Warning: Permanently added '[localhost]:15423' (ECDSA) to the list of known hosts. 2025/08/29 08:19:54 fuzzer started 2025/08/29 08:19:54 dialing manager at localhost:43077 syzkaller login: [ 51.256354] cgroup: Unknown subsys name 'net' [ 51.319084] cgroup: Unknown subsys name 'cpuset' [ 51.345470] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:20:05 syscalls: 2214 2025/08/29 08:20:05 code coverage: enabled 2025/08/29 08:20:05 comparison tracing: enabled 2025/08/29 08:20:05 extra coverage: enabled 2025/08/29 08:20:05 setuid sandbox: enabled 2025/08/29 08:20:05 namespace sandbox: enabled 2025/08/29 08:20:05 Android sandbox: enabled 2025/08/29 08:20:05 fault injection: enabled 2025/08/29 08:20:05 leak checking: enabled 2025/08/29 08:20:05 net packet injection: enabled 2025/08/29 08:20:05 net device setup: enabled 2025/08/29 08:20:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:20:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:20:05 USB emulation: enabled 2025/08/29 08:20:05 hci packet injection: enabled 2025/08/29 08:20:05 wifi device emulation: enabled 2025/08/29 08:20:05 802.15.4 emulation: enabled 2025/08/29 08:20:05 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:20:05 fetching corpus: 50, signal 22436/25421 (executing program) 2025/08/29 08:20:05 fetching corpus: 100, signal 32774/36579 (executing program) 2025/08/29 08:20:05 fetching corpus: 150, signal 42811/47004 (executing program) 2025/08/29 08:20:05 fetching corpus: 200, signal 48647/53151 (executing program) 2025/08/29 08:20:05 fetching corpus: 250, signal 54093/58754 (executing program) 2025/08/29 08:20:06 fetching corpus: 300, signal 59645/64072 (executing program) 2025/08/29 08:20:06 fetching corpus: 350, signal 63279/67683 (executing program) 2025/08/29 08:20:06 fetching corpus: 400, signal 66666/70972 (executing program) 2025/08/29 08:20:06 fetching corpus: 450, signal 70744/74543 (executing program) 2025/08/29 08:20:06 fetching corpus: 500, signal 72891/76536 (executing program) 2025/08/29 08:20:06 fetching corpus: 550, signal 74638/78192 (executing program) 2025/08/29 08:20:06 fetching corpus: 600, signal 77264/80303 (executing program) 2025/08/29 08:20:07 fetching corpus: 650, signal 81188/83243 (executing program) 2025/08/29 08:20:07 fetching corpus: 700, signal 83108/84960 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/85973 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86057 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86142 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86231 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86333 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86430 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86534 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86629 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86726 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86813 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/86912 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87001 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87107 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87180 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87266 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87346 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87438 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87516 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87599 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87691 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87765 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87863 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/87953 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/88050 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/88143 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/88235 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/88329 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/88423 (executing program) 2025/08/29 08:20:07 fetching corpus: 732, signal 84598/88423 (executing program) 2025/08/29 08:20:09 starting 8 fuzzer processes 08:20:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x0, 0x0, 0x0) 08:20:09 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0xe82, 0x70bd27, 0x0, {{}, {@val={0x8, 0x1, 0x9}, @void, @void}}, ["", "", "", "", "", ""]}, 0x1c}}, 0x4884) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000700)={0x28, r2, 0xcea008a6e34dc1cb, 0x0, 0x0, {{0x65}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 08:20:09 executing program 