Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:13352' (ECDSA) to the list of known hosts. 2025/09/01 11:58:39 fuzzer started 2025/09/01 11:58:39 dialing manager at localhost:35473 syzkaller login: [ 51.130071] cgroup: Unknown subsys name 'net' [ 51.177336] cgroup: Unknown subsys name 'cpuset' [ 51.198196] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:58:49 syscalls: 2214 2025/09/01 11:58:49 code coverage: enabled 2025/09/01 11:58:49 comparison tracing: enabled 2025/09/01 11:58:49 extra coverage: enabled 2025/09/01 11:58:49 setuid sandbox: enabled 2025/09/01 11:58:49 namespace sandbox: enabled 2025/09/01 11:58:49 Android sandbox: enabled 2025/09/01 11:58:49 fault injection: enabled 2025/09/01 11:58:49 leak checking: enabled 2025/09/01 11:58:49 net packet injection: enabled 2025/09/01 11:58:49 net device setup: enabled 2025/09/01 11:58:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:58:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:58:49 USB emulation: enabled 2025/09/01 11:58:49 hci packet injection: enabled 2025/09/01 11:58:49 wifi device emulation: enabled 2025/09/01 11:58:49 802.15.4 emulation: enabled 2025/09/01 11:58:49 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:58:49 fetching corpus: 50, signal 23521/27001 (executing program) 2025/09/01 11:58:49 fetching corpus: 100, signal 35458/40334 (executing program) 2025/09/01 11:58:50 fetching corpus: 150, signal 42711/48941 (executing program) 2025/09/01 11:58:50 fetching corpus: 200, signal 48711/56196 (executing program) 2025/09/01 11:58:50 fetching corpus: 250, signal 51689/60499 (executing program) 2025/09/01 11:58:50 fetching corpus: 300, signal 56432/66397 (executing program) 2025/09/01 11:58:50 fetching corpus: 350, signal 59932/71011 (executing program) 2025/09/01 11:58:50 fetching corpus: 400, signal 62368/74606 (executing program) 2025/09/01 11:58:50 fetching corpus: 450, signal 64829/78211 (executing program) 2025/09/01 11:58:50 fetching corpus: 500, signal 67946/82328 (executing program) 2025/09/01 11:58:50 fetching corpus: 550, signal 71845/87010 (executing program) 2025/09/01 11:58:50 fetching corpus: 600, signal 74230/90310 (executing program) 2025/09/01 11:58:50 fetching corpus: 650, signal 76268/93252 (executing program) 2025/09/01 11:58:51 fetching corpus: 700, signal 79322/97047 (executing program) 2025/09/01 11:58:51 fetching corpus: 750, signal 82448/100848 (executing program) 2025/09/01 11:58:51 fetching corpus: 800, signal 84656/103824 (executing program) 2025/09/01 11:58:51 fetching corpus: 850, signal 87073/106941 (executing program) 2025/09/01 11:58:51 fetching corpus: 900, signal 88882/109543 (executing program) 2025/09/01 11:58:51 fetching corpus: 950, signal 90641/112013 (executing program) 2025/09/01 11:58:51 fetching corpus: 1000, signal 92691/114681 (executing program) 2025/09/01 11:58:51 fetching corpus: 1050, signal 94383/117056 (executing program) 2025/09/01 11:58:51 fetching corpus: 1100, signal 97139/120184 (executing program) 2025/09/01 11:58:51 fetching corpus: 1150, signal 98322/122047 (executing program) 2025/09/01 11:58:51 fetching corpus: 1200, signal 99529/123918 (executing program) 2025/09/01 11:58:52 fetching corpus: 1250, signal 100932/125983 (executing program) 2025/09/01 11:58:52 fetching corpus: 1300, signal 103321/128652 (executing program) 2025/09/01 11:58:52 fetching corpus: 1350, signal 105082/130875 (executing program) 2025/09/01 11:58:52 fetching corpus: 1400, signal 106204/132587 (executing program) 2025/09/01 11:58:52 fetching corpus: 1450, signal 108504/135064 (executing program) 2025/09/01 11:58:52 fetching corpus: 1500, signal 110282/137183 (executing program) 2025/09/01 11:58:52 fetching corpus: 1550, signal 111707/139007 (executing program) 2025/09/01 11:58:52 fetching corpus: 1600, signal 112912/140673 (executing program) 2025/09/01 11:58:52 fetching corpus: 1650, signal 113969/142256 (executing program) 2025/09/01 11:58:52 fetching corpus: 1700, signal 114802/143651 (executing program) 2025/09/01 11:58:53 fetching corpus: 1750, signal 115923/145127 (executing program) 2025/09/01 11:58:53 fetching corpus: 1800, signal 117318/146840 (executing program) 2025/09/01 11:58:53 fetching corpus: 1850, signal 118329/148240 (executing program) 2025/09/01 11:58:53 fetching corpus: 1900, signal 119049/149431 (executing program) 2025/09/01 11:58:53 fetching corpus: 1950, signal 119837/150739 (executing program) 2025/09/01 11:58:53 fetching corpus: 2000, signal 120719/152030 (executing program) 2025/09/01 11:58:53 fetching corpus: 2050, signal 121565/153261 (executing program) 2025/09/01 11:58:53 fetching corpus: 2100, signal 122354/154469 (executing program) 2025/09/01 11:58:53 fetching corpus: 2150, signal 123235/155661 (executing program) 2025/09/01 11:58:53 fetching corpus: 2200, signal 124566/157085 (executing program) 2025/09/01 11:58:53 fetching corpus: 2250, signal 125711/158374 (executing program) 2025/09/01 11:58:53 fetching corpus: 2300, signal 126874/159715 (executing program) 2025/09/01 11:58:54 fetching corpus: 2350, signal 128053/161029 (executing program) 2025/09/01 11:58:54 fetching corpus: 2400, signal 129092/162245 (executing program) 2025/09/01 11:58:54 fetching corpus: 2450, signal 130613/163626 (executing program) 2025/09/01 11:58:54 fetching corpus: 2500, signal 131382/164599 (executing program) 2025/09/01 11:58:54 fetching corpus: 2550, signal 132179/165662 (executing program) 2025/09/01 11:58:54 fetching corpus: 2600, signal 133101/166749 (executing program) 2025/09/01 11:58:54 fetching corpus: 2650, signal 133888/167731 (executing program) 2025/09/01 11:58:54 fetching corpus: 2700, signal 134796/168774 (executing program) 2025/09/01 11:58:54 fetching corpus: 2750, signal 135528/169655 (executing program) 2025/09/01 11:58:54 fetching corpus: 2800, signal 136157/170464 (executing program) 2025/09/01 11:58:54 fetching corpus: 2850, signal 136831/171347 (executing program) 2025/09/01 11:58:55 fetching corpus: 2900, signal 137544/172247 (executing program) 2025/09/01 11:58:55 fetching corpus: 2950, signal 138128/173103 (executing program) 2025/09/01 11:58:55 fetching corpus: 3000, signal 138706/173904 (executing program) 2025/09/01 11:58:55 fetching corpus: 3050, signal 139374/174771 (executing program) 2025/09/01 11:58:55 fetching corpus: 3100, signal 140031/175572 (executing program) 2025/09/01 11:58:55 fetching corpus: 3150, signal 140514/176300 (executing program) 2025/09/01 11:58:55 fetching corpus: 3200, signal 140955/177021 (executing program) 2025/09/01 11:58:55 fetching corpus: 3250, signal 141468/177750 (executing program) 2025/09/01 11:58:55 fetching corpus: 3300, signal 141862/178447 (executing program) 2025/09/01 11:58:55 fetching corpus: 3350, signal 142641/179242 (executing program) 2025/09/01 