 123.036502] ? __pfx_perf_tp_event+0x10/0x10 [ 123.036857] ? __asan_memset+0x24/0x50 [ 123.037179] ? perf_trace_lock+0xb5/0x5d0 [ 123.037509] ? kvm_sched_clock_read+0x16/0x30 [ 123.037870] ? sched_clock+0x37/0x60 [ 123.038169] ? sched_clock_cpu+0x6c/0x4e0 [ 123.038502] ? lock_is_held_type+0x9e/0x120 [ 123.038856] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.039255] perf_trace_run_bpf_submit+0xef/0x180 [ 123.039641] perf_trace_lock+0x337/0x5d0 [ 123.039968] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.040334] ? lock_acquire+0x15e/0x2f0 [ 123.040651] ? futex_ref_get+0x48/0x300 [ 123.040966] ? futex_ref_get+0x114/0x300 [ 123.041285] ? futex_hash+0x15c/0x390 [ 123.041588] lock_release+0x1ab/0x290 [ 123.041893] ? futex_hash+0x15c/0x390 [ 123.042199] futex_ref_get+0x119/0x300 [ 123.042509] ? futex_hash+0x15c/0x390 [ 123.042814] futex_hash+0x70/0x390 [ 123.043101] futex_wake+0x143/0x540 [ 123.043394] ? put_pid+0x1f/0x30 [ 123.043667] ? kernel_clone+0x204/0x7f0 [ 123.043981] ? __pfx_futex_wake+0x10/0x10 [ 123.044314] ? __pfx_kernel_clone+0x10/0x10 [ 123.044658] ? perf_trace_lock+0xb5/0x5d0 [ 123.044990] do_futex+0x26d/0x370 [ 123.045273] ? __pfx_do_futex+0x10/0x10 [ 123.045590] ? __pfx___do_sys_clone+0x10/0x10 [ 123.045948] ? find_held_lock+0x2b/0x80 [ 123.046276] __x64_sys_futex+0x1c9/0x4d0 [ 123.046600] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.046974] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.047387] do_syscall_64+0xbf/0x360 [ 123.047689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.048097] RIP: 0033:0x7fa32c007b19 [ 123.048391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.049803] RSP: 002b:00007ffc1fc4a1a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.050397] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa32c007b19 [ 123.050964] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa32c11af68 [ 123.051518] RBP: 00007fa32c11af60 R08: 00007fa32957d700 R09: 0000000000000000 [ 123.052074] R10: 00007fa32957d700 R11: 0000000000000246 R12: 00007fa32c11f060 [ 123.052626] R13: 00007ffc1fc4a2b0 R14: 00007fa32c11af60 R15: 000000000001dff8 [ 123.053191] [ 123.053380] Modules linked in: [ 123.053640] ---[ end trace 0000000000000000 ]--- [ 123.054010] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.054386] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.055801] RSP: 0018:ffff88800f46f800 EFLAGS: 00010212 [ 123.056217] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.056777] RDX: ffff888016451b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 123.057331] RBP: ffff88800f46fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15798 [ 123.057886] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.058444] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.059009] FS: 0000555561283400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.059636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.060090] CR2: 0000555561284c18 CR3: 000000000bece000 CR4: 0000000000350ef0 [ 123.060649] Kernel panic - not syncing: Fatal exception in interrupt [ 123.061351] Kernel Offset: disabled [ 123.061638] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:11:19 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000100 RCX=ffffffff81b98698 RDX=ffff888015e83700 RSI=ffffffff81b98663 RDI=0000000000000001 RBP=ffff888016047ae0 RSP=ffff888016047a50 R8 =0000000000000001 R9 =ffffffff81b97d93 R10=0000000000000001 R11=0000000000000001 R12=ffff888016047c74 R13=0000000000000771 R14=ffff888016047c38 R15=0000000000000001 RIP=ffffffff81b98665 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fead7c0a900 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f72638d4708 CR3=000000000c7b3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=30306234386136303638616663356134 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=4321953cb421d22e000000000014d958 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=85f62355ece88a7800000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=20000000000000002000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016a2f5b0 R8 =0000000000000000 R9 =ffffed1001491046 R10=0000000000000066 R11=0000000000000001 R12=0000000000000066 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555575490400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555575499c58 CR3=00000000401fc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000