[ OK ] Finished Update UTMP about System Runlevel Changes. [ 39.377894] audit: type=1400 audit(1756724579.771:6): avc: denied { checkpoint_restore } for pid=221 comm="agetty" capability=40 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:47433' (ECDSA) to the list of known hosts. 2025/09/01 11:03:04 fuzzer started 2025/09/01 11:03:04 dialing manager at localhost:35473 syzkaller login: [ 44.705793] cgroup: Unknown subsys name 'net' [ 44.757085] cgroup: Unknown subsys name 'cpuset' [ 44.767097] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:03:14 syscalls: 2214 2025/09/01 11:03:14 code coverage: enabled 2025/09/01 11:03:14 comparison tracing: enabled 2025/09/01 11:03:14 extra coverage: enabled 2025/09/01 11:03:14 setuid sandbox: enabled 2025/09/01 11:03:14 namespace sandbox: enabled 2025/09/01 11:03:14 Android sandbox: enabled 2025/09/01 11:03:14 fault injection: enabled 2025/09/01 11:03:14 leak checking: enabled 2025/09/01 11:03:14 net packet injection: enabled 2025/09/01 11:03:14 net device setup: enabled 2025/09/01 11:03:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:03:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:03:14 USB emulation: enabled 2025/09/01 11:03:14 hci packet injection: enabled 2025/09/01 11:03:14 wifi device emulation: enabled 2025/09/01 11:03:14 802.15.4 emulation: enabled 2025/09/01 11:03:14 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:03:14 fetching corpus: 43, signal 23139/26602 (executing program) 2025/09/01 11:03:14 fetching corpus: 92, signal 34499/39379 (executing program) 2025/09/01 11:03:14 fetching corpus: 142, signal 43588/49666 (executing program) 2025/09/01 11:03:14 fetching corpus: 192, signal 52370/59468 (executing program) 2025/09/01 11:03:14 fetching corpus: 242, signal 57693/65886 (executing program) 2025/09/01 11:03:15 fetching corpus: 292, signal 62865/72060 (executing program) 2025/09/01 11:03:15 fetching corpus: 342, signal 66781/76998 (executing program) 2025/09/01 11:03:15 fetching corpus: 392, signal 69886/81098 (executing program) 2025/09/01 11:03:15 fetching corpus: 442, signal 73105/85215 (executing program) 2025/09/01 11:03:15 fetching corpus: 492, signal 75849/88838 (executing program) 2025/09/01 11:03:15 fetching corpus: 542, signal 78703/92520 (executing program) 2025/09/01 11:03:15 fetching corpus: 592, signal 80395/95200 (executing program) 2025/09/01 11:03:15 fetching corpus: 642, signal 83653/99108 (executing program) 2025/09/01 11:03:15 fetching corpus: 692, signal 87088/103079 (executing program) 2025/09/01 11:03:15 fetching corpus: 742, signal 89524/106151 (executing program) 2025/09/01 11:03:15 fetching corpus: 792, signal 92159/109384 (executing program) 2025/09/01 11:03:15 fetching corpus: 842, signal 94364/112189 (executing program) 2025/09/01 11:03:15 fetching corpus: 892, signal 96897/115256 (executing program) 2025/09/01 11:03:15 fetching corpus: 942, signal 99277/118158 (executing program) 2025/09/01 11:03:15 fetching corpus: 992, signal 100443/119960 (executing program) 2025/09/01 11:03:15 fetching corpus: 1042, signal 101768/121879 (executing program) 2025/09/01 11:03:16 fetching corpus: 1092, signal 103216/123867 (executing program) 2025/09/01 11:03:16 fetching corpus: 1142, signal 105227/126235 (executing program) 2025/09/01 11:03:16 fetching corpus: 1192, signal 106220/127877 (executing program) 2025/09/01 11:03:16 fetching corpus: 1242, signal 107680/129740 (executing program) 2025/09/01 11:03:16 fetching corpus: 1292, signal 109075/131562 (executing program) 2025/09/01 11:03:16 fetching corpus: 1342, signal 110887/133691 (executing program) 2025/09/01 11:03:16 fetching corpus: 1392, signal 112278/135442 (executing program) 2025/09/01 11:03:16 fetching corpus: 1442, signal 113297/136870 (executing program) 2025/09/01 11:03:16 fetching corpus: 1492, signal 114459/138393 (executing program) 2025/09/01 11:03:16 fetching corpus: 1542, signal 115549/139883 (executing program) 2025/09/01 11:03:16 fetching corpus: 1592, signal 116360/141181 (executing program) 2025/09/01 11:03:16 fetching corpus: 1642, signal 117585/142759 (executing program) 2025/09/01 11:03:17 fetching corpus: 1691, signal 118478/144047 (executing program) 2025/09/01 11:03:17 fetching corpus: 1739, signal 119276/145285 (executing program) 2025/09/01 11:03:17 fetching corpus: 1789, signal 120059/146466 (executing program) 2025/09/01 11:03:17 fetching corpus: 1839, signal 120805/147666 (executing program) 2025/09/01 11:03:17 fetching corpus: 1889, signal 121893/148995 (executing program) 2025/09/01 11:03:17 fetching corpus: 1939, signal 123149/150414 (executing program) 2025/09/01 11:03:17 fetching corpus: 1989, signal 124141/151703 (executing program) 2025/09/01 11:03:17 fetching corpus: 2039, signal 125217/153021 (executing program) 2025/09/01 11:03:17 fetching corpus: 2089, signal 126066/154179 (executing program) 2025/09/01 11:03:17 fetching corpus: 2139, signal 126788/155243 (executing program) 2025/09/01 11:03:17 fetching corpus: 2189, signal 127600/156287 (executing program) 2025/09/01 11:03:18 fetching corpus: 2238, signal 128290/157262 (executing program) 2025/09/01 11:03:18 fetching corpus: 2288, signal 128814/158109 (executing program) 2025/09/01 11:03:18 fetching corpus: 2338, signal 129933/159277 (executing program) 2025/09/01 11:03:18 fetching corpus: 2388, signal 131142/160512 (executing program) 2025/09/01 11:03:18 fetching corpus: 2437, signal 131863/161462 (executing program) 2025/09/01 11:03:18 fetching corpus: 2487, signal 132749/162478 (executing program) 2025/09/01 11:03:18 fetching corpus: 2536, signal 133715/163549 (executing program) 2025/09/01 11:03:18 fetching corpus: 2586, signal 134392/164416 (executing program) 2025/09/01 11:03:18 fetching corpus: 2636, signal 134960/165225 (executing program) 2025/09/01 11:03:18 fetching corpus: 2685, signal 135542/166014 (executing program) 2025/09/01 11:03:18 fetching corpus: 2735, signal 136269/166846 (executing program) 2025/09/01 11:03:18 fetching corpus: 2785, signal 136680/167559 (executing program) 2025/09/01 11:03:19 fetching corpus: 2835, signal 137271/168338 (executing program) 2025/09/01 11:03:19 fetching corpus: 2885, signal 138172/169184 (executing program) 2025/09/01 11:03:19 fetching corpus: 2935, signal 138829/169990 (executing program) 2025/09/01 11:03:19 fetching corpus: 2985, signal 139418/170719 (executing program) 2025/09/01 11:03:19 fetching corpus: 3035, signal 140334/171539 (executing program) 2025/09/01 11:03:19 fetching corpus: 3085, signal 141064/172259 (executing program) 2025/09/01 11:03:19 fetching corpus: 3134, signal 141508/172891 (executing program) 2025/09/01 11:03:19 fetching corpus: 3184, signal 141973/173498 (executing program) 2025/09/01 11:03:19 fetching corpus: 3234, signal 142324/174115 (executing program) 2025/09/01 11:03:19 fetching corpus: 3283, signal 142754/174709 (executing program) 2025/09/01 11:03:20 fetching corpus: 3333, signal 143763/175464 (executing program) 2025/09/01 11:03:20 fetching corpus: 3383, signal 145333/176373 (executing program) 2025/09/01 11:03:20 fetching corpus: 3433, signal 145904/177067 (executing program) 2025/09/01 11:03:20 fetching corpus: 3483, signal 146531/177645 (executing program) 2025/09/01 11:03:20 fetching corpus: 3533, signal 147069/178241 (executing program) 2025/09/01 11:03:20 fetching corpus: 3583, signal 147629/178805 (executing program) 2025/09/01 11:03:20 fetching corpus: 3633, signal 147876/179294 (executing program) 2025/09/01 11:03:20 fetching corpus: 3683, signal 148347/179837 (executing program) 2025/09/01 11:03:20 fetching corpus: 3733, signal 148873/180350 (executing program) 2025/09/01 11:03:20 fetching corpus: 3783, signal 149492/180859 (executing program) 2025/09/01 11:03:20 fetching corpus: 3833, signal 150211/181397 (executing program) 2025/09/01 11:03:21 fetching corpus: 3883, signal 150701/181983 (executing program) 2025/09/01 11:03:21 fetching corpus: 3932, signal 151256/182449 (executing program) 2025/09/01 11:03:21 fetching corpus: 3982, signal 151764/182919 (executing program) 2025/09/01 11:03:21 fetching corpus: 4032, signal 152640/183493 (executing program) 2025/09/01 11:03:21 fetching corpus: 4082, signal 153140/183935 (executing program) 2025/09/01 11:03:21 fetching corpus: 4132, signal 153611/184387 (executing program) 2025/09/01 11:03:21 fetching corpus: 4182, signal 154554/184845 (executing program) 2025/09/01 11:03:21 fetching corpus: 4232, signal 154939/185235 (executing program) 2025/09/01 11:03:21 fetching corpus: 4282, signal 155485/185646 (executing program) 2025/09/01 11:03:22 fetching corpus: 4332, signal 156146/186013 (executing program) 2025/09/01 11:03:22 fetching corpus: 4382, signal 156782/186402 (executing program) 2025/09/01 11:03:22 fetching corpus: 4432, signal 157476/186859 (executing program) 2025/09/01 11:03:22 fetching corpus: 4482, signal 157881/187179 (executing program) 2025/09/01 11:03:22 fetching corpus: 4532, signal 158209/187498 (executing program) 2025/09/01 11:03:22 fetching corpus: 4582, signal 158736/187630 (executing program) 2025/09/01 11:03:22 fetching corpus: 4631, signal 159193/187632 (executing program) 2025/09/01 11:03:22 fetching corpus: 