11:58:55 fetching corpus: 3400, signal 143224/179945 (executing program) 2025/09/01 11:58:55 fetching corpus: 3450, signal 143781/180688 (executing program) 2025/09/01 11:58:56 fetching corpus: 3500, signal 144293/181343 (executing program) 2025/09/01 11:58:56 fetching corpus: 3550, signal 144732/182013 (executing program) 2025/09/01 11:58:56 fetching corpus: 3600, signal 145378/182695 (executing program) 2025/09/01 11:58:56 fetching corpus: 3650, signal 146200/183384 (executing program) 2025/09/01 11:58:56 fetching corpus: 3700, signal 146777/183980 (executing program) 2025/09/01 11:58:56 fetching corpus: 3750, signal 147269/184580 (executing program) 2025/09/01 11:58:56 fetching corpus: 3800, signal 147743/185166 (executing program) 2025/09/01 11:58:56 fetching corpus: 3850, signal 148195/185718 (executing program) 2025/09/01 11:58:56 fetching corpus: 3900, signal 148778/186342 (executing program) 2025/09/01 11:58:56 fetching corpus: 3950, signal 149547/187023 (executing program) 2025/09/01 11:58:56 fetching corpus: 4000, signal 150407/187648 (executing program) 2025/09/01 11:58:57 fetching corpus: 4050, signal 151137/188275 (executing program) 2025/09/01 11:58:57 fetching corpus: 4100, signal 152020/188850 (executing program) 2025/09/01 11:58:57 fetching corpus: 4150, signal 152556/189361 (executing program) 2025/09/01 11:58:57 fetching corpus: 4200, signal 152989/189867 (executing program) 2025/09/01 11:58:57 fetching corpus: 4250, signal 153428/190320 (executing program) 2025/09/01 11:58:57 fetching corpus: 4300, signal 153917/190782 (executing program) 2025/09/01 11:58:57 fetching corpus: 4350, signal 154434/191271 (executing program) 2025/09/01 11:58:57 fetching corpus: 4400, signal 156040/191833 (executing program) 2025/09/01 11:58:57 fetching corpus: 4450, signal 156601/192274 (executing program) 2025/09/01 11:58:57 fetching corpus: 4500, signal 156938/192696 (executing program) 2025/09/01 11:58:57 fetching corpus: 4550, signal 157325/193146 (executing program) 2025/09/01 11:58:58 fetching corpus: 4600, signal 157756/193588 (executing program) 2025/09/01 11:58:58 fetching corpus: 4650, signal 158212/194005 (executing program) 2025/09/01 11:58:58 fetching corpus: 4700, signal 158576/194442 (executing program) 2025/09/01 11:58:58 fetching corpus: 4750, signal 159064/194855 (executing program) 2025/09/01 11:58:58 fetching corpus: 4800, signal 159377/194900 (executing program) 2025/09/01 11:58:58 fetching corpus: 4850, signal 159688/194919 (executing program) 2025/09/01 11:58:58 fetching corpus: 4900, signal 160181/194920 (executing program) 2025/09/01 11:58:58 fetching corpus: 4950, signal 160629/194927 (executing program) 2025/09/01 11:58:58 fetching corpus: 5000, signal 161085/194933 (executing program) 2025/09/01 11:58:58 fetching corpus: 5050, signal 161498/194936 (executing program) 2025/09/01 11:58:59 fetching corpus: 5100, signal 161952/194957 (executing program) 2025/09/01 11:58:59 fetching corpus: 5150, signal 162304/194981 (executing program) 2025/09/01 11:58:59 fetching corpus: 5200, signal 162637/194988 (executing program) 2025/09/01 11:58:59 fetching corpus: 5250, signal 163051/194995 (executing program) 2025/09/01 11:58:59 fetching corpus: 5300, signal 163479/194998 (executing program) 2025/09/01 11:58:59 fetching corpus: 5350, signal 163831/195001 (executing program) 2025/09/01 11:58:59 fetching corpus: 5400, signal 164227/195015 (executing program) 2025/09/01 11:58:59 fetching corpus: 5450, signal 164699/195026 (executing program) 2025/09/01 11:58:59 fetching corpus: 5500, signal 165012/195026 (executing program) 2025/09/01 11:58:59 fetching corpus: 5550, signal 165528/195048 (executing program) 2025/09/01 11:58:59 fetching corpus: 5600, signal 165933/195074 (executing program) 2025/09/01 11:58:59 fetching corpus: 5650, signal 166282/195096 (executing program) 2025/09/01 11:59:00 fetching corpus: 5700, signal 166694/195096 (executing program) 2025/09/01 11:59:00 fetching corpus: 5750, signal 168297/195100 (executing program) 2025/09/01 11:59:00 fetching corpus: 5800, signal 168535/195116 (executing program) 2025/09/01 11:59:00 fetching corpus: 5850, signal 169143/195126 (executing program) 2025/09/01 11:59:00 fetching corpus: 5900, signal 169541/195162 (executing program) 2025/09/01 11:59:00 fetching corpus: 5950, signal 170123/195169 (executing program) 2025/09/01 11:59:00 fetching corpus: 6000, signal 170401/195188 (executing program) 2025/09/01 11:59:00 fetching corpus: 6050, signal 170691/195197 (executing program) 2025/09/01 11:59:00 fetching corpus: 6100, signal 171506/195255 (executing program) 2025/09/01 11:59:00 fetching corpus: 6150, signal 171893/195255 (executing program) 2025/09/01 11:59:01 fetching corpus: 6200, signal 172373/195257 (executing program) 2025/09/01 11:59:01 fetching corpus: 6250, signal 172674/195265 (executing program) 2025/09/01 11:59:01 fetching corpus: 6300, signal 173098/195273 (executing program) 2025/09/01 11:59:01 fetching corpus: 6350, signal 173529/195301 (executing program) 2025/09/01 11:59:01 fetching corpus: 6400, signal 173846/195316 (executing program) 2025/09/01 11:59:01 fetching corpus: 6450, signal 174101/195325 (executing program) 2025/09/01 11:59:01 fetching corpus: 6500, signal 174442/195328 (executing program) 2025/09/01 11:59:01 fetching corpus: 6550, signal 174879/195329 (executing program) 2025/09/01 11:59:01 fetching corpus: 6600, signal 175345/195333 (executing program) 2025/09/01 11:59:01 fetching corpus: 6650, signal 175640/195333 (executing program) 2025/09/01 11:59:01 fetching corpus: 6700, signal 175951/195333 (executing program) 2025/09/01 11:59:01 fetching corpus: 6750, signal 176327/195336 (executing program) 2025/09/01 11:59:02 fetching corpus: 6800, signal 176578/195339 (executing program) 2025/09/01 11:59:02 fetching corpus: 6850, signal 177143/195345 (executing program) 2025/09/01 11:59:02 fetching corpus: 6900, signal 177358/195348 (executing program) 2025/09/01 11:59:02 fetching corpus: 6950, signal 177695/195359 (executing program) 2025/09/01 11:59:02 fetching corpus: 7000, signal 178085/195362 (executing program) 2025/09/01 11:59:02 fetching corpus: 7050, signal 178471/195399 (executing program) 2025/09/01 11:59:02 fetching corpus: 7100, signal 178876/195401 (executing program) 2025/09/01 11:59:02 fetching corpus: 7150, signal 179162/195405 (executing program) 2025/09/01 11:59:02 fetching corpus: 7200, signal 179507/195408 (executing program) 2025/09/01 11:59:02 fetching corpus: 7250, signal 179824/195413 (executing program) 2025/09/01 11:59:02 fetching corpus: 7300, signal 180259/195429 (executing program) 2025/09/01 11:59:03 fetching corpus: 7350, signal 180520/195431 (executing program) 2025/09/01 11:59:03 fetching corpus: 7400, signal 180769/195440 (executing program) 