Warning: Permanently added '[localhost]:10738' (ECDSA) to the list of known hosts. 2025/09/01 11:33:05 fuzzer started 2025/09/01 11:33:05 dialing manager at localhost:35473 syzkaller login: [ 52.060718] cgroup: Unknown subsys name 'net' [ 52.112539] cgroup: Unknown subsys name 'cpuset' [ 52.128331] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:33:16 syscalls: 2214 2025/09/01 11:33:16 code coverage: enabled 2025/09/01 11:33:16 comparison tracing: enabled 2025/09/01 11:33:16 extra coverage: enabled 2025/09/01 11:33:16 setuid sandbox: enabled 2025/09/01 11:33:16 namespace sandbox: enabled 2025/09/01 11:33:16 Android sandbox: enabled 2025/09/01 11:33:16 fault injection: enabled 2025/09/01 11:33:16 leak checking: enabled 2025/09/01 11:33:16 net packet injection: enabled 2025/09/01 11:33:16 net device setup: enabled 2025/09/01 11:33:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:33:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:33:16 USB emulation: enabled 2025/09/01 11:33:16 hci packet injection: enabled 2025/09/01 11:33:16 wifi device emulation: enabled 2025/09/01 11:33:16 802.15.4 emulation: enabled 2025/09/01 11:33:16 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:33:16 fetching corpus: 50, signal 24949/28456 (executing program) 2025/09/01 11:33:16 fetching corpus: 100, signal 36992/41828 (executing program) 2025/09/01 11:33:16 fetching corpus: 150, signal 43555/49772 (executing program) 2025/09/01 11:33:16 fetching corpus: 200, signal 49566/57051 (executing program) 2025/09/01 11:33:16 fetching corpus: 250, signal 55018/63636 (executing program) 2025/09/01 11:33:17 fetching corpus: 300, signal 58903/68665 (executing program) 2025/09/01 11:33:17 fetching corpus: 350, signal 61930/72838 (executing program) 2025/09/01 11:33:17 fetching corpus: 400, signal 65360/77330 (executing program) 2025/09/01 11:33:17 fetching corpus: 450, signal 67838/80845 (executing program) 2025/09/01 11:33:17 fetching corpus: 500, signal 71252/85141 (executing program) 2025/09/01 11:33:17 fetching corpus: 550, signal 76578/91096 (executing program) 2025/09/01 11:33:17 fetching corpus: 600, signal 79059/94432 (executing program) 2025/09/01 11:33:17 fetching corpus: 650, signal 80989/97225 (executing program) 2025/09/01 11:33:17 fetching corpus: 700, signal 83986/100935 (executing program) 2025/09/01 11:33:17 fetching corpus: 750, signal 86259/103926 (executing program) 2025/09/01 11:33:17 fetching corpus: 800, signal 87402/105944 (executing program) 2025/09/01 11:33:17 fetching corpus: 850, signal 89636/108850 (executing program) 2025/09/01 11:33:18 fetching corpus: 900, signal 91293/111245 (executing program) 2025/09/01 11:33:18 fetching corpus: 950, signal 93727/114175 (executing program) 2025/09/01 11:33:18 fetching corpus: 1000, signal 99147/119441 (executing program) 2025/09/01 11:33:18 fetching corpus: 1050, signal 100744/121614 (executing program) 2025/09/01 11:33:18 fetching corpus: 1100, signal 104000/125033 (executing program) 2025/09/01 11:33:18 fetching corpus: 1150, signal 105151/126841 (executing program) 2025/09/01 11:33:18 fetching corpus: 1200, signal 106588/128819 (executing program) 2025/09/01 11:33:18 fetching corpus: 1250, signal 107521/130379 (executing program) 2025/09/01 11:33:18 fetching corpus: 1300, signal 109119/132408 (executing program) 2025/09/01 11:33:18 fetching corpus: 1350, signal 110449/134248 (executing program) 2025/09/01 11:33:18 fetching corpus: 1400, signal 111610/135931 (executing program) 2025/09/01 11:33:19 fetching corpus: 1450, signal 112861/137646 (executing program) 2025/09/01 11:33:19 fetching corpus: 1500, signal 113603/138960 (executing program) 2025/09/01 11:33:19 fetching corpus: 1550, signal 115118/140767 (executing program) 2025/09/01 11:33:19 fetching corpus: 1600, signal 116483/142558 (executing program) 2025/09/01 11:33:19 fetching corpus: 1650, signal 117522/144008 (executing program) 2025/09/01 11:33:19 fetching corpus: 1700, signal 118759/145551 (executing program) 2025/09/01 11:33:19 fetching corpus: 1750, signal 120042/147187 (executing program) 2025/09/01 11:33:19 fetching corpus: 1800, signal 121170/148668 (executing program) 2025/09/01 11:33:19 fetching corpus: 1850, signal 121983/149905 (executing program) 2025/09/01 11:33:19 fetching corpus: 1900, signal 122931/151243 (executing program) 2025/09/01 11:33:19 fetching corpus: 1950, signal 123740/152420 (executing program) 2025/09/01 11:33:20 fetching corpus: 2000, signal 124682/153739 (executing program) 2025/09/01 11:33:20 fetching corpus: 2050, signal 125710/154993 (executing program) 