4680, signal 159683/187648 (executing program) 2025/09/01 11:03:22 fetching corpus: 4730, signal 160098/187658 (executing program) 2025/09/01 11:03:22 fetching corpus: 4780, signal 160486/187671 (executing program) 2025/09/01 11:03:22 fetching corpus: 4830, signal 160805/187674 (executing program) 2025/09/01 11:03:22 fetching corpus: 4880, signal 161296/187678 (executing program) 2025/09/01 11:03:22 fetching corpus: 4930, signal 161636/187682 (executing program) 2025/09/01 11:03:23 fetching corpus: 4980, signal 161950/187690 (executing program) 2025/09/01 11:03:23 fetching corpus: 5030, signal 162274/187693 (executing program) 2025/09/01 11:03:23 fetching corpus: 5079, signal 162811/187716 (executing program) 2025/09/01 11:03:23 fetching corpus: 5129, signal 163149/187736 (executing program) 2025/09/01 11:03:23 fetching corpus: 5179, signal 163471/187738 (executing program) 2025/09/01 11:03:23 fetching corpus: 5228, signal 163769/187777 (executing program) 2025/09/01 11:03:23 fetching corpus: 5277, signal 164430/187925 (executing program) 2025/09/01 11:03:23 fetching corpus: 5327, signal 164728/187931 (executing program) 2025/09/01 11:03:23 fetching corpus: 5377, signal 165143/187934 (executing program) 2025/09/01 11:03:23 fetching corpus: 5427, signal 165749/187939 (executing program) 2025/09/01 11:03:23 fetching corpus: 5477, signal 166051/187941 (executing program) 2025/09/01 11:03:24 fetching corpus: 5527, signal 166407/187955 (executing program) 2025/09/01 11:03:24 fetching corpus: 5577, signal 166925/187991 (executing program) 2025/09/01 11:03:24 fetching corpus: 5625, signal 167493/188036 (executing program) 2025/09/01 11:03:24 fetching corpus: 5675, signal 168287/188047 (executing program) 2025/09/01 11:03:24 fetching corpus: 5725, signal 168733/188047 (executing program) 2025/09/01 11:03:24 fetching corpus: 5773, signal 168949/188047 (executing program) 2025/09/01 11:03:24 fetching corpus: 5823, signal 169198/188065 (executing program) 2025/09/01 11:03:24 fetching corpus: 5873, signal 169476/188086 (executing program) 2025/09/01 11:03:24 fetching corpus: 5923, signal 169993/188087 (executing program) 2025/09/01 11:03:24 fetching corpus: 5973, signal 170463/188115 (executing program) 2025/09/01 11:03:25 fetching corpus: 6023, signal 170820/188120 (executing program) 2025/09/01 11:03:25 fetching corpus: 6072, signal 171276/188122 (executing program) 2025/09/01 11:03:25 fetching corpus: 6122, signal 171512/188130 (executing program) 2025/09/01 11:03:25 fetching corpus: 6172, signal 173329/188135 (executing program) 2025/09/01 11:03:25 fetching corpus: 6222, signal 173764/188135 (executing program) 2025/09/01 11:03:25 fetching corpus: 6272, signal 174018/188142 (executing program) 2025/09/01 11:03:25 fetching corpus: 6321, signal 174282/188146 (executing program) 2025/09/01 11:03:25 fetching corpus: 6371, signal 174703/188152 (executing program) 2025/09/01 11:03:25 fetching corpus: 6421, signal 175108/188155 (executing program) 2025/09/01 11:03:25 fetching corpus: 6471, signal 175522/188196 (executing program) 2025/09/01 11:03:25 fetching corpus: 6521, signal 175831/188209 (executing program) 2025/09/01 11:03:25 fetching corpus: 6570, signal 176130/188209 (executing program) 2025/09/01 11:03:26 fetching corpus: 6620, signal 176446/188209 (executing program) 2025/09/01 11:03:26 fetching corpus: 6670, signal 176689/188215 (executing program) 2025/09/01 11:03:26 fetching corpus: 6719, signal 177056/188235 (executing program) 2025/09/01 11:03:26 fetching corpus: 6769, signal 177329/188256 (executing program) 2025/09/01 11:03:26 fetching corpus: 6819, signal 177679/188257 (executing program) 2025/09/01 11:03:26 fetching corpus: 6869, signal 177963/188260 (executing program) 2025/09/01 11:03:26 fetching corpus: 6919, signal 178294/188265 (executing program) 2025/09/01 11:03:26 fetching corpus: 6969, signal 178566/188270 (executing program) 2025/09/01 11:03:26 fetching corpus: 7019, signal 178839/188335 (executing program) 2025/09/01 11:03:26 fetching corpus: 7069, signal 179128/188343 (executing program) 2025/09/01 11:03:27 fetching corpus: 7117, signal 179459/188345 (executing program) 2025/09/01 11:03:27 fetching corpus: 7166, signal 179772/188386 (executing program) 2025/09/01 11:03:27 fetching corpus: 7214, signal 180207/188388 (executing program) 2025/09/01 11:03:27 fetching corpus: 7264, signal 180710/188394 (executing program) 2025/09/01 11:03:27 fetching corpus: 7313, signal 181621/188402 (executing program) 2025/09/01 11:03:27 fetching corpus: 7362, signal 181866/188420 (executing program) 2025/09/01 11:03:27 fetching corpus: 7412, signal 182100/188420 (executing program) 2025/09/01 11:03:27 fetching corpus: 7462, signal 182424/188430 (executing program) 2025/09/01 11:03:27 fetching corpus: 7512, signal 182739/188431 (executing program) 2025/09/01 11:03:27 fetching corpus: 7562, signal 183023/188434 (executing program) 2025/09/01 11:03:27 fetching corpus: 7612, signal 183305/188438 (executing program) 2025/09/01 11:03:27 fetching corpus: 7662, signal 183478/188444 (executing program) 2025/09/01 11:03:28 fetching corpus: 7712, signal 183733/188451 (executing program) 2025/09/01 11:03:28 fetching corpus: 7762, signal 184003/188460 (executing program) 2025/09/01 11:03:28 fetching corpus: 7812, signal 184226/188471 (executing program) 2025/09/01 11:03:28 fetching corpus: 7862, signal 184520/188471 (executing program) 2025/09/01 11:03:28 fetching corpus: 7912, signal 184719/188495 (executing program) 2025/09/01 11:03:28 fetching corpus: 7959, signal 184937/188512 (executing program) 2025/09/01 11:03:28 fetching corpus: 8008, signal 185181/188543 (executing program) 2025/09/01 11:03:28 fetching corpus: 8058, signal 185436/188555 (executing program) 2025/09/01 11:03:28 fetching corpus: 8108, signal 185666/188555 (executing program) 2025/09/01 11:03:28 fetching corpus: 8158, signal 185979/188569 (executing program) 2025/09/01 11:03:28 fetching corpus: 8172, signal 186035/188569 (executing program) 2025/09/01 11:03:28 fetching corpus: 8172, signal 186035/188569 (executing program) 2025/09/01 11:03:30 starting 8 fuzzer processes 11:03:30 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) 11:03:30 executing program 1: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x95, 0x0, 0xfa, 0x0, 0x57c, 0x3800, 0x2ed, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x99, 0xd4, 0x11}}]}}]}}, 0x0) 11:03:30 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) fsync(r0) 11:03:30 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 11:03:30 executing program 3: r0 = inotify_init1(0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) r2 = dup2(r0, r1) ioctl$sock_SIOCOUTQ(r2, 0x5421, &(0x7f0000000040)) 11:03:30 executing program 4: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x3) fcntl$addseals(r0, 0x409, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}) 11:03:30 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000003c0), 0x4) 11:03:30 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f00000000c0)=""/168, &(0x7f0000000180)=0xa8) [ 70.440865] audit: type=1400 audit(1756724610.834:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 71.661506] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.664624] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.667169] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.672227] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.674549] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.724263] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.731542] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.743643] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.748367] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.749597] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.751100] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.752539] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.755102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.756241] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.758797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.759900] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.761545] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.764848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.767616] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.768341] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.772946] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.779969] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.783563] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.784820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.786302] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.787898] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.794449] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.796185] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.797690] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.802420] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.805314] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.810829] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.811972] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.813590] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.819913] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.821498] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.823721] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.835931] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.840509] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.861988] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.755275] Bluetooth: hci0: command tx timeout [ 73.817202] Bluetooth: hci1: command tx timeout [ 73.881740] Bluetooth: hci7: command tx timeout [ 73.883331] Bluetooth: hci2: command tx timeout [ 73.883796] Bluetooth: hci6: command tx timeout [ 73.884667] Bluetooth: hci5: command tx timeout [ 73.885155] Bluetooth: hci4: command tx timeout [ 73.885293] Bluetooth: hci3: command tx timeout [ 75.801395] Bluetooth: hci0: command tx timeout [ 75.865352] Bluetooth: hci1: command tx timeout [ 75.929156] Bluetooth: hci5: command tx timeout [ 75.929971] Bluetooth: hci7: command tx timeout [ 75.930988] Bluetooth: hci3: command tx timeout [ 75.931820] Bluetooth: hci4: command tx timeout [ 75.931861] Bluetooth: hci6: command tx timeout [ 75.931878] Bluetooth: hci2: command tx timeout [ 77.850093] Bluetooth: hci0: command tx timeout [ 77.913114] Bluetooth: hci1: command tx timeout [ 77.977127] Bluetooth: hci3: command tx timeout [ 77.977682] Bluetooth: hci2: command tx timeout [ 77.977776] Bluetooth: hci7: command tx timeout [ 77.978211] Bluetooth: hci6: command tx timeout [ 77.978665] Bluetooth: hci4: command tx timeout [ 77.979156] Bluetooth: hci5: command tx timeout [ 79.898168] Bluetooth: hci0: command tx timeout [ 79.962220] Bluetooth: hci1: command tx timeout [ 80.025177] Bluetooth: hci4: command tx timeout [ 80.025747] Bluetooth: hci6: command tx timeout [ 80.027202] Bluetooth: hci7: command tx timeout [ 80.027248] Bluetooth: hci2: command tx timeout [ 80.027272] Bluetooth: hci3: command tx timeout [ 80.027296] Bluetooth: hci5: command tx timeout [ 111.935018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.935665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.124111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.124718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.297222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.297812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.387785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.388379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.513542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.514189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:04:12 executing program 7: io_setup(0x10, &(0x7f0000000080)=0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) eventfd(0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000000c0)="ed", 0x1, 0x48}]) [ 112.650099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.650715] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:04:13 executing program 7: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) move_mount(r0, 0x0, r1, 0x0, 0x66) [ 112.756267] audit: type=1400 audit(1756724653.149:8): avc: denied { mounton } for pid=3833 comm="syz-executor.7" path="pipe:[4811]" dev="pipefs" ino=4811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 11:04:13 executing program 7: accept(0xffffffffffffffff, 0x0, 0x0) 11:04:13 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 112.786393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.786958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:04:13 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$sock(r0, &(0x7f00000046c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=[@timestamping={{0x18}}], 0x18}}], 0x2, 0x0) 11:04:13 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 11:04:13 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x108000, &(0x7f0000000400)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') pread64(r0, &(0x7f0000000240)=""/42, 0xff30, 0x0) [ 112.951072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.951660] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:04:13 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 112.976189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.978385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.070105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.070688] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.109668] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.110234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.132698] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.133329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.201931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.202687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.416698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.417330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.452563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.453581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.484687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.485613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.008414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.008985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.029740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.030303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:04:14 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) fsync(r0) 11:04:14 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCGPTPEER(r0, 0x80811501, 0x0) 11:04:14 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) 11:04:14 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x108000, &(0x7f0000000400)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') pread64(r0, &(0x7f0000000240)=""/42, 0xff30, 0x0) 11:04:14 executing program 3: syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x10000, 0x0, &(0x7f0000000200), 0x1008800, &(0x7f0000010d00)) 11:04:14 executing program 4: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x3) fcntl$addseals(r0, 0x409, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}) 11:04:14 executing program 2: syz_emit_ethernet(0x8e, &(0x7f00000003c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x58, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "61165b", 0x0, 0x2b, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@srh={0x0, 0x4, 0x4, 0x2, 0x0, 0x0, 0x0, [@private0, @loopback]}]}}}}}}}, 0x0) 11:04:14 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f00000000c0)=""/168, &(0x7f0000000180)=0xa8) [ 114.177690] loop3: detected capacity change from 0 to 128 11:04:14 executing program 4: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x3) fcntl$addseals(r0, 0x409, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}) 11:04:14 executing program 2: syz_emit_ethernet(0x8e, &(0x7f00000003c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x58, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "61165b", 0x0, 0x2b, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@srh={0x0, 0x4, 0x4, 0x2, 0x0, 0x0, 0x0, [@private0, @loopback]}]}}}}}}}, 0x0) [ 114.219544] loop3: detected capacity change from 0 to 128 [ 114.284540] syz-executor.0 (3931) used greatest stack depth: 24368 bytes left 11:04:14 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) fsync(r0) 11:04:14 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000001540)={&(0x7f0000000740)={0x2, 0x0, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000100)="5ec7", 0x2}], 0x1, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback}}}], 0x20}, 0x0) 11:04:14 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x108000, &(0x7f0000000400)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') pread64(r0, &(0x7f0000000240)=""/42, 0xff30, 0x0) 11:04:14 executing program 4: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x3) fcntl$addseals(r0, 0x409, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}) 11:04:14 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f00000000c0)=""/168, &(0x7f0000000180)=0xa8) 11:04:14 executing program 3: syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x10000, 0x0, &(0x7f0000000200), 0x1008800, &(0x7f0000010d00)) 11:04:14 executing program 2: syz_emit_ethernet(0x8e, &(0x7f00000003c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x58, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "61165b", 0x0, 0x2b, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@srh={0x0, 0x4, 0x4, 0x2, 0x0, 0x0, 0x0, [@private0, @loopback]}]}}}}}}}, 0x0) 11:04:14 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) [ 114.334350] loop3: detected capacity change from 0 to 128 11:04:14 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x9) 11:04:14 executing program 3: syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x10000, 0x0, &(0x7f0000000200), 0x1008800, &(0x7f0000010d00)) [ 114.381595] kmemleak: Found object by alias at 0x607f1a63e5ac [ 114.381616] CPU: 0 UID: 0 PID: 3947 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.381635] Tainted: [W]=WARN [ 114.381639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.381647] Call Trace: [ 114.381651] [ 114.381656] dump_stack_lvl+0xca/0x120 [ 114.381687] __lookup_object+0x94/0xb0 [ 