2025/09/01 11:59:03 fetching corpus: 7450, signal 181012/195468 (executing program) 2025/09/01 11:59:03 fetching corpus: 7500, signal 181475/195472 (executing program) 2025/09/01 11:59:03 fetching corpus: 7550, signal 181672/195483 (executing program) 2025/09/01 11:59:03 fetching corpus: 7600, signal 182000/195533 (executing program) 2025/09/01 11:59:03 fetching corpus: 7650, signal 182356/195533 (executing program) 2025/09/01 11:59:03 fetching corpus: 7700, signal 182759/195601 (executing program) 2025/09/01 11:59:03 fetching corpus: 7750, signal 184538/195602 (executing program) 2025/09/01 11:59:03 fetching corpus: 7800, signal 184746/195604 (executing program) 2025/09/01 11:59:03 fetching corpus: 7850, signal 185093/195607 (executing program) 2025/09/01 11:59:03 fetching corpus: 7900, signal 185445/195632 (executing program) 2025/09/01 11:59:04 fetching corpus: 7950, signal 185749/195632 (executing program) 2025/09/01 11:59:04 fetching corpus: 8000, signal 186000/195650 (executing program) 2025/09/01 11:59:04 fetching corpus: 8050, signal 186288/195655 (executing program) 2025/09/01 11:59:04 fetching corpus: 8100, signal 186522/195656 (executing program) 2025/09/01 11:59:04 fetching corpus: 8150, signal 186788/195659 (executing program) 2025/09/01 11:59:04 fetching corpus: 8200, signal 187030/195665 (executing program) 2025/09/01 11:59:04 fetching corpus: 8250, signal 187244/195673 (executing program) 2025/09/01 11:59:04 fetching corpus: 8300, signal 187503/195676 (executing program) 2025/09/01 11:59:04 fetching corpus: 8350, signal 187673/195678 (executing program) 2025/09/01 11:59:04 fetching corpus: 8400, signal 187946/195678 (executing program) 2025/09/01 11:59:04 fetching corpus: 8450, signal 188170/195681 (executing program) 2025/09/01 11:59:05 fetching corpus: 8500, signal 188363/195691 (executing program) 2025/09/01 11:59:05 fetching corpus: 8550, signal 188702/195693 (executing program) 2025/09/01 11:59:05 fetching corpus: 8600, signal 189005/195720 (executing program) 2025/09/01 11:59:05 fetching corpus: 8650, signal 189308/195722 (executing program) 2025/09/01 11:59:05 fetching corpus: 8700, signal 189541/195732 (executing program) 2025/09/01 11:59:05 fetching corpus: 8750, signal 189770/195734 (executing program) 2025/09/01 11:59:05 fetching corpus: 8800, signal 190060/195735 (executing program) 2025/09/01 11:59:05 fetching corpus: 8850, signal 190274/195739 (executing program) 2025/09/01 11:59:05 fetching corpus: 8900, signal 190557/195743 (executing program) 2025/09/01 11:59:05 fetching corpus: 8950, signal 190844/195779 (executing program) 2025/09/01 11:59:05 fetching corpus: 9000, signal 191062/195788 (executing program) 2025/09/01 11:59:06 fetching corpus: 9050, signal 191331/195802 (executing program) 2025/09/01 11:59:06 fetching corpus: 9100, signal 191495/195805 (executing program) 2025/09/01 11:59:06 fetching corpus: 9150, signal 191781/195833 (executing program) 2025/09/01 11:59:06 fetching corpus: 9200, signal 192059/195833 (executing program) 2025/09/01 11:59:06 fetching corpus: 9250, signal 192735/195837 (executing program) 2025/09/01 11:59:06 fetching corpus: 9259, signal 192834/195841 (executing program) 2025/09/01 11:59:06 fetching corpus: 9259, signal 192834/195841 (executing program) 2025/09/01 11:59:07 starting 8 fuzzer processes 11:59:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x5, 0x0, 0x46) 11:59:07 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x1}) 11:59:08 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0) 11:59:08 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x20102) write$binfmt_script(r0, 0x0, 0x0) write$binfmt_script(r0, 0x0, 0x1c) 11:59:08 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x25, &(0x7f0000000240)={0x1, 0x0, 0x9}) 11:59:08 executing program 5: io_setup(0x3fc, &(0x7f0000000000)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000002c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) 11:59:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000140)=@ethtool_eee={0x44}}) 11:59:08 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x9, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 79.349151] audit: type=1400 audit(1756727948.175:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 80.535743] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.538284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.540636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.545301] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.548290] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.608815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.611939] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.614288] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.617568] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.619238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.621409] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.627177] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.628625] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.632293] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.643048] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.649185] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.650620] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.654226] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.656085] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.669895] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.672022] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.676201] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.678347] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.680299] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.683087] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.685438] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.690819] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.693996] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.703376] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.705994] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.707892] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.710074] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.734825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.743297] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.745901] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.768125] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.775463] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.786031] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.807436] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.826541] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.630040] Bluetooth: hci0: command tx timeout [ 82.693231] Bluetooth: hci3: command tx