2025/09/01 11:33:20 fetching corpus: 2100, signal 126686/156277 (executing program) 2025/09/01 11:33:20 fetching corpus: 2150, signal 127539/157445 (executing program) 2025/09/01 11:33:20 fetching corpus: 2200, signal 128170/158457 (executing program) 2025/09/01 11:33:20 fetching corpus: 2250, signal 129114/159606 (executing program) 2025/09/01 11:33:20 fetching corpus: 2300, signal 130207/160837 (executing program) 2025/09/01 11:33:20 fetching corpus: 2350, signal 130991/161901 (executing program) 2025/09/01 11:33:20 fetching corpus: 2400, signal 131947/162998 (executing program) 2025/09/01 11:33:20 fetching corpus: 2450, signal 133291/164265 (executing program) 2025/09/01 11:33:21 fetching corpus: 2500, signal 134057/165248 (executing program) 2025/09/01 11:33:21 fetching corpus: 2550, signal 134762/166174 (executing program) 2025/09/01 11:33:21 fetching corpus: 2600, signal 135324/167025 (executing program) 2025/09/01 11:33:21 fetching corpus: 2650, signal 136383/168077 (executing program) 2025/09/01 11:33:21 fetching corpus: 2700, signal 137362/169089 (executing program) 2025/09/01 11:33:21 fetching corpus: 2750, signal 138020/169935 (executing program) 2025/09/01 11:33:21 fetching corpus: 2800, signal 138495/170719 (executing program) 2025/09/01 11:33:21 fetching corpus: 2850, signal 139031/171445 (executing program) 2025/09/01 11:33:21 fetching corpus: 2900, signal 139707/172286 (executing program) 2025/09/01 11:33:21 fetching corpus: 2950, signal 140534/173134 (executing program) 2025/09/01 11:33:21 fetching corpus: 3000, signal 141089/173887 (executing program) 2025/09/01 11:33:22 fetching corpus: 3050, signal 141681/174621 (executing program) 2025/09/01 11:33:22 fetching corpus: 3100, signal 142471/175448 (executing program) 2025/09/01 11:33:22 fetching corpus: 3150, signal 143056/176118 (executing program) 2025/09/01 11:33:22 fetching corpus: 3200, signal 143681/176841 (executing program) 2025/09/01 11:33:22 fetching corpus: 3250, signal 144925/177786 (executing program) 2025/09/01 11:33:22 fetching corpus: 3300, signal 145517/178482 (executing program) 2025/09/01 11:33:22 fetching corpus: 3350, signal 146176/179188 (executing program) 2025/09/01 11:33:22 fetching corpus: 3400, signal 147094/180020 (executing program) 2025/09/01 11:33:22 fetching corpus: 3450, signal 147771/180669 (executing program) 2025/09/01 11:33:22 fetching corpus: 3500, signal 148324/181311 (executing program) 2025/09/01 11:33:22 fetching corpus: 3550, signal 148789/181884 (executing program) 2025/09/01 11:33:22 fetching corpus: 3600, signal 149411/182478 (executing program) 2025/09/01 11:33:23 fetching corpus: 3650, signal 150018/183091 (executing program) 2025/09/01 11:33:23 fetching corpus: 3700, signal 150658/183695 (executing program) 2025/09/01 11:33:23 fetching corpus: 3750, signal 151213/184312 (executing program) 2025/09/01 11:33:23 fetching corpus: 3800, signal 151638/184865 (executing program) 2025/09/01 11:33:23 fetching corpus: 3850, signal 152312/185439 (executing program) 2025/09/01 11:33:23 fetching corpus: 3900, signal 152701/185967 (executing program) 2025/09/01 11:33:23 fetching corpus: 3950, signal 153275/186585 (executing program) 2025/09/01 11:33:23 fetching corpus: 4000, signal 153692/187087 (executing program) 2025/09/01 11:33:23 fetching corpus: 4050, signal 154244/187575 (executing program) 2025/09/01 11:33:23 fetching corpus: 4100, signal 154740/188040 (executing program) 2025/09/01 11:33:23 fetching corpus: 4150, signal 155275/188528 (executing program) 2025/09/01 11:33:24 fetching corpus: 4200, signal 155845/188960 (executing program) 2025/09/01 11:33:24 fetching corpus: 4250, signal 156332/189405 (executing program) 2025/09/01 11:33:24 fetching corpus: 4300, signal 156636/189827 (executing program) 2025/09/01 11:33:24 fetching corpus: 4350, signal 157020/190233 (executing program) 2025/09/01 11:33:24 fetching corpus: 4400, signal 157463/190652 (executing program) 2025/09/01 11:33:24 fetching corpus: 4450, signal 157932/191087 (executing program) 2025/09/01 11:33:24 fetching corpus: 4500, signal 158430/191484 (executing program) 2025/09/01 11:33:24 fetching corpus: 4550, signal 158960/191895 (executing program) 2025/09/01 11:33:24 fetching corpus: 4600, signal 159424/192270 (executing program) 2025/09/01 11:33:24 fetching corpus: 4650, signal 159782/192629 (executing program) 2025/09/01 11:33:24 fetching corpus: 4700, signal 160418/193060 (executing program) 2025/09/01 11:33:24 fetching corpus: 4750, signal 160877/193179 (executing program) 2025/09/01 11:33:25 fetching corpus: 4800, signal 