114.381706] delete_object_full+0x27/0x70 [ 114.381723] free_percpu+0x30/0x1160 [ 114.381740] ? arch_uprobe_clear_state+0x16/0x140 [ 114.381761] futex_hash_free+0x38/0xc0 [ 114.381777] mmput+0x2d3/0x390 [ 114.381797] do_exit+0x79d/0x2970 [ 114.381815] ? signal_wake_up_state+0x85/0x120 [ 114.381831] ? zap_other_threads+0x2b9/0x3a0 [ 114.381848] ? __pfx_do_exit+0x10/0x10 [ 114.381861] ? do_group_exit+0x1c3/0x2a0 [ 114.381875] ? lock_release+0xc8/0x290 [ 114.381893] do_group_exit+0xd3/0x2a0 [ 114.381908] __x64_sys_exit_group+0x3e/0x50 [ 114.381922] x64_sys_call+0x18c5/0x18d0 [ 114.381939] do_syscall_64+0xbf/0x360 [ 114.381952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.381964] RIP: 0033:0x7fe6e3654b19 [ 114.381974] Code: Unable to access opcode bytes at 0x7fe6e3654aef. [ 114.381979] RSP: 002b:00007fffb7d68608 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 114.381991] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe6e3654b19 [ 114.381999] RDX: 00007fe6e360772b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 114.382007] RBP: 0000000000000000 R08: 0000001b2d121224 R09: 0000000000000000 [ 114.382015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.382022] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffb7d686f0 [ 114.382037] [ 114.382041] kmemleak: Object (percpu) 0x607f1a63e5a8 (size 16): [ 114.382048] kmemleak: comm "syz-executor.4", pid 282, jiffies 4294781171 [ 114.382055] kmemleak: min_count = 1 [ 114.382060] kmemleak: count = 0 [ 114.382063] kmemleak: flags = 0x21 [ 114.382067] kmemleak: checksum = 0 [ 114.382071] kmemleak: backtrace: [ 114.382075] pcpu_alloc_noprof+0x87a/0x1170 [ 114.382091] mm_init+0x99b/0x1170 [ 114.382099] copy_process+0x3ab7/0x73c0 [ 114.382109] kernel_clone+0xea/0x7f0 [ 114.382119] __do_sys_clone+0xce/0x120 [ 114.382130] do_syscall_64+0xbf/0x360 [ 114.382139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.408598] kmemleak: Found object by alias at 0x607f1a63e5b4 [ 114.408615] CPU: 1 UID: 0 PID: 3946 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.408634] Tainted: [W]=WARN [ 114.408638] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.408645] Call Trace: [ 114.408650] [ 114.408658] dump_stack_lvl+0xca/0x120 [ 114.408684] __lookup_object+0x94/0xb0 [ 114.408703] delete_object_full+0x27/0x70 [ 114.408719] free_percpu+0x30/0x1160 [ 114.408736] ? arch_uprobe_clear_state+0x16/0x140 [ 114.408756] futex_hash_free+0x38/0xc0 [ 114.408772] mmput+0x2d3/0x390 [ 114.408791] do_exit+0x79d/0x2970 [ 114.408805] ? signal_wake_up_state+0x85/0x120 [ 114.408821] ? zap_other_threads+0x2b9/0x3a0 [ 114.408838] ? __pfx_do_exit+0x10/0x10 [ 114.408851] ? do_group_exit+0x1c3/0x2a0 [ 114.408865] ? lock_release+0xc8/0x290 [ 114.408882] do_group_exit+0xd3/0x2a0 [ 114.408897] __x64_sys_exit_group+0x3e/0x50 [ 114.408912] x64_sys_call+0x18c5/0x18d0 [ 114.408928] do_syscall_64+0xbf/0x360 [ 114.408941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.408953] RIP: 0033:0x7fa90373eb19 [ 114.408962] Code: Unable to access opcode bytes at 0x7fa90373eaef. [ 114.408968] RSP: 002b:00007ffd4f0be7e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 114.408979] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa90373eb19 [ 114.408987] RDX: 00007fa9036f172b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 114.408994] RBP: 0000000000000000 R08: 0000001b2cf23528 R09: 0000000000000000 [ 114.409001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.409008] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd4f0be8d0 [ 114.409024] [ 114.409027] kmemleak: Object (percpu) 0x607f1a63e5a8 (size 16): [ 114.409038] kmemleak: comm "syz-executor.4", pid 282, jiffies 4294781171 [ 114.409046] kmemleak: min_count = 1 [ 114.409050] kmemleak: count = 0 [ 114.409053] kmemleak: flags = 0x21 [ 114.409057] kmemleak: checksum = 0 [ 114.409061] kmemleak: backtrace: [ 114.409064] pcpu_alloc_noprof+0x87a/0x1170 [ 114.409080] mm_init+0x99b/0x1170 [ 114.409089] copy_process+0x3ab7/0x73c0 [ 114.409099] kernel_clone+0xea/0x7f0 11:04:14 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x108000, &(0x7f0000000400)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') pread64(r0, &(0x7f0000000240)=""/42, 0xff30, 0x0) [ 114.409109] __do_sys_clone+0xce/0x120 [ 114.409119] do_syscall_64+0xbf/0x360 [ 114.409129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.485496] loop3: detected capacity change from 0 to 128 11:04:14 executing program 2: syz_emit_ethernet(0x8e, &(0x7f00000003c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x58, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "61165b", 0x0, 0x2b, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@srh={0x0, 0x4, 0x4, 0x2, 0x0, 0x0, 0x0, [@private0, @loopback]}]}}}}}}}, 0x0) 11:04:14 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) fsync(r0) 11:04:14 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$binfmt_misc(r0, 0x0, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400006}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x1}], 0x1, 0x1000, 0x0) 11:04:14 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f00000000c0)=""/168, &(0x7f0000000180)=0xa8) 11:04:14 executing program 4: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000080)=0x40001, 0x4) 11:04:14 executing program 3: syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x10000, 0x0, &(0x7f0000000200), 0x1008800, &(0x7f0000010d00)) 11:04:14 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) 11:04:14 executing program 7: setregid(0x0, 0xee01) socket$inet_icmp(0x2, 0x2, 0x1) [ 114.571584] loop3: detected capacity change from 0 to 128 11:04:14 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x90, 0x0) r0 = creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) write$P9_RSETATTR(r0, &(0x7f0000000640)={0x7}, 0x7) 11:04:15 executing program 5: rseq(&(0x7f0000000180), 0x20, 0x0, 0x0) syz_mount_image$nfs4(&(0x7f0000001280), 0x0, 0x0, 0xfffe, &(0x7f0000001600), 0x0, &(0x7f0000000440)=ANY=[@ANYRESOCT]) 11:04:15 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)={0x0, 0x0, 0x40000}, 0x20) 11:04:15 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$binfmt_misc(r0, 0x0, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400006}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x1}], 0x1, 0x1000, 0x0) 11:04:15 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000000040)='.)\x00', 0x40, 0x0, &(0x7f0000000080)={0x74, 0x0, 0x8001, 0x7fffffff}) 11:04:15 executing program 7: syz_open_procfs(0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) 11:04:15 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) [ 114.738482] audit: type=1400 audit(1756724655.130:9): avc: denied { open } for pid=3993 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 114.745840] audit: type=1400 audit(1756724655.130:10): avc: denied { kernel } for pid=3993 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:04:15 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) 11:04:15 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r0, 0x0, 0xb, 0x0, &(0x7f0000000440)) [ 114.830435] kmemleak: Found object by alias at 0x607f1a63e5b4 [ 114.830454] CPU: 1 UID: 0 PID: 4002 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.830473] Tainted: [W]=WARN [ 114.830477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.830485] Call Trace: [ 114.830489] [ 114.830494] dump_stack_lvl+0xca/0x120 [ 114.830525] __lookup_object+0x94/0xb0 [ 114.830544] delete_object_full+0x27/0x70 [ 114.830561] free_percpu+0x30/0x1160 [ 114.830579] ? arch_uprobe_clear_state+0x16/0x140 [ 114.830606] futex_hash_free+0x38/0xc0 [ 114.830621] mmput+0x2d3/0x390 [ 114.830640] do_exit+0x79d/0x2970 [ 114.830655] ? lock_release+0xc8/0x290 [ 114.830672] ? __pfx_do_exit+0x10/0x10 [ 114.830686] ? find_held_lock+0x2b/0x80 [ 114.830704] ? get_signal+0x835/0x2340 [ 114.830725] do_group_exit+0xd3/0x2a0 [ 114.830740] get_signal+0x2315/0x2340 [ 114.830763] ? __pfx_get_signal+0x10/0x10 [ 114.830780] ? do_futex+0x135/0x370 [ 114.830794] ? __pfx_do_futex+0x10/0x10 [ 114.830809] arch_do_signal_or_restart+0x80/0x790 [ 114.830828] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.830844] ? __x64_sys_futex+0x1c9/0x4d0 [ 114.830857] ? __x64_sys_futex+0x1d2/0x4d0 [ 114.830871] ? __sys_socket+0x9f/0x260 [ 114.830887] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.830901] ? xfd_validate_state+0x55/0x180 [ 114.830922] exit_to_user_mode_loop+0x8b/0x110 [ 114.830936] do_syscall_64+0x2f7/0x360 [ 114.830950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.830962] RIP: 0033:0x7fa90373eb19 [ 114.830971] Code: Unable to access opcode bytes at 0x7fa90373eaef. [ 114.830976] RSP: 002b:00007fa900cb4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.830988] RAX: 0000000000000000 RBX: 00007fa903851f68 RCX: 00007fa90373eb19 [ 114.830996] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa903851f68 [ 114.831004] RBP: 00007fa903851f60 R08: 0000000000000000 R09: 0000000000000000 [ 114.831011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa903851f6c [ 114.831018] R13: 00007ffd4f0be5bf R14: 00007fa900cb4300 R15: 0000000000022000 [ 114.831034] [ 114.831038] kmemleak: Object (percpu) 0x607f1a63e5a8 (size 16): [ 114.831045] kmemleak: comm "syz-executor.2", pid 