timeout [ 82.756802] Bluetooth: hci1: command tx timeout [ 82.757909] Bluetooth: hci4: command tx timeout [ 82.758012] Bluetooth: hci2: command tx timeout [ 82.820789] Bluetooth: hci6: command tx timeout [ 82.821039] Bluetooth: hci5: command tx timeout [ 82.885990] Bluetooth: hci7: command tx timeout [ 84.676874] Bluetooth: hci0: command tx timeout [ 84.741252] Bluetooth: hci3: command tx timeout [ 84.804874] Bluetooth: hci4: command tx timeout [ 84.804979] Bluetooth: hci1: command tx timeout [ 84.806617] Bluetooth: hci2: command tx timeout [ 84.868837] Bluetooth: hci5: command tx timeout [ 84.870444] Bluetooth: hci6: command tx timeout [ 84.932853] Bluetooth: hci7: command tx timeout [ 86.724790] Bluetooth: hci0: command tx timeout [ 86.788792] Bluetooth: hci3: command tx timeout [ 86.852820] Bluetooth: hci2: command tx timeout [ 86.852889] Bluetooth: hci1: command tx timeout [ 86.853754] Bluetooth: hci4: command tx timeout [ 86.916812] Bluetooth: hci6: command tx timeout [ 86.916912] Bluetooth: hci5: command tx timeout [ 86.980890] Bluetooth: hci7: command tx timeout [ 88.773727] Bluetooth: hci0: command tx timeout [ 88.836731] Bluetooth: hci3: command tx timeout [ 88.900793] Bluetooth: hci2: command tx timeout [ 88.901632] Bluetooth: hci4: command tx timeout [ 88.903270] Bluetooth: hci1: command tx timeout [ 88.965883] Bluetooth: hci6: command tx timeout [ 88.965992] Bluetooth: hci5: command tx timeout [ 89.028795] Bluetooth: hci7: command tx timeout [ 120.558612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.559298] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.707525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.708181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.874166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.874813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.094854] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.095453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:50 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) epoll_create1(0x0) pipe(&(0x7f00000001c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x8e}, &(0x7f00000000c0), 0x0) [ 121.328851] audit: type=1400 audit(1756727990.152:8): avc: denied { open } for pid=3839 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.332028] audit: type=1400 audit(1756727990.152:9): avc: denied { kernel } for pid=3839 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.335945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.336557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:50 executing program 3: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 121.426008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.426583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:50 executing program 3: sched_setattr(0x0, &(0x7f0000000140)={0x58}, 0x0) 11:59:50 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000740)={{0xf8}}) [ 121.563642] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.564283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:50 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000740)={{0xf8}}) 11:59:50 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000740)={{0xf8}}) [ 121.691828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.692459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:50 executing program 4: setitimer(0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x2710}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="11000000"]}) 11:59:50 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000740)={{0xf8}}) [ 121.786356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.787081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.870958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.871593] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.919042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.919644] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.960421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.961457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.034040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.034684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.093543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.094599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.224067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.225150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.286265] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.286899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.363398] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:59:51 executing program 0: openat$sysfs(0xffffffffffffff9c, &(0x7f0000001080)='/sys/class/backlight', 0x80000, 0x0) 11:59:51 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x1}) 11:59:51 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x25, &(0x7f0000000240)={0x1, 0x0, 0x9}) 11:59:51 executing program 7: r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x84000, 0x0) 11:59:51 executing program 4: getresuid(&(0x7f0000006f80), &(0x7f0000006fc0), &(0x7f0000007000)) 11:59:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x0, 0x0, &(0x7f0000000080)) 11:59:51 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x9, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 11:59:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x4e, 0x0, 0x0) [ 122.435815] audit: type=1400 audit(1756727991.260:10): avc: denied { watch_reads } for pid=3917 comm="syz-executor.7" path="/syzkaller-testdir889618295/syzkaller.IbLRTa/1" dev="sda" ino=15975 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 11:59:51 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) finit_module(0xffffffffffffffff, 0x0, 0x0) 11:59:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x4e, 0x0, 0x0) 11:59:51 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x25, &(0x7f0000000240)={0x1, 0x0, 0x9}) 11:59:51 executing program 4: write$tun(0xffffffffffffffff, &(0x7f00000000c0)={@val, @val, @llc={@llc={0x0, 0x0, 'Y'}}}, 0x11) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="866369ed", 0x4}], 0x1}, 0x0) 11:59:51 executing program 7: r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x84000, 0x0) 11:59:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40082104, 0x0) 11:59:51 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x1}) 11:59:51 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x9, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 11:59:51 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x25, &(0x7f0000000240)={0x1, 0x0, 0x9}) [ 122.624587] kmemleak: Found object by alias at 0x607f1a63dcfc [ 122.624610] CPU: 1 UID: 0 PID: 3936 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.624630] Tainted: [W]=WARN [ 122.624634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.624641] Call