1: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) utimes(&(0x7f0000000200)='./file0\x00', &(0x7f0000000540)) 08:20:09 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) 08:20:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x1c, r1, 0x5, 0x0, 0x0, {{0x1c}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 08:20:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x4}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0) 08:20:09 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @mcast2, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 66.167191] audit: type=1400 audit(1756455609.753:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:20:09 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), r0) sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r1, 0x1}, 0x14}}, 0x0) [ 67.451201] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.453927] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.457696] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.465531] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.472885] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.532434] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.539288] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.541652] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.544211] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.546589] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.550984] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.552796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.554842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.556734] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.561899] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.562000] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.567356] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.568202] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.570300] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.575066] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.579117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.581522] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.583247] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.584764] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.586684] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.590711] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.597678] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.601757] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.608626] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.610620] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.612741] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.615921] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.619249] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.644998] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.652350] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.682828] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.682834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.697739] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.712340] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.714761] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.548529] Bluetooth: hci0: command tx timeout [ 69.675469] Bluetooth: hci3: command tx timeout [ 69.675498] Bluetooth: hci1: command tx timeout [ 69.676216] Bluetooth: hci2: command tx timeout [ 69.676981] Bluetooth: hci4: command tx timeout [ 69.677529] Bluetooth: hci5: command tx timeout [ 69.739506] Bluetooth: hci6: command tx timeout [ 69.803480] Bluetooth: hci7: command tx timeout [ 71.595543] Bluetooth: hci0: command tx timeout [ 71.723465] Bluetooth: hci2: command tx timeout [ 71.723988] Bluetooth: hci5: command tx timeout [ 71.724494] Bluetooth: hci4: command tx timeout [ 71.724551] Bluetooth: hci1: command tx timeout [ 71.724938] Bluetooth: hci3: command tx timeout [ 71.787432] Bluetooth: hci6: command tx timeout [ 71.851740] Bluetooth: hci7: command tx timeout [ 73.643418] Bluetooth: hci0: command tx timeout [ 73.773401] Bluetooth: hci1: command tx timeout [ 73.773830] Bluetooth: hci4: command tx timeout [ 73.774194] Bluetooth: hci2: command tx timeout [ 73.774594] Bluetooth: hci3: command tx timeout [ 73.774951] Bluetooth: hci5: command tx timeout [ 73.835436] Bluetooth: hci6: command tx timeout [ 73.899420] Bluetooth: hci7: command tx timeout [ 75.691417] Bluetooth: hci0: command tx timeout [ 75.819456] Bluetooth: hci5: command tx timeout [ 75.819895] Bluetooth: hci3: command tx timeout [ 75.820273] Bluetooth: hci2: command tx timeout [ 75.820673] Bluetooth: hci4: command tx timeout [ 75.821035] Bluetooth: hci1: command tx timeout [ 75.883424] Bluetooth: hci6: command tx timeout [ 75.947460] Bluetooth: hci7: command tx timeout [ 103.291116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.291824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.464956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.465715] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.701123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.701799] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.823513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.824141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.904552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.905151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.970267] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.970902] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.056849] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.057593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.115673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.116283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.138268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.138919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.167561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.168136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.189109] audit: type=1400 audit(1756455647.775:8): avc: denied { open } for pid=3876 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.190791] audit: type=1400 audit(1756455647.775:9): avc: denied { kernel } for pid=3876 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:20:47 executing program 1: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) utimes(&(0x7f0000000200)='./file0\x00', &(0x7f0000000540)) [ 104.240093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.241037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:20:47 executing program 1: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) utimes(&(0x7f0000000200)='./file0\x00', &(0x7f0000000540)) 08:20:47 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), r0) sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r1, 0x1}, 0x14}}, 0x0) [ 104.325901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.326546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.338225] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.338936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.449777] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.450562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.483197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.484503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.576293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.577211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:20:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x0, 0x0, 0x0) 08:20:48 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0xe82, 0x70bd27, 0x0, {{}, {@val={0x8, 0x1, 0x9}, @void, @void}}, ["", "", "", "", "", ""]}, 0x1c}}, 0x4884) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000700)={0x28, r2, 0xcea008a6e34dc1cb, 0x0, 0x0, {{0x65}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 08:20:48 executing program 1: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) utimes(&(0x7f0000000200)='./file0\x00', &(0x7f0000000540)) 08:20:48 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), r0) sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r1, 0x1}, 0x14}}, 0x0) 08:20:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @mcast2, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 08:20:48 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x4}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0) 08:20:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) 08:20:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x1c, r1, 0x5, 0x0, 0x0, {{0x1c}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 08:20:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @mcast2, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 08:20:48 executing program 7: syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x6, 0x0, @private2, @mcast2, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 08:20:48 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x4}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0) 08:20:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) 08:20:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x0, 