284, jiffies 4294781552 [ 114.831052] kmemleak: min_count = 1 [ 114.831058] kmemleak: count = 0 [ 114.831062] kmemleak: flags = 0x21 [ 114.831066] kmemleak: checksum = 0 [ 114.831070] kmemleak: backtrace: [ 114.831073] pcpu_alloc_noprof+0x87a/0x1170 [ 114.831089] mm_init+0x99b/0x1170 [ 114.831098] copy_process+0x3ab7/0x73c0 [ 114.831108] kernel_clone+0xea/0x7f0 [ 114.831118] __do_sys_clone+0xce/0x120 [ 114.831128] do_syscall_64+0xbf/0x360 [ 114.831138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.842516] kmemleak: Found object by alias at 0x607f1a63e5b0 [ 114.842543] CPU: 0 UID: 0 PID: 3995 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 114.842568] Tainted: [W]=WARN [ 114.842573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.842583] Call Trace: [ 114.842588] [ 114.842595] dump_stack_lvl+0xca/0x120 [ 114.842629] __lookup_object+0x94/0xb0 [ 114.842653] delete_object_full+0x27/0x70 [ 114.842676] free_percpu+0x30/0x1160 [ 114.842699] ? arch_uprobe_clear_state+0x16/0x140 [ 114.842727] futex_hash_free+0x38/0xc0 [ 114.842747] mmput+0x2d3/0x390 [ 114.842773] do_exit+0x79d/0x2970 [ 114.842792] ? lock_release+0xc8/0x290 [ 114.842815] ? __pfx_do_exit+0x10/0x10 [ 114.842835] ? find_held_lock+0x2b/0x80 [ 114.842859] ? get_signal+0x835/0x2340 [ 114.842887] do_group_exit+0xd3/0x2a0 [ 114.842907] get_signal+0x2315/0x2340 [ 114.842938] ? __pfx_get_signal+0x10/0x10 [ 114.842960] ? do_futex+0x135/0x370 [ 114.842979] ? __pfx_do_futex+0x10/0x10 [ 114.843005] arch_do_signal_or_restart+0x80/0x790 [ 114.843031] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.843054] ? __x64_sys_futex+0x1c9/0x4d0 [ 114.843070] ? __x64_sys_futex+0x1d2/0x4d0 [ 114.843091] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.843110] ? xfd_validate_state+0x55/0x180 [ 114.843131] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 114.843157] exit_to_user_mode_loop+0x8b/0x110 [ 114.843176] do_syscall_64+0x2f7/0x360 [ 114.843194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.843210] RIP: 0033:0x7fa2b6129b19 [ 114.843222] Code: Unable to access opcode bytes at 0x7fa2b6129aef. [ 114.843229] RSP: 002b:00007fa2b369f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.843245] RAX: fffffffffffffe00 RBX: 00007fa2b623cf68 RCX: 00007fa2b6129b19 [ 114.843256] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2b623cf68 [ 114.843266] RBP: 00007fa2b623cf60 R08: 0000000000000000 R09: 0000000000000000 [ 114.843275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2b623cf6c [ 114.843285] R13: 00007ffff56e5e4f R14: 00007fa2b369f300 R15: 0000000000022000 [ 114.843307] [ 114.843312] kmemleak: Object (percpu) 0x607f1a63e5a8 (size 16): [ 114.843321] kmemleak: comm "syz-executor.2", pid 284, jiffies 4294781552 [ 114.843331] kmemleak: min_count = 1 [ 114.843337] kmemleak: count = 0 [ 114.843342] kmemleak: flags = 0x21 [ 114.843347] kmemleak: checksum = 0 [ 114.843352] kmemleak: backtrace: [ 114.843357] pcpu_alloc_noprof+0x87a/0x1170 [ 114.843378] mm_init+0x99b/0x1170 [ 114.843390] copy_process+0x3ab7/0x73c0 [ 114.843404] kernel_clone+0xea/0x7f0 [ 114.843417] __do_sys_clone+0xce/0x120 [ 114.843431] do_syscall_64+0xbf/0x360 [ 114.843444] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:04:15 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$binfmt_misc(r0, 0x0, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400006}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x1}], 0x1, 0x1000, 0x0) 11:04:15 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0xffffffffffffffff) capget(0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/103, 0x67}, {0x0}, {0x0}], 0x3, &(0x7f0000000280)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}}], 0x1, 0x12060, &(0x7f0000000300)) capset(&(0x7f0000000340)={0x0, r0}, &(0x7f0000000380)={0x0, 0x100, 0x2, 0x101, 0x0, 0x3ed}) clone3(&(0x7f0000005880)={0x64060100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:04:15 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) 11:04:15 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r3 = dup2(r1, r2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) 11:04:15 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x4}, 0x0) 11:04:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000006c0)={&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000700)=0x40) 11:04:15 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f00000001c0)={"861f03afa931a56aa387860a", &(0x7f0000000000)='\n', 0x1, 0x6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, "0bc4af35", 0x6, "b3cefa74", 0x0, 0x0, 0x0, "0fba6d", "e98a465a1d2c2e9b0c2f2beec5e214819b30cc3fbf0db723429642f85d9aabab1e9f873dc4bf7d3165989df1d6a2"}, 0x2, 0x0, 0x0, 0x0}) dup2(0xffffffffffffffff, 0xffffffffffffffff) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 11:04:15 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) [ 115.150150] kmemleak: Found object by alias at 0x607f1a63e354 [ 115.150170] CPU: 1 UID: 0 PID: 4020 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.150199] Tainted: [W]=WARN [ 115.150204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.150214] Call Trace: [ 115.150219] [ 115.150225] dump_stack_lvl+0xca/0x120 [ 115.150259] __lookup_object+0x94/0xb0 [ 115.150279] delete_object_full+0x27/0x70 [ 115.150296] free_percpu+0x30/0x1160 [ 115.150313] ? arch_uprobe_clear_state+0x16/0x140 [ 115.150334] futex_hash_free+0x38/0xc0 [ 115.150350] mmput+0x2d3/0x390 [ 115.150369] do_exit+0x79d/0x2970 [ 115.150386] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.150401] ? __pfx_do_exit+0x10/0x10 [ 115.150416] ? find_held_lock+0x2b/0x80 [ 115.150435] ? get_signal+0x835/0x2340 [ 115.150456] do_group_exit+0xd3/0x2a0 [ 115.150471] get_signal+0x2315/0x2340 [ 115.150490] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.150507] ? __pfx_get_signal+0x10/0x10 [ 115.150524] ? __schedule+0xe91/0x3590 [ 115.150546] arch_do_signal_or_restart+0x80/0x790 [ 115.150565] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 115.150582] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.150595] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.150607] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.150620] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.150640] exit_to_user_mode_loop+0x8b/0x110 [ 115.150653] do_syscall_64+0x2f7/0x360 [ 115.150667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.150679] RIP: 0033:0x7fcaddcd0b19 [ 115.150689] Code: Unable to access opcode bytes at 0x7fcaddcd0aef. [ 115.150694] RSP: 002b:00007fcadb225218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.150706] RAX: 0000000000000001 RBX: 00007fcaddde4028 RCX: 00007fcaddcd0b19 [ 115.150714] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcaddde402c [ 115.150721] RBP: 00007fcaddde4020 R08: 000000000000000e R09: 0000000000000000 [ 115.150728] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcaddde402c [ 115.150736] R13: 00007fff723bb07f R14: 00007fcadb225300 R15: 0000000000022000 [ 115.150753] [ 115.150757] kmemleak: Object (percpu) 0x607f1a63e350 (size 8): [ 115.150764] kmemleak: comm "syz-executor.0", pid 4025, jiffies 4294781940 [ 115.150772] kmemleak: min_count = 1 [ 115.150776] kmemleak: count = 0 [ 115.150779] kmemleak: flags = 0x21 [ 115.150783] kmemleak: checksum = 0 [ 115.150787] kmemleak: backtrace: [ 115.150790] pcpu_alloc_noprof+0x87a/0x1170 [ 115.150806] perf_trace_event_init+0x366/0xa10 [ 115.150820] perf_trace_init+0x1a4/0x2f0 [ 115.150832] perf_tp_event_init+0xa6/0x120 [ 115.150848] perf_try_init_event+0x140/0x9f0 [ 115.150862] perf_event_alloc.part.0+0x118e/0x45f0 [ 115.150879] __do_sys_perf_event_open+0x719/0x2c20 [ 115.150893] do_syscall_64+0xbf/0x360 [ 115.150902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.174500] kmemleak: Cannot insert 0x607f1a63e354 into the object search tree (overlaps existing) [ 115.174514] CPU: 1 UID: 0 PID: 4011 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.174533] Tainted: [W]=WARN [ 115.174538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.174544] Call Trace: [ 115.174548] [ 115.174552] dump_stack_lvl+0xca/0x120 [ 115.174574] __link_object+0x190/0x210 [ 115.174592] __create_object+0x48/0x80 [ 115.174611] pcpu_alloc_noprof+0x87a/0x1170 [ 115.174636] alloc_netdev_mqs+0x131/0x1360 [ 115.174655] ? __pfx_loopback_setup+0x10/0x10 [ 115.174673] ? __pfx_loopback_net_init+0x10/0x10 [ 115.174686] loopback_net_init+0x38/0x180 [ 115.174699] ? __pfx_loopback_net_init+0x10/0x10 [ 115.174712] ops_init+0x1e1/0x650 [ 115.174727] setup_net+0x10d/0x320 [ 115.174737] ? lockdep_init_map_type+0x4b/0x240 [ 115.174754] ? __pfx_setup_net+0x10/0x10 [ 115.174767] ? debug_mutex_init+0x37/0x70 [ 115.174788] copy_net_ns+0x2e3/0x650 [ 115.174802] create_new_namespaces+0x3f6/0xab0 [ 115.174827] copy_namespaces+0x45c/0x580 [ 115.174847] copy_process+0x2649/0x73c0 [ 115.174868] ? __pfx_copy_process+0x10/0x10 [ 115.174881] ? __might_fault+0xe0/0x190 [ 115.174900] ? _copy_from_user+0x5b/0xd0 [ 115.174920] kernel_clone+0xea/0x7f0 [ 115.174935] ? __pfx_kernel_clone+0x10/0x10 [ 115.174952] ? find_held_lock+0x2b/0x80 [ 115.174971] ? finish_task_switch.isra.0+0x201/0x840 [ 115.174996] __do_sys_clone3+0x1f5/0x280 [ 115.175009] ? __pfx___do_sys_clone3+0x10/0x10 [ 