Trace: [ 122.624645] [ 122.624655] dump_stack_lvl+0xca/0x120 [ 122.624685] __lookup_object+0x94/0xb0 [ 122.624703] delete_object_full+0x27/0x70 [ 122.624720] free_percpu+0x30/0x1160 [ 122.624737] ? arch_uprobe_clear_state+0x16/0x140 [ 122.624758] futex_hash_free+0x38/0xc0 [ 122.624773] mmput+0x2d3/0x390 [ 122.624792] do_exit+0x79d/0x2970 [ 122.624806] ? signal_wake_up_state+0x85/0x120 [ 122.624822] ? zap_other_threads+0x2b9/0x3a0 [ 122.624838] ? __pfx_do_exit+0x10/0x10 [ 122.624851] ? do_group_exit+0x1c3/0x2a0 [ 122.624865] ? lock_release+0xc8/0x290 [ 122.624883] do_group_exit+0xd3/0x2a0 [ 122.624898] __x64_sys_exit_group+0x3e/0x50 [ 122.624913] x64_sys_call+0x18c5/0x18d0 [ 122.624929] do_syscall_64+0xbf/0x360 [ 122.624942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.624954] RIP: 0033:0x7f9369950b19 [ 122.624963] Code: Unable to access opcode bytes at 0x7f9369950aef. [ 122.624968] RSP: 002b:00007ffe4b577e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.624980] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f9369950b19 [ 122.624988] RDX: 00007f936990372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.624995] RBP: 0000000000000000 R08: 00007f9369a68280 R09: 0000000000000001 [ 122.625002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.625009] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe4b577f50 [ 122.625025] [ 122.625029] kmemleak: Object (percpu) 0x607f1a63dcf8 (size 8): [ 122.625036] kmemleak: comm "syz-executor.3", pid 3939, jiffies 4294789405 [ 122.625044] kmemleak: min_count = 1 11:59:51 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x9, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 122.625048] kmemleak: count = 0 [ 122.625051] kmemleak: flags = 0x21 [ 122.625055] kmemleak: checksum = 0 [ 122.625070] kmemleak: backtrace: [ 122.625075] pcpu_alloc_noprof+0x87a/0x1170 [ 122.625095] perf_trace_event_init+0x366/0xa10 [ 122.625114] perf_trace_init+0x1a4/0x2f0 [ 122.625131] perf_tp_event_init+0xa6/0x120 [ 122.625148] perf_try_init_event+0x140/0x9f0 [ 122.625162] perf_event_alloc.part.0+0x118e/0x45f0 [ 122.625179] __do_sys_perf_event_open+0x719/0x2c20 [ 122.625193] do_syscall_64+0xbf/0x360 [ 122.625202] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:59:51 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x1}) 11:59:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x4e, 0x0, 0x0) 11:59:51 executing program 7: r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x84000, 0x0) 11:59:51 executing program 0: shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000100)=""/180) 11:59:51 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x4e, 0x0, 0x0) 11:59:51 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) acct(&(0x7f0000000140)='./file0/../file0\x00') 11:59:51 executing program 3: mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x20bd9, 0x0) 11:59:51 executing program 6: syz_read_part_table(0x0, 0x1, &(0x7f00000003c0)=[{0x0, 0x0, 0x80000000}]) 11:59:51 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 11:59:51 executing program 7: r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x84000, 0x0) 11:59:51 executing program 0: r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000240)) dup3(r0, r2, 0x0) 11:59:51 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) [ 122.841413] loop6: detected capacity change from 0 to 264192 [ 122.853704] kmemleak: Found object by alias at 0x607f1a63e794 [ 122.853722] CPU: 1 UID: 0 PID: 3963 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.853741] Tainted: [W]=WARN [ 122.853745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.853753] Call Trace: [ 122.853757] [ 122.853762] dump_stack_lvl+0xca/0x120 [ 122.853795] __lookup_object+0x94/0xb0 [ 122.853814] delete_object_full+0x27/0x70 [ 122.853831] free_percpu+0x30/0x1160 [ 122.853848] ? arch_uprobe_clear_state+0x16/0x140 [ 122.853869] futex_hash_free+0x38/0xc0 [ 122.853884] mmput+0x2d3/0x390 [ 122.853903] do_exit+0x79d/0x2970 [ 122.853917] ? signal_wake_up_state+0x85/0x120 [ 122.853934] ? zap_other_threads+0x2b9/0x3a0 [ 122.853950] ? __pfx_do_exit+0x10/0x10 [ 122.853963] ? do_group_exit+0x1c3/0x2a0 [ 122.853977] ? lock_release+0xc8/0x290 [ 122.853995] do_group_exit+0xd3/0x2a0 [ 122.854011] __x64_sys_exit_group+0x3e/0x50 [ 122.854025] x64_sys_call+0x18c5/0x18d0 [ 122.854042] do_syscall_64+0xbf/0x360 [ 122.854055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.854068] RIP: 0033:0x7efd5260ab19 [ 122.854077] Code: Unable to access opcode bytes at 0x7efd5260aaef. [ 122.854082] RSP: 002b:00007ffe9e938658 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.854094] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007efd5260ab19 [ 122.854104] RDX: 00007efd525bd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.854114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 122.854122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.854129] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe9e938740 [ 122.854145] [ 122.854150] kmemleak: Object (percpu) 0x607f1a63e790 (size 8): [ 122.854157] kmemleak: comm "syz-executor.6", pid 3972, jiffies 4294789652 [ 122.854164] kmemleak: min_count = 1 [ 122.854168] kmemleak: count = 0 [ 122.854172] kmemleak: flags = 0x21 [ 122.854176] kmemleak: checksum = 0 [ 122.854180] kmemleak: backtrace: [ 122.854184] pcpu_alloc_noprof+0x87a/0x1170 [ 122.854200] __alloc_workqueue+0x74b/0x1820 [ 122.854218] alloc_workqueue_noprof+0xc7/0x200 [ 122.854227] loop_configure+0xf73/0x1590 [ 122.854243] lo_ioctl+0x66d/0x1c70 [ 122.854256] blkdev_ioctl+0x27c/0x6c0 [ 122.854266] __x64_sys_ioctl+0x18f/0x210 [ 122.854283] do_syscall_64+0xbf/0x360 [ 122.854292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.876591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:59:51 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sessionid\x00') read$char_usb(r0, &(0x7f0000000040)=""/226, 0xe2) 11:59:51 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) removexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@random={'user.', '^^{\x00'}) [ 122.902073] kmemleak: Found object by alias at 0x607f1a63dcfc [ 122.902092] CPU: 0 UID: 0 PID: 3966 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.902110] Tainted: [W]=WARN [ 122.902114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.902122] Call Trace: [ 122.902126] [ 122.902131] dump_stack_lvl+0xca/0x120 [ 122.902156] __lookup_object+0x94/0xb0 [ 122.902174] delete_object_full+0x27/0x70 [ 122.902190] free_percpu+0x30/0x1160 [ 122.902208] ? arch_uprobe_clear_state+0x16/0x140 [ 122.902228] futex_hash_free+0x38/0xc0 [ 122.902243] mmput+0x2d3/0x390 [ 122.902263] do_exit+0x79d/0x2970 [ 122.902281] ? __pfx_do_exit+0x10/0x10 [ 122.902295] ? find_held_lock+0x2b/0x80 [ 122.902314] ? get_signal+0x835/0x2340 [ 