161301/193222 (executing program) 2025/09/01 11:33:25 fetching corpus: 4850, signal 161576/193228 (executing program) 2025/09/01 11:33:25 fetching corpus: 4900, signal 162075/193230 (executing program) 2025/09/01 11:33:25 fetching corpus: 4950, signal 162446/193266 (executing program) 2025/09/01 11:33:25 fetching corpus: 5000, signal 162686/193288 (executing program) 2025/09/01 11:33:25 fetching corpus: 5050, signal 163038/193292 (executing program) 2025/09/01 11:33:25 fetching corpus: 5100, signal 163447/193297 (executing program) 2025/09/01 11:33:25 fetching corpus: 5150, signal 163895/193327 (executing program) 2025/09/01 11:33:25 fetching corpus: 5200, signal 164485/193345 (executing program) 2025/09/01 11:33:25 fetching corpus: 5250, signal 164958/193357 (executing program) 2025/09/01 11:33:25 fetching corpus: 5300, signal 165329/193376 (executing program) 2025/09/01 11:33:26 fetching corpus: 5350, signal 165844/193376 (executing program) 2025/09/01 11:33:26 fetching corpus: 5400, signal 166240/193387 (executing program) 2025/09/01 11:33:26 fetching corpus: 5450, signal 166770/193414 (executing program) 2025/09/01 11:33:26 fetching corpus: 5500, signal 167323/193417 (executing program) 2025/09/01 11:33:26 fetching corpus: 5550, signal 167784/193424 (executing program) 2025/09/01 11:33:26 fetching corpus: 5600, signal 168181/193424 (executing program) 2025/09/01 11:33:26 fetching corpus: 5650, signal 168512/193424 (executing program) 2025/09/01 11:33:26 fetching corpus: 5700, signal 168871/193425 (executing program) 2025/09/01 11:33:26 fetching corpus: 5750, signal 169266/193440 (executing program) 2025/09/01 11:33:26 fetching corpus: 5800, signal 169550/193440 (executing program) 2025/09/01 11:33:26 fetching corpus: 5850, signal 170170/193463 (executing program) 2025/09/01 11:33:26 fetching corpus: 5900, signal 170602/193470 (executing program) 2025/09/01 11:33:26 fetching corpus: 5950, signal 170923/193492 (executing program) 2025/09/01 11:33:27 fetching corpus: 6000, signal 171351/193499 (executing program) 2025/09/01 11:33:27 fetching corpus: 6050, signal 171690/193500 (executing program) 2025/09/01 11:33:27 fetching corpus: 6100, signal 172013/193504 (executing program) 2025/09/01 11:33:27 fetching corpus: 6150, signal 172467/193538 (executing program) 2025/09/01 11:33:27 fetching corpus: 6200, signal 172723/193548 (executing program) 2025/09/01 11:33:27 fetching corpus: 6250, signal 173044/193552 (executing program) 2025/09/01 11:33:27 fetching corpus: 6300, signal 173558/193557 (executing program) 2025/09/01 11:33:27 fetching corpus: 6350, signal 173831/193571 (executing program) 2025/09/01 11:33:27 fetching corpus: 6400, signal 174057/193587 (executing program) 2025/09/01 11:33:27 fetching corpus: 6450, signal 174319/193588 (executing program) 2025/09/01 11:33:27 fetching corpus: 6500, signal 174807/193607 (executing program) 2025/09/01 11:33:27 fetching corpus: 6550, signal 175240/193626 (executing program) 2025/09/01 11:33:27 fetching corpus: 6600, signal 175768/193633 (executing program) 2025/09/01 11:33:28 fetching corpus: 6650, signal 176045/193641 (executing program) 2025/09/01 11:33:28 fetching corpus: 6700, signal 176369/193655 (executing program) 2025/09/01 11:33:28 fetching corpus: 6750, signal 176605/193669 (executing program) 2025/09/01 11:33:28 fetching corpus: 6800, signal 176842/193669 (executing program) 2025/09/01 11:33:28 fetching corpus: 6850, signal 177163/193670 (executing program) 2025/09/01 11:33:28 fetching corpus: 6900, signal 177990/193697 (executing program) 2025/09/01 11:33:28 fetching corpus: 6950, signal 178325/193718 (executing program) 2025/09/01 11:33:28 fetching corpus: 7000, signal 178826/193731 (executing program) 2025/09/01 11:33:28 fetching corpus: 7050, signal 179498/193747 (executing program) 2025/09/01 11:33:28 fetching corpus: 7100, signal 179800/193749 (executing program) 2025/09/01 11:33:28 fetching corpus: 7150, signal 180218/193751 (executing program) 2025/09/01 11:33:29 fetching corpus: 7200, signal 180465/193751 (executing program) 2025/09/01 11:33:29 fetching corpus: 7250, signal 180732/193752 (executing program) 2025/09/01 11:33:29 fetching corpus: 7300, signal 180981/193753 (executing program) 2025/09/01 11:33:29 fetching corpus: 7350, signal 181634/193760 (executing program) 2025/09/01 11:33:29 fetching corpus: 7400, signal 181971/193764 (executing program) 2025/09/01 11:33:29 fetching corpus: 7450, signal 182223/193773 (executing program) 2025/09/01 11:33:29 fetching corpus: 7500, signal 182479/193782 (executing program) 2025/09/01 