115.175031] ? __pfx___schedule+0x10/0x10 [ 115.175055] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 11:04:15 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$binfmt_misc(r0, 0x0, 0x4) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400006}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000440)="85", 0x1}], 0x1, 0x1000, 0x0) [ 115.175069] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.175083] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.175098] ? xfd_validate_state+0x55/0x180 [ 115.175123] do_syscall_64+0xbf/0x360 [ 115.175136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.175148] RIP: 0033:0x7fa90373eb19 [ 115.175158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.175171] RSP: 002b:00007fa900cb4188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 115.175183] RAX: ffffffffffffffda RBX: 00007fa903851f60 RCX: 00007fa90373eb19 [ 115.175191] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020005880 [ 115.175199] RBP: 00007fa903798f6d R08: 0000000000000000 R09: 0000000000000000 11:04:15 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) 11:04:15 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) [ 115.175207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.175214] R13: 00007ffd4f0be5bf R14: 00007fa900cb4300 R15: 0000000000022000 [ 115.175231] [ 115.175716] kmemleak: Kernel memory leak detector disabled [ 115.175720] kmemleak: Object (percpu) 0x607f1a63e350 (size 8): [ 115.175728] kmemleak: comm "syz-executor.0", pid 4025, jiffies 4294781940 [ 115.175735] kmemleak: min_count = 1 [ 115.175739] kmemleak: count = 0 [ 115.175743] kmemleak: flags = 0x21 [ 115.175748] kmemleak: checksum = 0 [ 115.175752] kmemleak: backtrace: [ 115.175755] pcpu_alloc_noprof+0x87a/0x1170 [ 115.175773] perf_trace_event_init+0x366/0xa10 [ 115.175787] perf_trace_init+0x1a4/0x2f0 [ 115.175801] perf_tp_event_init+0xa6/0x120 [ 115.175817] perf_try_init_event+0x140/0x9f0 [ 115.175832] perf_event_alloc.part.0+0x118e/0x45f0 [ 115.175851] __do_sys_perf_event_open+0x719/0x2c20 [ 115.175864] do_syscall_64+0xbf/0x360 [ 115.175875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.211607] mmap: syz-executor.7 (4029) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. 11:04:15 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x46, &(0x7f0000000080), 0x0) [ 115.246660] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.309257] ------------[ cut here ]------------ [ 115.309802] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.6/4038 [ 115.310619] Modules linked in: 11:04:15 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:04:15 executing program 3: pselect6(0x40, &(0x7f0000000400), &(0x7f0000000080), &(0x7f00000001c0)={0x434d}, &(0x7f0000000100), &(0x7f0000000180)={&(0x7f00000000c0)={[0xff]}, 0x8}) 11:04:15 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f00000001c0)={"861f03afa931a56aa387860a", &(0x7f0000000000)='\n', 0x1, 0x6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, "0bc4af35", 0x6, "b3cefa74", 0x0, 0x0, 0x0, "0fba6d", "e98a465a1d2c2e9b0c2f2beec5e214819b30cc3fbf0db723429642f85d9aabab1e9f873dc4bf7d3165989df1d6a2"}, 0x2, 0x0, 0x0, 0x0}) dup2(0xffffffffffffffff, 0xffffffffffffffff) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) [ 115.310952] CPU: 1 UID: 0 PID: 4038 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.315619] Tainted: [W]=WARN [ 115.315887] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.316568] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 115.316974] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 115.318491] RSP: 0018:ffff888044237bd0 EFLAGS: 00010293 [ 115.318959] RAX: 0000000000000000 RBX: 1ffff11008846f7f RCX: ffffffff81bfaf93 [ 115.319589] RDX: ffff888015eb1b80 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 115.320217] RBP: ffff888021048e00 R08: 0000000000000001 R09: 0000000000000000 [ 115.320807] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888044237c38 [ 115.321435] R13: 00000000ffffffff R14: dead000000000100 R15: ffff888021048e00 [ 115.322057] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.322767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.323283] CR2: 00007f8f66d763a4 CR3: 0000000042b9e000 CR4: 0000000000350ef0 [ 115.324570] Call Trace: [ 115.324797] [ 115.324998] ? __pfx_autoremove_wake_function+0x10/0x10 [ 115.325990] ? __pfx_mntput_no_expire+0x10/0x10 [ 115.326440] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 115.326843] ? shrink_dentry_list+0x1a/0x650 [ 115.327248] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 115.327721] namespace_unlock+0x57d/0x810 [ 115.328104] ? __pfx_namespace_unlock+0x10/0x10 [ 115.328511] ? find_held_lock+0x2b/0x80 [ 115.328866] ? lock_release+0xc8/0x290 [ 115.329270] put_mnt_ns+0xf5/0x120 [ 115.329591] free_nsproxy+0x3a/0x400 [ 115.329918] switch_task_namespaces+0xe2/0x100 [ 115.330358] do_exit+0x841/0x2970 [ 115.330663] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.331176] ? zap_other_threads+0x2b9/0x3a0 [ 115.331550] ? __pfx_do_exit+0x10/0x10 [ 115.331900] ? do_group_exit+0x1c3/0x2a0 [ 115.332255] ? _raw_spin_unlock_irq+0x23/0x40 [ 115.332660] do_group_exit+0xd3/0x2a0 [ 115.332991] __x64_sys_exit_group+0x3e/0x50 [ 115.333380] x64_sys_call+0x18c5/0x18d0 [ 115.333729] do_syscall_64+0xbf/0x360 [ 115.334075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.334527] RIP: 0033:0x7fa90373eb19 [ 115.334855] Code: Unable to access opcode bytes at 0x7fa90373eaef. [ 115.335399] RSP: 002b:00007fa900cb3bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 115.336073] RAX: ffffffffffffffda RBX: 00007fa903851f60 RCX: 00007fa90373eb19 [ 115.336684] RDX: 00007fa90373eb19 RSI: 0000000000000000 RDI: 000000000000000b [ 115.337301] RBP: 000000000000000b R08: 0000000000000000 R09: 00007fa903851f60 [ 115.337905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.338541] R13: 00007ffd4f0be5bf R14: 00007fa900cb4300 R15: 0000000000022000 [ 115.339180] [ 115.339388] irq event stamp: 1039 [ 115.339680] hardirqs last enabled at (1047): [] __up_console_sem+0x78/0x80 [ 115.340435] hardirqs last disabled at (1056): [] __up_console_sem+0x5d/0x80 [ 115.341178] softirqs last enabled at (826): [] handle_softirqs+0x50c/0x770 [ 115.341919] softirqs last disabled at (819): [] __irq_exit_rcu+0xc4/0x100 [ 115.342669] ---[ end trace 0000000000000000 ]--- [ 115.343166] ------------[ cut here ]------------ [ 115.343570] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.6/4038 [ 115.344364] Modules linked in: [ 115.344654] CPU: 1 UID: 0 PID: 4038 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.345693] Tainted: [W]=WARN [ 115.345948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.346650] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 115.347086] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 115.348605] RSP: 0018:ffff888044237bd0 EFLAGS: 00010293 [ 115.349062] RAX: 0000000000000000 RBX: 1ffff11008846f7f RCX: ffffffff81bfaf93 [ 115.349644] RDX: ffff888015eb1b80 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 115.350263] RBP: ffff888021048c40 R08: 0000000000000001 R09: 0000000000000000 [ 115.350835] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888044237c38 [ 115.351442] R13: 00000000ffffffff R14: dead000000000100 R15: ffff888021048c40 [ 115.352026] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.352693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.353188] CR2: 00007f8f66d763a4 CR3: 0000000042b9e000 CR4: 0000000000350ef0 [ 115.353766] Call Trace: [ 115.353980] [ 115.354190] ? __pfx_autoremove_wake_function+0x10/0x10 [ 115.354639] ? __pfx_mntput_no_expire+0x10/0x10 [ 115.355054] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 115.355446] ? shrink_dentry_list+0x1a/0x650 [ 115.355825] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 115.356285] namespace_unlock+0x7f1/0x810 [ 115.356633] ? __pfx_namespace_unlock+0x10/0x10 [ 115.357015] ? find_held_lock+0x2b/0x80 [ 115.357363] ? lock_release+0xc8/0x290 [ 115.357700] put_mnt_ns+0xf5/0x120 [ 115.358000] free_nsproxy+0x3a/0x400 [ 115.358350] switch_task_namespaces+0xe2/0x100 [ 115.358736] do_exit+0x841/0x2970 [ 115.359017] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.359500] ? zap_other_threads+0x2b9/0x3a0 [ 115.359873] ? __pfx_do_exit+0x10/0x10 [ 115.360213] ? do_group_exit+0x1c3/0x2a0 [ 115.360553] ? _raw_spin_unlock_irq+0x23/0x40 [ 115.360928] do_group_exit+0xd3/0x2a0 [ 115.361266] __x64_sys_exit_group+0x3e/0x50 [ 115.361624] x64_sys_call+0x18c5/0x18d0 [ 115.361950] do_syscall_64+0xbf/0x360 [ 115.362301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.362734] RIP: 0033:0x7fa90373eb19 [ 115.363060] Code: Unable to access opcode bytes at 0x7fa90373eaef. [ 115.363562] RSP: 002b:00007fa900cb3bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 115.364194] RAX: ffffffffffffffda RBX: 00007fa903851f60 RCX: 00007fa90373eb19 [ 115.364772] RDX: 00007fa90373eb19 RSI: 0000000000000000 RDI: 000000000000000b [ 115.365366] RBP: 000000000000000b R08: 0000000000000000 R09: 00007fa903851f60 [ 115.365944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.366559] R13: 00007ffd4f0be5bf R14: 00007fa900cb4300 R15: 0000000000022000 [ 115.367168] [ 115.367361] irq event stamp: 1579 [ 115.367640] hardirqs