0x0, 0x0) 08:20:48 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), r0) sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r1, 0x1}, 0x14}}, 0x0) 08:20:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x1c, r1, 0x5, 0x0, 0x0, {{0x1c}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 08:20:48 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) 08:20:48 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0xe82, 0x70bd27, 0x0, {{}, {@val={0x8, 0x1, 0x9}, @void, @void}}, ["", "", "", "", "", ""]}, 0x1c}}, 0x4884) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000700)={0x28, r2, 0xcea008a6e34dc1cb, 0x0, 0x0, {{0x65}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 104.982585] kmemleak: Found object by alias at 0x607f1a6339d4 [ 104.982605] CPU: 0 UID: 0 PID: 3924 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 104.982623] Tainted: [W]=WARN [ 104.982627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.982634] Call Trace: [ 104.982639] [ 104.982643] dump_stack_lvl+0xca/0x120 [ 104.982672] __lookup_object+0x94/0xb0 [ 104.982689] delete_object_full+0x27/0x70 [ 104.982705] free_percpu+0x30/0x1160 [ 104.982722] ? arch_uprobe_clear_state+0x16/0x140 [ 104.982742] futex_hash_free+0x38/0xc0 [ 104.982757] mmput+0x2d3/0x390 [ 104.982776] do_exit+0x79d/0x2970 [ 104.982793] ? __pfx_do_exit+0x10/0x10 [ 104.982807] ? find_held_lock+0x2b/0x80 [ 104.982825] ? get_signal+0x835/0x2340 [ 104.982845] do_group_exit+0xd3/0x2a0 [ 104.982860] get_signal+0x2315/0x2340 [ 104.982877] ? perf_trace_preemptirq_template+0x259/0x430 [ 104.982901] ? __pfx_get_signal+0x10/0x10 [ 104.982917] ? do_futex+0x135/0x370 [ 104.982931] ? __pfx_do_futex+0x10/0x10 [ 104.982942] ? cpuset_mems_allowed+0x1a3/0x440 [ 104.982956] arch_do_signal_or_restart+0x80/0x790 [ 104.982974] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 104.982990] ? __x64_sys_futex+0x1c9/0x4d0 [ 104.983002] ? __x64_sys_futex+0x1d2/0x4d0 [ 104.983015] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.983033] ? kernel_migrate_pages+0x8c/0x730 [ 104.983051] ? __pfx___x64_sys_futex+0x10/0x10 [ 104.983070] exit_to_user_mode_loop+0x8b/0x110 [ 104.983083] do_syscall_64+0x2f7/0x360 [ 104.983095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.983107] RIP: 0033:0x7fa961abcb19 [ 104.983116] Code: Unable to access opcode bytes at 0x7fa961abcaef. [ 104.983121] RSP: 002b:00007fa95f032218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.983132] RAX: fffffffffffffe00 RBX: 00007fa961bcff68 RCX: 00007fa961abcb19 [ 104.983139] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa961bcff68 [ 104.983146] RBP: 00007fa961bcff60 R08: 0000000000000000 R09: 0000000000000000 [ 104.983153] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa961bcff6c [ 104.983160] R13: 00007ffefc33256f R14: 00007fa95f032300 R15: 0000000000022000 [ 104.983176] [ 104.983180] kmemleak: Object (percpu) 0x607f1a6339c8 (size 16): [ 104.983187] kmemleak: comm "syz-executor.6", pid 285, jiffies 4294771752 [ 104.983194] kmemleak: min_count = 1 [ 104.983198] kmemleak: count = 0 [ 104.983201] kmemleak: flags = 0x21 [ 104.983205] kmemleak: checksum = 0 [ 104.983209] kmemleak: backtrace: [ 104.983212] pcpu_alloc_noprof+0x87a/0x1170 [ 104.983227] mm_init+0x99b/0x1170 [ 104.983235] copy_process+0x3ab7/0x73c0 [ 104.983245] kernel_clone+0xea/0x7f0 [ 104.983255] __do_sys_clone+0xce/0x120 [ 104.983265] do_syscall_64+0xbf/0x360 [ 104.983273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.993954] kmemleak: Found object by alias at 0x607f1a6339d0 [ 104.993974] CPU: 1 UID: 0 PID: 3933 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 104.993992] Tainted: [W]=WARN [ 104.993996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.994004] Call Trace: [ 104.994008] [ 104.994013] dump_stack_lvl+0xca/0x120 [ 104.994043] __lookup_object+0x94/0xb0 [ 104.994060] delete_object_full+0x27/0x70 [ 104.994076] free_percpu+0x30/0x1160 [ 104.994093] ? arch_uprobe_clear_state+0x16/0x140 [ 104.994114] futex_hash_free+0x38/0xc0 [ 104.994128] mmput+0x2d3/0x390 [ 104.994147] do_exit+0x79d/0x2970 [ 104.994161] ? lock_release+0xc8/0x290 [ 104.994179] ? __pfx_do_exit+0x10/0x10 [ 104.994192] ? find_held_lock+0x2b/0x80 [ 104.994210] ? get_signal+0x835/0x2340 [ 104.994230] do_group_exit+0xd3/0x2a0 08:20:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x1c, r1, 0x5, 0x0, 0x0, {{0x1c}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 08:20:48 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) [ 104.994245] get_signal+0x2315/0x2340 [ 104.994262] ? __fget_files+0x203/0x3b0 [ 104.994277] ? __pfx_get_signal+0x10/0x10 [ 104.994293] ? do_futex+0x135/0x370 [ 104.994307] ? __pfx_do_futex+0x10/0x10 [ 104.994321] arch_do_signal_or_restart+0x80/0x790 [ 104.994339] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 104.994355] ? __x64_sys_futex+0x1c9/0x4d0 [ 104.994376] ? __x64_sys_futex+0x1d2/0x4d0 [ 104.994391] ? __pfx___x64_sys_futex+0x10/0x10 [ 104.994409] exit_to_user_mode_loop+0x8b/0x110 [ 104.994422] do_syscall_64+0x2f7/0x360 [ 104.994435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.994446] RIP: 0033:0x7fe3def2eb19 [ 104.994456] Code: Unable to access opcode bytes at 0x7fe3def2eaef. [ 104.994461] RSP: 002b:00007fe3dc4a4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.994472] RAX: fffffffffffffe00 RBX: 00007fe3df041f68 RCX: 00007fe3def2eb19 [ 104.994481] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe3df041f68 [ 104.994489] RBP: 00007fe3df041f60 R08: 0000000000000000 R09: 0000000000000000 [ 104.994497] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe3df041f6c [ 104.994505] R13: 00007ffe2151052f R14: 00007fe3dc4a4300 R15: 0000000000022000 [ 104.994522] [ 104.994526] kmemleak: Object (percpu) 0x607f1a6339c8 (size 16): [ 104.994533] kmemleak: comm "syz-executor.6", pid 285, jiffies 4294771752 [ 104.994540] kmemleak: min_count = 1 [ 104.994544] kmemleak: count = 0 [ 104.994547] kmemleak: flags = 0x21 [ 104.994551] kmemleak: checksum = 0 [ 104.994555] kmemleak: backtrace: [ 104.994559] pcpu_alloc_noprof+0x87a/0x1170 [ 104.994573] mm_init+0x99b/0x1170 [ 104.994581] copy_process+0x3ab7/0x73c0 [ 104.994591] kernel_clone+0xea/0x7f0 [ 104.994600] __do_sys_clone+0xce/0x120 [ 104.994610] do_syscall_64+0xbf/0x360 [ 104.994619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.007686] kmemleak: Found object by alias at 0x607f1a6339cc [ 105.007699] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.007716] Tainted: [W]=WARN [ 105.007720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.007726] Call Trace: [ 105.007729] [ 105.007733] dump_stack_lvl+0xca/0x120 [ 105.007753] __lookup_object+0x94/0xb0 [ 105.007767] delete_object_full+0x27/0x70 [ 105.007782] free_percpu+0x30/0x1160 [ 105.007796] ? arch_uprobe_clear_state+0x16/0x140 [ 105.007816] futex_hash_free+0x38/0xc0 [ 105.007828] mmput+0x2d3/0x390 [ 105.007846] do_exit+0x79d/0x2970 [ 105.007862] ? __pfx_do_exit+0x10/0x10 [ 105.007876] ? find_held_lock+0x2b/0x80 [ 105.007892] ? get_signal+0x835/0x2340 [ 105.007910] do_group_exit+0xd3/0x2a0 [ 105.007925] get_signal+0x2315/0x2340 [ 105.007942] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 105.007959] ? __pfx_get_signal+0x10/0x10 [ 105.007975] ? do_futex+0x135/0x370 [ 105.007988] ? __pfx_do_futex+0x10/0x10 [ 105.008003] arch_do_signal_or_restart+0x80/0x790 [ 105.008019] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.008035] ? __x64_sys_futex+0x1c9/0x4d0 [ 105.008047] ? __x64_sys_futex+0x1d2/0x4d0 [ 105.008061] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.008074] ? selinux_file_ioctl+0xb9/0x280 [ 105.008089] ? xfd_validate_state+0x55/0x180 [ 105.008110] exit_to_user_mode_loop+0x8b/0x110 [ 105.008122] do_syscall_64+0x2f7/0x360 [ 105.008133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.008144] RIP: 0033:0x7fc406655b19 [ 105.008152] Code: Unable to access opcode bytes at 0x7fc406655aef. [ 105.008157] RSP: 002b:00007fc403bcb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.008168] RAX: fffffffffffffe00 RBX: 00007fc406768f68 RCX: 00007fc406655b19 [ 105.008175] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc406768f68 [ 105.008182] RBP: 00007fc406768f60 R08: 0000000000000000 R09: 0000000000000000 [ 105.008188] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc406768f6c [ 105.008195] R13: 00007ffdd44e516f R14: 00007fc403bcb300 R15: 0000000000022000 [ 105.008215] [ 105.008219] kmemleak: Object (percpu) 0x607f1a6339c8 (size 16): [ 105.008225] kmemleak: comm "syz-executor.6", pid 285, jiffies 4294771752 [ 105.008232] kmemleak: min_count = 1 [ 105.008235] kmemleak: count = 0 [ 105.008239] kmemleak: flags = 0x21 [ 105.008242] kmemleak: checksum = 0 [ 105.008246] kmemleak: backtrace: [ 105.008249] pcpu_alloc_noprof+0x87a/0x1170 [ 105.008264] mm_init+0x99b/0x1170 [ 105.008271] copy_process+0x3ab7/0x73c0 [ 105.008281] kernel_clone+0xea/0x7f0 [ 105.008291] __do_sys_clone+0xce/0x120 [ 105.008300] do_syscall_64+0xbf/0x360 [ 105.008309] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:20:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) 08:20:48 