122.902334] do_group_exit+0xd3/0x2a0 [ 122.902350] get_signal+0x2315/0x2340 [ 122.902368] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.902386] ? __pfx_get_signal+0x10/0x10 [ 122.902402] ? __schedule+0xe91/0x3590 [ 122.902426] arch_do_signal_or_restart+0x80/0x790 [ 122.902448] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.902464] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.902477] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.902491] ? putname.part.0+0x11b/0x160 [ 122.902507] ? acct_on+0x6b0/0x870 [ 122.902522] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.902535] ? xfd_validate_state+0x55/0x180 [ 122.902558] exit_to_user_mode_loop+0x8b/0x110 [ 122.902571] do_syscall_64+0x2f7/0x360 [ 122.902584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.902596] RIP: 0033:0x7f9369950b19 [ 122.902605] Code: Unable to access opcode bytes at 0x7f9369950aef. [ 122.902611] RSP: 002b:00007f9366ec6218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.902623] RAX: 0000000000000001 RBX: 00007f9369a63f68 RCX: 00007f9369950b19 [ 122.902630] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9369a63f6c [ 122.902637] RBP: 00007f9369a63f60 R08: 0000000000000015 R09: 0000000000000000 [ 122.902644] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9369a63f6c [ 122.902657] R13: 00007ffe4b577c3f R14: 00007f9366ec6300 R15: 0000000000022000 [ 122.902672] [ 122.902676] kmemleak: Object (percpu) 0x607f1a63dcf8 (size 8): [ 122.902683] kmemleak: comm "syz-executor.4", pid 3966, jiffies 4294789647 [ 122.902690] kmemleak: min_count = 1 [ 122.902694] kmemleak: count = 0 [ 122.902697] kmemleak: flags = 0x21 [ 122.902701] kmemleak: checksum = 0 [ 122.902705] kmemleak: backtrace: [ 122.902708] pcpu_alloc_noprof+0x87a/0x1170 [ 122.902724] alloc_vfsmnt+0x135/0x6e0 [ 122.902738] vfs_create_mount.part.0+0x40/0x440 [ 122.902754] path_mount+0x1637/0x1dd0 [ 122.902765] __x64_sys_mount+0x27b/0x300 [ 122.902777] do_syscall_64+0xbf/0x360 [ 122.902786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.941160] loop6: detected capacity change from 0 to 264192 11:59:51 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0xffffffff, 0xffffffff000}) [ 122.959288] kmemleak: Found object by alias at 0x607f1a63e794 [ 122.959303] CPU: 1 UID: 0 PID: 3980 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.959321] Tainted: [W]=WARN [ 122.959325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.959332] Call Trace: [ 122.959336] [ 122.959340] dump_stack_lvl+0xca/0x120 [ 122.959368] __lookup_object+0x94/0xb0 [ 122.959385] delete_object_full+0x27/0x70 [ 122.959402] free_percpu+0x30/0x1160 [ 122.959418] ? arch_uprobe_clear_state+0x16/0x140 [ 122.959438] futex_hash_free+0x38/0xc0 [ 122.959453] mmput+0x2d3/0x390 [ 122.959473] do_exit+0x79d/0x2970 [ 122.959491] ? __pfx_do_exit+0x10/0x10 [ 122.959505] ? find_held_lock+0x2b/0x80 [ 122.959523] ? get_signal+0x835/0x2340 [ 122.959544] do_group_exit+0xd3/0x2a0 [ 122.959559] get_signal+0x2315/0x2340 [ 122.959577] ? put_task_stack+0xd2/0x240 [ 122.959592] ? __pfx_get_signal+0x10/0x10 [ 122.959608] ? __schedule+0xe91/0x3590 [ 122.959630] arch_do_signal_or_restart+0x80/0x790 [ 122.959653] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.959670] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.959683] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.959697] ? __x64_sys_openat+0x142/0x200 [ 122.959715] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.959728] ? ksys_read+0x1a3/0x240 [ 122.959740] ? xfd_validate_state+0x55/0x180 [ 122.959761] exit_to_user_mode_loop+0x8b/0x110 [ 122.959775] do_syscall_64+0x2f7/0x360 [ 122.959788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.959800] RIP: 0033:0x7efd5260ab19 [ 122.959809] Code: Unable to access opcode bytes at 0x7efd5260aaef. [ 122.959815] RSP: 002b:00007efd4fb80218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.959826] RAX: 0000000000000001 RBX: 00007efd5271df68 RCX: 00007efd5260ab19 [ 122.959834] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efd5271df6c [ 122.959841] RBP: 00007efd5271df60 R08: 000000000000000e R09: 0000000000000000 [ 122.959849] R10: 0000000000000003 R11: 0000000000000246 R12: 00007efd5271df6c [ 122.959856] R13: 00007ffe9e93842f R14: 00007efd4fb80300 R15: 0000000000022000 [ 122.959872] [ 122.959876] kmemleak: Object (percpu) 0x607f1a63e790 (size 8): [ 122.959882] kmemleak: comm "syz-executor.6", pid 3972, jiffies 4294789652 [ 122.959890] kmemleak: min_count = 1 [ 122.959894] kmemleak: count = 0 [ 122.959897] kmemleak: flags = 0x21 [ 122.959901] kmemleak: checksum = 0 [ 122.959905] kmemleak: backtrace: [ 122.959908] pcpu_alloc_noprof+0x87a/0x1170 [ 122.959924] __alloc_workqueue+0x74b/0x1820 [ 122.959942] alloc_workqueue_noprof+0xc7/0x200 [ 122.959951] loop_configure+0xf73/0x1590 [ 122.959966] lo_ioctl+0x66d/0x1c70 [ 122.959979] blkdev_ioctl+0x27c/0x6c0 [ 122.959989] __x64_sys_ioctl+0x18f/0x210 [ 122.960005] do_syscall_64+0xbf/0x360 [ 122.960015] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:59:51 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) removexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@random={'user.', '^^{\x00'}) 11:59:51 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 11:59:51 executing program 7: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) [ 123.022462] ------------[ cut here ]------------ [ 123.023155] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#0: syz-executor.4/283 [ 123.023903] Modules linked in: [ 123.024230] CPU: 0 UID: 0 PID: 283 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.026538] Tainted: [W]=WARN [ 123.027233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.028889] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 123.030201] Code: c7 20 49 d1 85 e8 41 b3 fa 02 49 8d 7d 40 5b 48 c7 c6 d0 fa be 81 5d 41 5c 41 5d 41 5e 41 5f e9 97 9a 9c ff e8 f2 3c b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 e4 3c b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 123.033488] RSP: 0018:ffff888016d8fe20 EFLAGS: 00010293 [ 123.033939] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bfb6a5 [ 123.034502] RDX: ffff8880172f8000 RSI: ffffffff81bfb9be RDI: 0000000000000005 [ 123.035082] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 123.035648] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880172f88d8 [ 123.036224] R13: ffff88800b72c000 R14: 0000000000000001 R15: ffff88800b72c040 [ 123.036800] FS: 000055556b34f400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.037443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.037923] CR2: 000055556b358c58 CR3: 000000003c240000 CR4: 0000000000350ef0 [ 123.038489] Call Trace: [ 123.038724] [ 123.038912] task_work_run+0x172/0x280 [ 123.039241] ? __pfx_task_work_run+0x10/0x10 [ 123.039593] ? __x64_sys_umount+0x114/0x190 [ 