last enabled at (1587): [] __up_console_sem+0x78/0x80 [ 115.368356] hardirqs last disabled at (1596): [] __up_console_sem+0x5d/0x80 [ 115.369035] softirqs last enabled at (1428): [] handle_softirqs+0x50c/0x770 [ 115.369745] softirqs last disabled at (1423): [] __irq_exit_rcu+0xc4/0x100 [ 115.370478] ---[ end trace 0000000000000000 ]--- [ 115.375285] ------------[ cut here ]------------ [ 115.375729] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#0: syz-executor.6/4038 [ 115.376471] Modules linked in: [ 115.376852] CPU: 0 UID: 0 PID: 4038 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.377985] Tainted: [W]=WARN [ 115.378277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.378963] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 115.379368] Code: c7 20 49 d1 85 e8 41 b3 fa 02 49 8d 7d 40 5b 48 c7 c6 d0 fa be 81 5d 41 5c 41 5d 41 5e 41 5f e9 97 9a 9c ff e8 f2 3c b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 e4 3c b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 115.380935] RSP: 0018:ffff888044237d10 EFLAGS: 00010293 [ 115.381402] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bfb6a5 [ 115.382016] RDX: ffff888015eb1b80 RSI: ffffffff81bfb9be RDI: 0000000000000005 [ 115.382668] RBP: ffff888021049380 R08: 0000000000000000 R09: 0000000000000001 [ 115.383307] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888015eb2458 [ 115.383923] R13: ffff888021049180 R14: 0000000000000001 R15: ffff8880210491c0 [ 115.384531] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 115.385238] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.385745] CR2: 00007fcade1e8004 CR3: 0000000042a44000 CR4: 0000000000350ef0 [ 115.386387] Call Trace: [ 115.386606] [ 115.386794] task_work_run+0x172/0x280 [ 115.387153] ? __pfx_task_work_run+0x10/0x10 [ 115.387548] do_exit+0x846/0x2970 [ 115.387856] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.388399] ? zap_other_threads+0x2b9/0x3a0 [ 115.388757] ? __pfx_do_exit+0x10/0x10 [ 115.389077] ? do_group_exit+0x1c3/0x2a0 [ 115.389388] ? _raw_spin_unlock_irq+0x23/0x40 [ 115.389736] do_group_exit+0xd3/0x2a0 [ 115.390029] __x64_sys_exit_group+0x3e/0x50 [ 115.390386] x64_sys_call+0x18c5/0x18d0 [ 115.390701] do_syscall_64+0xbf/0x360 [ 115.391013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.391431] RIP: 0033:0x7fa90373eb19 [ 115.391723] Code: Unable to access opcode bytes at 0x7fa90373eaef. [ 115.392196] RSP: 002b:00007fa900cb3bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 115.392762] RAX: ffffffffffffffda RBX: 00007fa903851f60 RCX: 00007fa90373eb19 [ 115.393327] RDX: 00007fa90373eb19 RSI: 0000000000000000 RDI: 000000000000000b [ 115.393865] RBP: 000000000000000b R08: 0000000000000000 R09: 00007fa903851f60 [ 115.394435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.394962] R13: 00007ffd4f0be5bf R14: 00007fa900cb4300 R15: 0000000000022000 [ 115.395511] [ 115.395692] irq event stamp: 2129 [ 115.395948] hardirqs last enabled at (2137): [] __up_console_sem+0x78/0x80 [ 115.396596] hardirqs last disabled at (2146): [] __up_console_sem+0x5d/0x80 [ 115.397241] softirqs last enabled at (1722): [] handle_softirqs+0x50c/0x770 [ 115.397883] softirqs last disabled at (1693): [] __irq_exit_rcu+0xc4/0x100 [ 115.398534] ---[ end trace 0000000000000000 ]--- 11:04:15 executing program 0: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/vmcoreinfo', 0x0, 0x0) 11:04:15 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0xffffffffffffffff) capget(0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/103, 0x67}, {0x0}, {0x0}], 0x3, &(0x7f0000000280)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}}], 0x1, 0x12060, &(0x7f0000000300)) capset(&(0x7f0000000340)={0x0, r0}, &(0x7f0000000380)={0x0, 0x100, 0x2, 0x101, 0x0, 0x3ed}) clone3(&(0x7f0000005880)={0x64060100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:04:15 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x154, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) 11:04:15 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) 11:04:15 executing program 3: timer_create(0x9, &(0x7f00000001c0)={0x0, 0xb, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) 11:04:15 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, 0x0) ioctl$CDROM_SELECT_DISK(0xffffffffffffffff, 0x5322, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 11:04:15 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2}, 0x1b) 11:04:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_opts(r0, 0x29, 0x39, 0x0, &(0x7f00000035c0)) 11:04:15 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x154, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) 11:04:15 executing program 1: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 11:04:15 executing program 3: r0 = gettid() rt_sigqueueinfo(r0, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffb}) 11:04:15 executing program 0: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x40400, &(0x7f0000000440)={[{@utf8}]}) 11:04:15 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:04:15 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x324, &(0x7f0000000400)) 11:04:15 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0xffffffffffffffff) capget(0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/103, 0x67}, {0x0}, {0x0}], 0x3, &(0x7f0000000280)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}}], 0x1, 0x12060, &(0x7f0000000300)) capset(&(0x7f0000000340)={0x0, r0}, &(0x7f0000000380)={0x0, 0x100, 0x2, 0x101, 0x0, 0x3ed}) clone3(&(0x7f0000005880)={0x64060100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:04:15 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f00000001c0)={"861f03afa931a56aa387860a", &(0x7f0000000000)='\n', 0x1, 0x6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, "0bc4af35", 0x6, "b3cefa74", 0x0, 0x0, 0x0, "0fba6d", "e98a465a1d2c2e9b0c2f2beec5e214819b30cc3fbf0db723429642f85d9aabab1e9f873dc4bf7d3165989df1d6a2"}, 0x2, 0x0, 0x0, 0x0}) dup2(0xffffffffffffffff, 0xffffffffffffffff) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 11:04:15 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38010000100001000000000000000000ff020000000000000000000000000001fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc02000000000000000000000000000000000000320000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004800010077703531322d67656e657269630000000000000000000000000000000000f20000000000000000000000000000000000000000000000000000000028647156008a"], 0x138}}, 0x0) 11:04:15 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x154, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) [ 115.600260] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 115.601204] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.601836] CPU: 1 UID: 0 PID: 4075 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.602839] Tainted: [W]=WARN [ 115.603088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.603767] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.604163] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.605658] RSP: 0018:ffff888018867800 EFLAGS: 00010212 [ 115.606100] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900011b2000 [ 115.606706] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.607274] RBP: ffff888018867a70 R08: ffff88806cf31340 R09: ffffe8ffffd16350 [ 115.607846] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.608376] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.608902] FS: 00007fe460cb4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.609494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.609925] CR2: 000055557cfd0c58 CR3: 00000000171c1000 CR4: 0000000000350ef0 [ 115.610477] Call Trace: [ 115.610675] [ 115.610853] ? __pfx_perf_tp_event+0x10/0x10 [ 115.611192] ? lock_is_held_type+0x9e/0x120 [ 115.611524] ? lock_is_held_type+0x9e/0x120 [ 115.611879] ? perf_trace_lock+0xb5/0x5d0 [ 115.612218] ? perf_trace_lock+0xb5/0x5d0 [ 115.612547] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.612912] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.613281] ? find_held_lock+0x2b/0x80 [ 115.613610] ? find_held_lock+0x2b/0x80 [ 115.613932] ? __perf_install_in_context+0x503/0xb90 [ 115.614357] ? lock_release+0xc8/0x290 [ 115.614672] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.615133] ? do_raw_spin_unlock+0x53/0x220 [ 115.615493] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.615895] perf_trace_run_bpf_submit+0xef/0x180 [ 115.616286] perf_trace_lock+0x337/0x5d0 [ 115.616615] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.616985] ? lock_acquire+0x15e/0x2f0 [ 115.617304] ? futex_ref_get+0x48/0x300 [ 115.617625] ? futex_ref_get+0x114/0x300 [ 115.617950] ? futex_hash+0x15c/0x390 [ 115.618274] lock_release+0x1ab/0x290 [ 115.618587] ? futex_hash+0x15c/0x390 [ 115.618891] futex_ref_get+0x119/0x300 [ 115.619201] ? futex_hash+0x15c/0x390 [ 115.619503] futex_hash+0x70/0x390 [ 115.619793] futex_wake+0x143/0x540 [ 115.620088] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.620454] ? __pfx_futex_wake+0x10/0x10 [ 115.620788] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 115.621195] ? lock_release+0xc8/0x290 [ 115.621509] do_futex+0x26d/0x370 [ 115.621792] ? __pfx_do_futex+0x10/0x10 [ 115.622113] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 115.622556] __x64_sys_futex+0x1c9/0x4d0 [ 115.622884] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.623344] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.623708] ? selinux_file_ioctl+0xb9/0x280 [ 115.624064] ? xfd_validate_state+0x55/0x180 [ 115.624427] do_syscall_64+0xbf/0x360 [ 115.624734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.625140] RIP: 0033:0x7fe46373eb19 [ 115.625439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.626869] RSP: 002b:00007fe460cb4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.627461] RAX: ffffffffffffffda RBX: 00007fe463851f68 RCX: 00007fe46373eb19 [ 115.628015] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe463851f6c [ 115.628570] RBP: 00007fe463851f60 R08: 000000000000000e R09: 0000000000000000 [ 115.629124] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe463851f6c [ 115.629687] R13: 00007ffe89674d1f R14: 00007fe460cb4300 R15: 0000000000022000 [ 115.630271] [ 115.630466] Modules linked in: [ 115.630748] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 115.631610] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.632199] CPU: 1 UID: 0 PID: 4075 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.633127] Tainted: [D]=DIE, [W]=WARN [ 115.633427] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.634066] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.634460] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.635874] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 115.636320] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.636881] RDX: ffff8880450fb700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.637468] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16350 [ 115.638028] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 115.638612] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 115.639174] FS: 00007fe460cb4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.639805] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.640264] CR2: 000055557cfd0c58 CR3: 00000000171c1000 CR4: 0000000000350ef0 [ 115.640823] Call Trace: [ 115.641031] [ 115.641214] ? __pfx_perf_tp_event+0x10/0x10 [ 115.641575] ? lock_is_held_type+0x9e/0x120 [ 115.641925] ? trace_pelt_se_tp+0xdf/0x130 [ 115.642288] ? __update_load_avg_se+0x428/0xa40 [ 115.642665] ? match_held_lock+0xb0/0xd0 [ 115.642995] ? perf_trace_lock+0xb5/0x5d0 [ 115.643327] ? perf_trace_lock+0xb5/0x5d0 [ 115.643657] ? place_entity+0x300/0x410 [ 115.643977] ? kvm_sched_clock_read+0x16/0x30 [ 115.644342] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.644707] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.645074] ? lock_is_held_type+0x9e/0x120 [ 115.645426] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.645825] perf_trace_run_bpf_submit+0xef/0x180 [ 115.646226] perf_trace_lock+0x337/0x5d0 [ 115.646563] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.646932] ? find_held_lock+0x2b/0x80 [ 115.647256] ? hrtimer_interrupt+0x114/0x830 [ 115.647608] lock_release+0x1ab/0x290 [ 115.647913] ktime_get_update_offsets_now+0xab/0x3c0 [ 115.648318] ? hrtimer_interrupt+0x114/0x830 [ 115.648670] ? __pfx_lapic_next_deadline+0x10/0x10 [ 115.649066] hrtimer_interrupt+0x114/0x830 [ 115.649401] ? __pfx_flush_tlb_func+0x10/0x10 [ 115.649760] ? trace_csd_function_exit+0x134/0x190 [ 115.650156] ? __flush_smp_call_function_queue+0x28c/0x740 [ 115.650618] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 115.651029] sysvec_apic_timer_interrupt+0x6b/0x80 [ 115.651422] [ 115.651603] [ 115.651783] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.652198] RIP: 0010:oops_exit+0x0/0x50 [ 115.652525] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 115.653942] RSP: 0018:ffff888018867690 EFLAGS: 00000202 [ 115.654376] RAX: 000000000002ceac RBX: 0000000000000216 RCX: ffffc900011b2000 [ 115.654936] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 115.655496] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 115.656052] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888018867758 [ 115.656606] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 115.657171] ? oops_end+0x4a/0xe0 [ 115.657461] oops_end+0x65/0xe0 [ 115.657733] exc_general_protection+0x1a2/0x330 [ 115.658107] asm_exc_general_protection+0x26/0x30 [ 115.658502] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.658875] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.660289] RSP: 0018:ffff888018867800 EFLAGS: 00010212 [ 115.660707] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900011b2000 [ 115.661261] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.661817] RBP: ffff888018867a70 R08: ffff88806cf31340 R09: ffffe8ffffd16350 [ 115.662395] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.662958] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.663522] ? perf_tp_event+0x167/0xe70 [ 115.663855] ? __pfx_perf_tp_event+0x10/0x10 [ 115.664215] ? lock_is_held_type+0x9e/0x120 [ 115.664561] ? lock_is_held_type+0x9e/0x120 [ 115.664904] ? perf_trace_lock+0xb5/0x5d0 [ 115.665235] ? perf_trace_lock+0xb5/0x5d0 [ 115.665564] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.665928] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.666317] ? find_held_lock+0x2b/0x80 [ 115.666647] ? find_held_lock+0x2b/0x80 [ 115.666968] ? __perf_install_in_context+0x503/0xb90 [ 115.667367] ? lock_release+0xc8/0x290 [ 115.667676] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.668132] ? do_raw_spin_unlock+0x53/0x220 [ 115.668489] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.668886] perf_trace_run_bpf_submit+0xef/0x180 [ 115.669275] perf_trace_lock+0x337/0x5d0 [ 115.669605] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.669973] ? lock_acquire+0x15e/0x2f0 [ 115.670307] ? futex_ref_get+0x48/0x300 [ 115.670628] ? futex_ref_get+0x114/0x300 [ 115.670947] ? futex_hash+0x15c/0x390 [ 115.671252] lock_release+0x1ab/0x290 [ 115.671558] ? futex_hash+0x15c/0x390 [ 115.671862] futex_ref_get+0x119/0x300 [ 115.672169] ? futex_hash+0x15c/0x390 [ 115.672473] futex_hash+0x70/0x390 [ 115.672759] futex_wake+0x143/0x540 [ 115.673054] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.673422] ? __pfx_futex_wake+0x10/0x10 [ 115.673760] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 115.674164] ? lock_release+0xc8/0x290 [ 115.674507] do_futex+0x26d/0x370 [ 115.674791] ? __pfx_do_futex+0x10/0x10 [ 115.675108] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 115.675530] __x64_sys_futex+0x1c9/0x4d0 [ 115.675854] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.676315] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.676678] ? selinux_file_ioctl+0xb9/0x280 [ 115.677028] ? xfd_validate_state+0x55/0x180 [ 115.677386] do_syscall_64+0xbf/0x360 [ 115.677689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.678093] RIP: 0033:0x7fe46373eb19 [ 115.678411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.679825] RSP: 002b:00007fe460cb4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.680420] RAX: ffffffffffffffda RBX: 00007fe463851f68 RCX: 00007fe46373eb19 [ 115.680977] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe463851f6c [ 115.681534] RBP: 00007fe463851f60 R08: 000000000000000e R09: 0000000000000000 [ 115.682087] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe463851f6c [ 115.682663] R13: 00007ffe89674d1f R14: 00007fe460cb4300 R15: 0000000000022000 [ 115.683232] [ 115.683419] Modules linked in: [ 115.683678] ---[ end trace 0000000000000000 ]--- [ 115.684047] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.684419] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.685838] RSP: 0018:ffff888018867800 EFLAGS: 00010212 [ 115.686272] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900011b2000 [ 115.686834] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.687391] RBP: ffff888018867a70 R08: ffff88806cf31340 R09: ffffe8ffffd16350 [ 115.687950] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.688508] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.689068] FS: 00007fe460cb4700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.689696] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.690153] CR2: 000055557cfd0c58 CR3: 00000000171c1000 CR4: 0000000000350ef0 [ 115.690736] Kernel panic - not syncing: Fatal exception in interrupt [ 115.691436] Kernel Offset: disabled [ 115.691724] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:04:15 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffffea0000f2cbb0 RCX=ffffffff819e6f93 RDX=fffff940001e5977 RSI=0000000000000004 RDI=ffffea0000f2cbb0 RBP=ffffea0000f2cb80 RSP=ffff888016aaf6c0 R8 =0000000000000001 R9 =fffff940001e5976 R10=ffffea0000f2cbb3 R11=0000000000000001 R12=0000000000000000 R13=ffffea0000f2cb80 R14=ffffea0000f2cb80 R15=dffffc0000000000 RIP=ffffffff819e6f93 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555593773400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe46478b3a4 CR3=000000003d593000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888044237510 R8 =0000000000000000 R9 =ffffed100166b046 R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8f66d763a4 CR3=0000000042b9e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000