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x4}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0) 08:20:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x0, 0x0, 0x0) 08:20:48 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0xe82, 0x70bd27, 0x0, {{}, {@val={0x8, 0x1, 0x9}, @void, @void}}, ["", "", "", "", "", ""]}, 0x1c}}, 0x4884) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000700)={0x28, r2, 0xcea008a6e34dc1cb, 0x0, 0x0, {{0x65}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 105.129067] kmemleak: Found object by alias at 0x607f1a6339d0 [ 105.129086] CPU: 1 UID: 0 PID: 3942 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.129104] Tainted: [W]=WARN [ 105.129108] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.129115] Call Trace: [ 105.129119] [ 105.129124] dump_stack_lvl+0xca/0x120 [ 105.129151] __lookup_object+0x94/0xb0 [ 105.129168] delete_object_full+0x27/0x70 [ 105.129184] free_percpu+0x30/0x1160 [ 105.129201] ? arch_uprobe_clear_state+0x16/0x140 [ 105.129221] futex_hash_free+0x38/0xc0 [ 105.129236] mmput+0x2d3/0x390 [ 105.129255] do_exit+0x79d/0x2970 [ 105.129273] ? __pfx_do_exit+0x10/0x10 [ 105.129287] ? find_held_lock+0x2b/0x80 [ 105.129305] ? get_signal+0x835/0x2340 [ 105.129326] do_group_exit+0xd3/0x2a0 [ 105.129340] get_signal+0x2315/0x2340 [ 105.129363] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 105.129381] ? __pfx_get_signal+0x10/0x10 [ 105.129396] ? __schedule+0xe91/0x3590 [ 105.129416] arch_do_signal_or_restart+0x80/0x790 [ 105.129434] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.129450] ? __x64_sys_futex+0x1c9/0x4d0 [ 105.129463] ? __x64_sys_futex+0x1d2/0x4d0 [ 105.129477] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.129490] ? xfd_validate_state+0x55/0x180 [ 105.129511] exit_to_user_mode_loop+0x8b/0x110 [ 105.129524] do_syscall_64+0x2f7/0x360 [ 105.129536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.129548] RIP: 0033:0x7fe3def2eb19 [ 105.129557] Code: Unable to access opcode bytes at 0x7fe3def2eaef. [ 105.129562] RSP: 002b:00007fe3dc4a4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.129573] RAX: 0000000000000001 RBX: 00007fe3df041f68 RCX: 00007fe3def2eb19 [ 105.129581] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe3df041f6c [ 105.129588] RBP: 00007fe3df041f60 R08: 000000000000000e R09: 0000000000000000 [ 105.129595] R10: 000000000000001c R11: 0000000000000246 R12: 00007fe3df041f6c [ 105.129602] R13: 00007ffe2151052f R14: 00007fe3dc4a4300 R15: 0000000000022000 [ 105.129618] [ 105.129622] kmemleak: Object (percpu) 0x607f1a6339c8 (size 16): [ 105.129628] kmemleak: comm "syz-executor.0", pid 286, jiffies 4294771938 [ 105.129635] kmemleak: min_count = 1 [ 105.129639] kmemleak: count = 0 [ 105.129643] kmemleak: flags = 0x21 08:20:48 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000440)={@local}, 0x14) [ 105.129646] kmemleak: checksum = 0 [ 105.129650] kmemleak: backtrace: [ 105.129653] pcpu_alloc_noprof+0x87a/0x1170 [ 105.129668] mm_init+0x99b/0x1170 [ 105.129676] copy_process+0x3ab7/0x73c0 [ 105.129686] kernel_clone+0xea/0x7f0 [ 105.129695] __do_sys_clone+0xce/0x120 [ 105.129705] do_syscall_64+0xbf/0x360 [ 105.129713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.153740] kmemleak: Found object by alias at 0x607f1a6339cc [ 105.153754] CPU: 1 UID: 0 PID: 3943 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.153771] Tainted: [W]=WARN [ 105.153775] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.153782] Call Trace: [ 105.153786] [ 105.153790] dump_stack_lvl+0xca/0x120 [ 105.153811] __lookup_object+0x94/0xb0 [ 105.153827] delete_object_full+0x27/0x70 [ 105.153842] free_percpu+0x30/0x1160 [ 105.153857] ? arch_uprobe_clear_state+0x16/0x140 [ 105.153876] futex_hash_free+0x38/0xc0 [ 105.153889] mmput+0x2d3/0x390 [ 105.153906] do_exit+0x79d/0x2970 [ 105.153924] ? signal_wake_up_state+0x85/0x120 [ 105.153940] ? zap_other_threads+0x2b9/0x3a0 [ 105.153955] ? __pfx_do_exit+0x10/0x10 [ 105.153968] ? do_group_exit+0x1c3/0x2a0 [ 105.153981] ? lock_release+0xc8/0x290 [ 105.153997] do_group_exit+0xd3/0x2a0 [ 105.154012] __x64_sys_exit_group+0x3e/0x50 [ 105.154025] x64_sys_call+0x18c5/0x18d0 [ 105.154040] do_syscall_64+0xbf/0x360 [ 105.154051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.154062] RIP: 0033:0x7fc406655b19 [ 105.154071] Code: Unable to access opcode bytes at 0x7fc406655aef. [ 105.154076] RSP: 002b:00007ffdd44e5398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 105.154087] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fc406655b19 [ 105.154094] RDX: 00007fc40660872b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 