123.039960] ? __pfx___x64_sys_umount+0x10/0x10 [ 123.040346] exit_to_user_mode_loop+0xef/0x110 [ 123.040741] do_syscall_64+0x2f7/0x360 [ 123.041059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.041484] RIP: 0033:0x7f9369951f87 [ 123.041806] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.043248] RSP: 002b:00007ffe4b576d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 123.043871] RAX: 0000000000000000 RBX: 000000000000000e RCX: 00007f9369951f87 [ 123.044434] RDX: 00007ffe4b576e59 RSI: 000000000000000a RDI: 00007ffe4b576e50 [ 123.045015] RBP: 00007ffe4b576e50 R08: 00000000ffffffff R09: 00007ffe4b576c20 [ 123.045591] R10: 000055556b350c7b R11: 0000000000000246 R12: 00007f93699aa105 [ 123.046168] R13: 00007ffe4b577f10 R14: 000055556b350c20 R15: 00007ffe4b577f50 [ 123.046762] [ 123.046955] irq event stamp: 170243 [ 123.047241] hardirqs last enabled at (170251): [] __up_console_sem+0x78/0x80 [ 123.047949] hardirqs last disabled at (170260): [] __up_console_sem+0x5d/0x80 [ 123.048638] softirqs last enabled at (170082): [] handle_softirqs+0x50c/0x770 [ 123.049370] softirqs last disabled at (170067): [] __irq_exit_rcu+0xc4/0x100 [ 123.050075] ---[ end trace 0000000000000000 ]--- 11:59:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x24, 0x1c, 0x1, 0x0, 0x0, "", [@nested={0x14, 0x0, 0x0, 0x1, [@typed={0x3, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x1, 0x0, 0x0, @fd}]}]}, 0x24}], 0x1}, 0x0) [ 123.192311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:59:52 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYRES16, @ANYRES32=0x0, @ANYBLOB="0800061001"], 0x30}}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), r0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 11:59:52 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) removexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@random={'user.', '^^{\x00'}) 11:59:52 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 11:59:52 executing program 6: ioprio_set$pid(0x0, 0xffffffffffffffff, 0x7) 11:59:52 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) 11:59:52 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000100)={0x0, 0x0, 0x1820e68b, 0x0, 0x0, "4ef5e1fbd47a86326fd3340bf28b8967836d60"}) 11:59:52 executing program 7: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r1, 0x729, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}}, 0x0) 11:59:52 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000200)="a0", 0x1}, {0x0, 0x2}], 0x2) [ 123.240512] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 123.256372] BUG: unable to handle page fault for address: ffffed10212c9296 [ 123.256926] #PF: supervisor read access in kernel mode [ 123.257354] #PF: error_code(0x0000) - not-present page [ 123.257767] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 123.258212] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 123.258596] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.259533] Tainted: [W]=WARN [ 123.259784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.260427] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.260811] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.262245] RSP: 0018:ffff888045adf780 EFLAGS: 00010016 [ 123.262666] RAX: 1ffff110212c9296 RBX: ffff8881096492c0 RCX: ffffc9000721a000 [ 123.263236] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff8881096494b0 [ 123.263794] RBP: ffff888045adf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16790 [ 123.264355] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.264912] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.265476] FS: 00007efd4fb80700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.266110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.266573] CR2: ffffed10212c9296 CR3: 00000000457f3000 CR4: 0000000000350ef0 [ 123.267137] Call Trace: [ 123.267348] [ 123.267534] ? merge_sched_in+0xcb/0x1810 [ 123.267864] ? __pfx_perf_tp_event+0x10/0x10 [ 123.268221] ? __asan_memcpy+0x3d/0x60 [ 123.268537] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 123.269027] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 123.269541] ? lock_is_held_type+0x9e/0x120 [ 123.269897] ? ctx_sched_in+0x134/0x9b0 [ 123.270173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.270212] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 123.271334] ? perf_swevent_event+0x63/0x3f0 [ 123.271697] ? perf_tp_event+0x807/0xe70 [ 123.272027] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.272434] perf_trace_run_bpf_submit+0xef/0x180 [ 123.272832] perf_trace_preemptirq_template+0x259/0x430 [ 123.273260] ? mark_held_locks+0x49/0x80 [ 123.273590] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.274050] ? _raw_spin_lock_irqsave+0x53/0x60 [ 123.274427] trace_irq_disable.constprop.0+0xa6/0x100 [ 123.274842] _raw_spin_lock_irqsave+0x53/0x60 [ 123.275209] try_to_wake_up+0xa0/0x11d0 [ 123.275537] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.275898] ? plist_del+0x122/0x270 [ 123.276199] ? find_held_lock+0x2b/0x80 [ 123.276527] ? futex_wake+0x474/0x540 [ 123.276836] wake_up_q+0xa1/0x130 [ 123.277128] futex_wake+0x47e/0x540 [ 123.277424] ? __pfx_futex_wake+0x10/0x10 [ 123.277762] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 123.278164] ? lock_release+0xc8/0x290 [ 123.278476] do_futex+0x26d/0x370 [ 123.278761] ? __pfx_do_futex+0x10/0x10 [ 123.279087] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.279493] __x64_sys_futex+0x1c9/0x4d0 [ 123.279818] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.280276] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.280645] do_syscall_64+0xbf/0x360 [ 123.280954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.281368] RIP: 0033:0x7efd5260ab19 [ 123.281671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.283092] RSP: 002b:00007efd4fb80218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.283690] RAX: ffffffffffffffda RBX: 00007efd5271df68 RCX: 00007efd5260ab19 [ 123.284252] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efd5271df6c [ 123.284809] RBP: 00007efd5271df60 R08: 000000000000000e R09: 0000000000000000 [ 123.285377] R10: 0000000000000003 R11: 0000000000000246 R12: 00007efd5271df6c [ 123.285935] R13: 00007ffe9e93842f R14: 00007efd4fb80300 R15: 0000000000022000 [ 123.286502] [ 123.286693] Modules linked in: [ 123.286952] CR2: ffffed10212c9296 [ 123.287227] ---[ end trace 0000000000000000 ]--- [ 123.287604] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.287982] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.289406] RSP: 0018:ffff888045adf780 EFLAGS: 00010016 [ 123.289825] RAX: 1ffff110212c9296 RBX: ffff8881096492c0 RCX: ffffc9000721a000 [ 123.290382] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff8881096494b0 [ 123.290942] RBP: ffff888045adf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16790 [ 123.291505] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.292072] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.292633] FS: 00007efd4fb80700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.293270] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.293736] CR2: ffffed10212c9296 CR3: 00000000457f3000 CR4: 0000000000350ef0 [ 123.294307] note: syz-executor.3[4008] exited with irqs disabled [ 123.294828] BUG: unable to handle page fault for address: ffffed10212c9296 [ 123.295372] #PF: supervisor read access in kernel mode [ 123.295791] #PF: error_code(0x0000) - not-present page [ 123.296202] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 123.296652] Oops: Oops: 0000 [#2] SMP KASAN NOPTI [ 123.297043] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.297995] Tainted: [D]=DIE, [W]=WARN [ 123.298303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.298948] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.299327] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.300739] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010016 [ 123.301170] RAX: 1ffff110212c9296 RBX: ffff8881096492c0 RCX: 0000000000000002 [ 123.301750] RDX: ffff88801b74d280 RSI: ffffffff8189a4e7 RDI: ffff8881096494b0 [ 123.302311] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc16790 [ 123.302868] R10: 0000000000000000 R11: ffff88800cf09c98 R12: dffffc0000000000 [ 123.303426] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 123.303986] FS: 00007efd4fb80700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.304618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.305083] CR2: ffffed10212c9296 CR3: 00000000457f3000 CR4: 0000000000350ef0 [ 123.305652] Call Trace: [ 123.305863] [ 123.306045] ? __pfx_perf_tp_event+0x10/0x10 [ 123.306407] ? sched_clock_cpu+0x6c/0x4e0 [ 123.306742] ? trace_pelt_se_tp+0xdf/0x130 [ 123.307081] ? place_entity+0x300/0x410 [ 123.307412] ? lock_acquire+0x18c/0x2f0 [ 123.307737] ? update_cfs_group+0x11d/0x260 [ 123.308086] ? lock_release+0x1c7/0x290 [ 123.308411] ? trace_softirq_raise+0xbe/0x100 [ 123.308784] ? run_posix_cpu_timers+0x160/0x7d0 [ 123.309163] ? __raise_softirq_irqoff+0x5f/0x90 [ 123.309537] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 123.309937] ? sched_balance_trigger+0x1ac/0xcb0 [ 123.310324] ? sched_tick+0x27c/0x6c0 [ 123.310637] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.311048] ? timerqueue_add+0x1c2/0x330 [ 123.311380] perf_trace_run_bpf_submit+0xef/0x180 [ 123.311777] perf_trace_preemptirq_template+0x259/0x430 [ 123.312198] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.312659] ? read_tsc+0x9/0x20 [ 123.312937] ? ktime_get+0x16d/0x270 [ 123.313255] ? __pfx_lapic_next_deadline+0x10/0x10 [ 123.313655] ? clockevents_program_event+0x135/0x360 [ 123.314069] ? _raw_spin_lock_irq+0x42/0x50 [ 123.314413] trace_irq_disable.constprop.0+0xa6/0x100 [ 123.314825] _raw_spin_lock_irq+0x42/0x50 [ 123.315157] run_timer_softirq+0x10f/0x210 [ 123.315499] handle_softirqs+0x1b1/0x770 [ 123.315834] __irq_exit_rcu+0xc4/0x100 [ 123.316149] irq_exit_rcu+0x9/0x20 [ 123.316442] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.316837] [ 123.317021] [ 123.317218] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.317636] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.318010] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 123.319434] RSP: 0018:ffff888045adff28 EFLAGS: 00000246 [ 123.319852] RAX: 0000000000000001 RBX: ffff88801b74d280 RCX: ffffffff817c3ab6 [ 123.320410] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.320969] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 123.321535] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801b74d280 [ 123.322090] R13: 0000000000000009 R14: ffff888045adf760 R15: 0000000000000000 [ 123.322650] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.323064] ? make_task_dead+0x214/0x3b0 [ 123.323398] ? make_task_dead+0x214/0x3b0 [ 123.323730] ? do_syscall_64+0xbf/0x360 [ 123.324046] rewind_stack_and_make_dead+0x16/0x20 [ 123.324437] RIP: 0033:0x7efd5260ab19 [ 123.324732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.326199] RSP: 002b:00007efd4fb80218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.326793] RAX: ffffffffffffffda RBX: 00007efd5271df68 RCX: 00007efd5260ab19 [ 123.327346] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efd5271df6c [ 123.327902] RBP: 00007efd5271df60 R08: 000000000000000e R09: 0000000000000000 [ 123.328456] R10: 0000000000000003 R11: 0000000000000246 R12: 00007efd5271df6c [ 123.329010] R13: 00007ffe9e93842f R14: 00007efd4fb80300 R15: 0000000000022000 [ 123.329581] [ 123.329770] Modules linked in: [ 123.330024] CR2: ffffed10212c9296 [ 123.330295] ---[ end trace 0000000000000000 ]--- [ 123.330658] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.331034] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.332448] RSP: 0018:ffff888045adf780 EFLAGS: 00010016 [ 123.332866] RAX: 1ffff110212c9296 RBX: ffff8881096492c0 RCX: ffffc9000721a000 [ 123.333427] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff8881096494b0 [ 123.333982] RBP: ffff888045adf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16790 [ 123.334533] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.335089] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.335654] FS: 00007efd4fb80700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.336274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.336732] CR2: ffffed10212c9296 CR3: 00000000457f3000 CR4: 0000000000350ef0 [ 123.337299] Kernel panic - not syncing: Fatal exception in interrupt [ 123.337887] Kernel Offset: disabled [ 123.338173] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:59:52 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016d8f760 R8 =0000000000000001 R9 =ffffed1002db1edd R10=0000000000000000 R11=0000000000000001 R12=0000000000000031 R13=ffffffff88729290 R14=ffffffff88729240 R15=ffffffff88729500 RIP=ffffffff828e50c5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556b34f400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055556b358c58 CR3=000000003c240000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000ffffffff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f9034f267c800007f9034f267c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000080010002 RBX=0000000000000001 RCX=ffffffff8161c1cc RDX=ffff888018b5b700 RSI=ffffffff8161c2b9 RDI=0000000000000001 RBP=ffff88806cf289d8 RSP=ffff88806cf08e08 R8 =0000000000000000 R9 =fffffbfff0c8768a R10=0000000000000001 R11=0000000000000001 R12=ffff88806cf28080 R13=ffff88806cf28100 R14=0000001c9e3ecc80 R15=dffffc0000000000 RIP=ffffffff815af280 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f67424d7658 CR3=0000000035c24000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000