105.154101] RBP: 0000000000000000 R08: 0000001b2d424158 R09: 0000000000000000 [ 105.154108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.154115] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffdd44e5480 [ 105.154130] [ 105.154134] kmemleak: Object (percpu) 0x607f1a6339c8 (size 16): [ 105.154141] kmemleak: comm "syz-executor.0", pid 286, jiffies 4294771938 [ 105.154148] kmemleak: min_count = 1 [ 105.154151] kmemleak: count = 0 [ 105.154155] kmemleak: flags = 0x21 [ 105.154159] kmemleak: checksum = 0 [ 105.154162] kmemleak: backtrace: [ 105.154165] pcpu_alloc_noprof+0x87a/0x1170 [ 105.154180] mm_init+0x99b/0x1170 [ 105.154187] copy_process+0x3ab7/0x73c0 [ 105.154197] kernel_clone+0xea/0x7f0 [ 105.154207] __do_sys_clone+0xce/0x120 [ 105.154216] do_syscall_64+0xbf/0x360 [ 105.154225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.171765] kmemleak: Cannot insert 0x607f1a6339d0 into the object search tree (overlaps existing) [ 105.171787] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.171807] Tainted: [W]=WARN [ 105.171811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.171819] Call Trace: [ 105.171823] [ 105.171828] dump_stack_lvl+0xca/0x120 [ 105.171861] __link_object+0x190/0x210 [ 105.171881] __create_object+0x48/0x80 [ 105.171899] pcpu_alloc_noprof+0x87a/0x1170 [ 105.171929] perf_trace_event_init+0x366/0xa10 08:20:48 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="01"], 0xc) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) [ 105.171949] perf_trace_init+0x1a4/0x2f0 [ 105.171965] perf_tp_event_init+0xa6/0x120 [ 105.171984] perf_try_init_event+0x140/0x9f0 [ 105.172005] perf_event_alloc.part.0+0x118e/0x45f0 [ 105.172024] ? perf_event_alloc.part.0+0x1074/0x45f0 [ 105.172046] ? __fget_files+0x203/0x3b0 [ 105.172063] ? __pfx_perf_event_alloc.part.0+0x10/0x10 [ 105.172085] ? find_held_lock+0x2b/0x80 [ 105.172104] ? __do_sys_perf_event_open+0x11df/0x2c20 [ 105.172122] __do_sys_perf_event_open+0x719/0x2c20 [ 105.172142] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 105.172159] ? find_held_lock+0x2b/0x80 [ 105.172192] do_syscall_64+0xbf/0x360 [ 105.172204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.172218] RIP: 0033:0x7f8878fbfb19 [ 105.172229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.172243] RSP: 002b:00007f8876535188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 105.172255] RAX: ffffffffffffffda RBX: 00007f88790d2f60 RCX: 00007f8878fbfb19 [ 105.172263] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000140 [ 105.172271] RBP: 00007f8879019f6d R08: 0000000000000000 R09: 0000000000000000 [ 105.172278] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 105.172286] R13: 00007ffdddfb557f R14: 00007f8876535300 R15: 0000000000022000 [ 105.172308] [ 105.173258] kmemleak: Kernel memory leak detector disabled [ 105.173263] kmemleak: Object (percpu) 0x607f1a6339c8 (size 16): [ 105.173270] kmemleak: comm "syz-executor.0", pid 286, jiffies 4294771938 [ 105.173278] kmemleak: min_count = 1 [ 105.173282] kmemleak: count = 0 [ 105.173286] kmemleak: flags = 0x21 [ 105.173291] kmemleak: checksum = 0 [ 105.173296] kmemleak: backtrace: [ 105.173301] pcpu_alloc_noprof+0x87a/0x1170 [ 105.173317] mm_init+0x99b/0x1170 [ 105.173328] copy_process+0x3ab7/0x73c0 [ 105.173339] kernel_clone+0xea/0x7f0 [ 105.173349] __do_sys_clone+0xce/0x120 [ 105.173360] do_syscall_64+0xbf/0x360 [ 105.173370] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:20:48 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)) [ 105.244005] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000000: 0000 [#1] SMP KASAN NOPTI [ 105.244950] KASAN: probably user-memory-access in range [0x0000000100000000-0x0000000100000007] [ 105.245656] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.246624] Tainted: [W]=WARN [ 105.247225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.249128] RIP: 0010:perf_trace_add+0x21b/0x340 [ 105.250195] Code: 00 0f 85 3a 01 00 00 4c 89 75 00 4d 85 ed 74 2a e8 da b2 f5 ff 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 df 00 00 00 4d 89 75 08 eb 03 45 31 e4 e8 ad b2 [ 105.254387] RSP: 0018:ffff8880442c75b8 EFLAGS: 00010017 [ 105.255721] RAX: dffffc0000000000 RBX: ffff88800964b200 RCX: ffffffff817e33ce [ 105.256299] RDX: 0000000020000000 RSI: ffffffff817e34a6 RDI: 0000000100000007 [ 105.256876] RBP: ffffe8ffffc109d0 R08: ffffffff85ca3e40 R09: ffffed1008858efe [ 105.257448] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 105.258020] R13: 00000000ffffffff R14: ffff88800964b260 R15: ffff88800964b298 [ 105.258606] FS: 00007f8876535700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 105.259254] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.259725] CR2: 0000001b2d123000 CR3: 000000004223e000 CR4: 0000000000350ef0 [ 105.260298] Call Trace: [ 105.260515] [ 105.260703] event_sched_in+0x446/0xb60 [ 105.261040] merge_sched_in+0xb4d/0x1810 [ 105.261375] visit_groups_merge.constprop.0.isra.0+0x8d1/0x1150 [ 105.261866] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 105.262408] ? lock_is_held_type+0x9e/0x120 [ 105.262772] ctx_sched_in+0x579/0x9b0 [ 105.263086] ? __pfx_ctx_sched_in+0x10/0x10 [ 105.263437] perf_event_sched_in+0x5d/0x90 [ 105.263782] __perf_event_task_sched_in+0x2ec/0x5e0 [ 105.264193] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 105.264635] ? lock_is_held_type+0x9e/0x120 [ 105.265006] ? xfd_validate_state+0x55/0x180 [ 105.265378] finish_task_switch.isra.0+0x410/0x840 [ 105.265792] __schedule+0xe86/0x3590 [ 105.266114] ? __pfx___schedule+0x10/0x10 [ 105.266465] ? lock_acquire+0x15e/0x2f0 [ 105.266791] ? find_held_lock+0x2b/0x80 [ 105.267123] ? schedule+0x2c7/0x390 [ 105.267422] ? lock_release+0xc8/0x290 [ 105.267741] schedule+0xdb/0x390 [ 105.268032] futex_do_wait+0x88/0x180 [ 105.268354] __futex_wait+0x176/0x300 [ 105.268669] ? __pfx___futex_wait+0x10/0x10 [ 105.269027] ? __pfx_futex_wake_mark+0x10/0x10 [ 105.269404] ? lock_release+0xc8/0x290 [ 105.269727] ? futex_private_hash_put+0x127/0x2d0 [ 105.270124] futex_wait+0xde/0x380 [ 105.270434] ? __pfx_futex_wait+0x10/0x10 [ 105.270778] ? __pfx_futex_wake+0x10/0x10 [ 105.271124] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 105.271533] ? lock_release+0xc8/0x290 [ 105.271857] do_futex+0x2ee/0x370 [ 105.272145] ? __pfx_do_futex+0x10/0x10 [ 105.272470] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 105.272901] ? find_held_lock+0x2b/0x80 [ 105.273236] __x64_sys_futex+0x1c9/0x4d0 [ 105.273582] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.273958] ? xfd_validate_state+0x55/0x180 [ 105.274330] do_syscall_64+0xbf/0x360 [ 105.274654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.275077] RIP: 0033:0x7f8878fbfb19 [ 105.275381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.276852] RSP: 002b:00007f8876535218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.277465] RAX: ffffffffffffffda RBX: 00007f88790d2f68 RCX: 00007f8878fbfb19 [ 105.278051] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f88790d2f68 [ 105.278634] RBP: 00007f88790d2f60 R08: 0000000000000000 R09: 0000000000000000 [ 105.279202] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f88790d2f6c [ 105.279781] R13: 00007ffdddfb557f R14: 00007f8876535300 R15: 0000000000022000 [ 105.280351] [ 105.280545] Modules linked in: [ 105.280808] ---[ end trace 0000000000000000 ]--- [ 105.281186] RIP: 0010:perf_trace_add+0x21b/0x340 [ 105.281589] Code: 00 0f 85 3a 01 00 00 4c 89 75 00 4d 85 ed 74 2a e8 da b2 f5 ff 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 df 00 00 00 4d 89 75 08 eb 03 45 31 e4 e8 ad b2 [ 105.283057] RSP: 0018:ffff8880442c75b8 EFLAGS: 00010017 [ 105.283489] RAX: dffffc0000000000 RBX: ffff88800964b200 RCX: ffffffff817e33ce [ 105.284077] RDX: 0000000020000000 RSI: ffffffff817e34a6 RDI: 0000000100000007 [ 105.284651] RBP: ffffe8ffffc109d0 R08: ffffffff85ca3e40 R09: ffffed1008858efe [ 105.285230] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 105.285803] R13: 00000000ffffffff R14: ffff88800964b260 R15: ffff88800964b298 [ 105.286388] FS: 00007f8876535700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 105.287044] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.287521] CR2: 0000001b2d123000 CR3: 000000004223e000 CR4: 0000000000350ef0 [ 105.288106] note: syz-executor.2[3950] exited with irqs disabled VM DIAGNOSIS: 08:20:48 Registers: info registers vcpu 0 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880442c6ea0 R8 =0000000000000000 R9 =ffffed100134c046 R10=0000000000000064 R11=0000000065646f43 R12=0000000000000064 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f8876535700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d123000 CR3=000000004223e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000ffff000000000000ffffffff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f88790a67c800007f88790a67c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff88801c455280 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880443976f8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cf21000 CR3=000000003fc14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000