11:33:29 fetching corpus: 7550, signal 182899/193787 (executing program) 2025/09/01 11:33:29 fetching corpus: 7600, signal 183198/193787 (executing program) 2025/09/01 11:33:29 fetching corpus: 7650, signal 183395/193788 (executing program) 2025/09/01 11:33:29 fetching corpus: 7700, signal 183708/193799 (executing program) 2025/09/01 11:33:29 fetching corpus: 7750, signal 184239/193816 (executing program) 2025/09/01 11:33:29 fetching corpus: 7800, signal 184415/193817 (executing program) 2025/09/01 11:33:30 fetching corpus: 7850, signal 184723/193818 (executing program) 2025/09/01 11:33:30 fetching corpus: 7900, signal 184960/193819 (executing program) 2025/09/01 11:33:30 fetching corpus: 7950, signal 185356/193865 (executing program) 2025/09/01 11:33:30 fetching corpus: 8000, signal 185575/193870 (executing program) 2025/09/01 11:33:30 fetching corpus: 8050, signal 185892/193884 (executing program) 2025/09/01 11:33:30 fetching corpus: 8100, signal 186092/193885 (executing program) 2025/09/01 11:33:30 fetching corpus: 8150, signal 186329/193907 (executing program) 2025/09/01 11:33:30 fetching corpus: 8200, signal 186597/193908 (executing program) 2025/09/01 11:33:30 fetching corpus: 8250, signal 186850/193911 (executing program) 2025/09/01 11:33:30 fetching corpus: 8300, signal 187175/193913 (executing program) 2025/09/01 11:33:30 fetching corpus: 8350, signal 187484/193916 (executing program) 2025/09/01 11:33:31 fetching corpus: 8400, signal 187817/193921 (executing program) 2025/09/01 11:33:31 fetching corpus: 8450, signal 188200/193956 (executing program) 2025/09/01 11:33:31 fetching corpus: 8500, signal 188379/193963 (executing program) 2025/09/01 11:33:31 fetching corpus: 8550, signal 188586/193969 (executing program) 2025/09/01 11:33:31 fetching corpus: 8600, signal 188969/193973 (executing program) 2025/09/01 11:33:31 fetching corpus: 8650, signal 189260/193973 (executing program) 2025/09/01 11:33:31 fetching corpus: 8700, signal 189574/193974 (executing program) 2025/09/01 11:33:31 fetching corpus: 8750, signal 189799/193977 (executing program) 2025/09/01 11:33:31 fetching corpus: 8800, signal 190098/193979 (executing program) 2025/09/01 11:33:31 fetching corpus: 8850, signal 190309/193991 (executing program) 2025/09/01 11:33:31 fetching corpus: 8900, signal 190803/193991 (executing program) 2025/09/01 11:33:31 fetching corpus: 8950, signal 191049/193993 (executing program) 2025/09/01 11:33:31 fetching corpus: 9000, signal 191299/193997 (executing program) 2025/09/01 11:33:32 fetching corpus: 9015, signal 191379/194005 (executing program) 2025/09/01 11:33:32 fetching corpus: 9015, signal 191379/194005 (executing program) 2025/09/01 11:33:33 starting 8 fuzzer processes 11:33:33 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000001c0)={'wlan0\x00', {0x2, 0x0, @dev}}) 11:33:33 executing program 1: shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') pread64(r0, &(0x7f0000001280)=""/4063, 0xfdf, 0x0) 11:33:34 executing program 7: timer_create(0x0, 0x0, &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_getoverrun(0x0) 11:33:34 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f00000000c0)=0x5) [ 80.404759] audit: type=1400 audit(1756726414.067:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:33:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 11:33:34 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) flistxattr(r0, 0x0, 0x0) 11:33:34 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a40), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000080)={0x0, 0x0, 0x3e7}) 11:33:34 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_EXTENDED_ADDR={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}]}, 0x40}}, 0x0) [ 81.568147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.570595] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.575053] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.582051] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.587958] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.631014] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.635139] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.641049] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.646135] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.651092] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.701238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.706342] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.711349] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.717626] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.721352] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.723151] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.726901] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.727184] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.730195] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.741488] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.742737] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.743440] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.747167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.751630] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.756055] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.759013] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.761813] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.764016] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.770015] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.781250] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.782638] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.790549] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.797506] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.800016] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.801582] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.814286] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.815754] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.821090] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.842500] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.850184] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.666381] Bluetooth: hci0: command tx timeout [ 83.728999] Bluetooth: hci1: command tx timeout [ 83.793964] Bluetooth: hci4: command tx timeout [ 83.858121] Bluetooth: hci3: command tx timeout [ 83.858178] Bluetooth: hci5: command tx timeout [ 83.858740] Bluetooth: hci2: command tx timeout [ 83.860190] Bluetooth: hci6: command tx timeout [ 83.924194] Bluetooth: hci7: command tx timeout [ 85.713055] Bluetooth: hci0: command tx timeout [ 85.777987] Bluetooth: hci1: command tx timeout [ 85.841955] Bluetooth: hci4: command tx timeout [ 85.905901] Bluetooth: hci5: command tx timeout [ 85.906353] Bluetooth: hci2: command tx timeout [ 85.906738] Bluetooth: hci6: command tx timeout [ 85.907308] Bluetooth: hci3: command tx timeout [ 85.968989] Bluetooth: hci7: command tx timeout [ 87.761936] Bluetooth: hci0: command tx timeout [ 87.824932] Bluetooth: hci1: command tx timeout [ 87.890929] Bluetooth: hci4: command tx timeout [ 87.955298] Bluetooth: hci6: command tx timeout [ 87.956087] Bluetooth: hci3: command tx timeout [ 87.956136] Bluetooth: hci2: command tx timeout [ 87.956150] Bluetooth: hci5: command tx timeout [ 88.016974] Bluetooth: hci7: command tx timeout [ 89.810060] Bluetooth: hci0: command tx timeout [ 89.873105] Bluetooth: hci1: command tx timeout [ 89.937032] Bluetooth: hci4: command tx timeout [ 90.001193] Bluetooth: hci6: command tx timeout [ 90.001940] Bluetooth: hci5: command tx timeout [ 90.002337] Bluetooth: hci2: command tx timeout [ 90.002484] Bluetooth: hci3: command tx timeout [ 90.065920] Bluetooth: hci7: command tx timeout [ 124.205879] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.207270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.434454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.435597] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.135191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.135834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.238528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.239209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.393454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.394115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.527640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.528286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.591957] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.592569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.672140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.672742] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.940210] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.940836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.074509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.075643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.142999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.143622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.231408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.232538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.296905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.297533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.385321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.386414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.784495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.785146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.825423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.826074] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.935645] audit: type=1400 audit(1756726461.598:8): avc: denied { open } for pid=3894 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.939953] audit: type=1400 audit(1756726461.598:9): avc: denied { kernel } for pid=3894 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.945097] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:34:21 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:34:21 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup(r1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$FIONREAD(r0, 0x541b, 0x0) 11:34:21 executing program 7: timer_create(0x0, 0x0, &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_getoverrun(0x0) 11:34:21 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f00000000c0)=0x5) 11:34:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 11:34:21 executing program 3: getgroups(0x1, &(0x7f0000000000)=[0xee00]) 11:34:21 executing program 6: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 11:34:21 executing program 1: shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') pread64(r0, &(0x7f0000001280)=""/4063, 0xfdf, 0x0) 11:34:21 executing program 7: timer_create(0x0, 0x0, &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_getoverrun(0x0) 11:34:21 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 11:34:21 executing program 1: shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') pread64(r0, &(0x7f0000001280)=""/4063, 0xfdf, 0x0) [ 128.116290] random: crng reseeded on system resumption [ 128.149478] random: crng reseeded on system resumption [ 128.152553] kmemleak: Found object by alias at 0x607f1a63e754 [ 128.152574] CPU: 0 UID: 0 PID: 3909 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.152592] Tainted: [W]=WARN [ 128.152596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.152604] Call Trace: [ 128.152608] [ 128.152613] dump_stack_lvl+0xca/0x120 [ 128.152638] __lookup_object+0x94/0xb0 [ 128.152656] delete_object_full+0x27/0x70 [ 128.152672] free_percpu+0x30/0x1160 [ 128.152689] ? arch_uprobe_clear_state+0x16/0x140 [ 128.152710] futex_hash_free+0x38/0xc0 [ 128.152725] mmput+0x2d3/0x390 [ 128.152744] do_exit+0x79d/0x2970 [ 128.152758] ? signal_wake_up_state+0x85/0x120 [ 128.152774] ? zap_other_threads+0x2b9/0x3a0 [ 128.152790] ? __pfx_do_exit+0x10/0x10 [ 128.152803] ? do_group_exit+0x1c3/0x2a0 [ 128.152817] ? lock_release+0xc8/0x290 [ 128.152834] do_group_exit+0xd3/0x2a0 [ 128.152849] __x64_sys_exit_group+0x3e/0x50 11:34:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) [ 128.152864] x64_sys_call+0x18c5/0x18d0 [ 128.152880] do_syscall_64+0xbf/0x360 [ 128.152893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.152904] RIP: 0033:0x7f51579c5b19 [ 128.152913] Code: Unable to access opcode bytes at 0x7f51579c5aef. [ 128.152918] RSP: 002b:00007fff07707d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.152930] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f51579c5b19 [ 128.152938] RDX: 00007f515797872b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.152945] RBP: 0000000000000000 R08: 0000001b2cd22f98 R09: 0000000000000000 [ 128.152952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.152959] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff07707e70 [ 128.152974] [ 128.152978] kmemleak: Object (percpu) 0x607f1a63e750 (size 8): [ 128.152985] kmemleak: comm "syz-executor.3", pid 3910, jiffies 4294794968 [ 128.152992] kmemleak: min_count = 1 [ 128.152996] kmemleak: count = 0 [ 128.152999] kmemleak: flags = 0x21 [ 128.153003] kmemleak: checksum = 0 [ 128.153007] kmemleak: backtrace: [ 128.153010] pcpu_alloc_noprof+0x87a/0x1170 [ 128.153026] perf_trace_event_init+0x366/0xa10 [ 128.153040] perf_trace_init+0x1a4/0x2f0 [ 128.153052] perf_tp_event_init+0xa6/0x120 [ 128.153068] perf_try_init_event+0x140/0x9f0 [ 128.153082] perf_event_alloc.part.0+0x118e/0x45f0 [ 128.153099] __do_sys_perf_event_open+0x719/0x2c20 [ 128.153113] do_syscall_64+0xbf/0x360 [ 128.153122] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:34:22 executing program 7: timer_create(0x0, 0x0, &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_getoverrun(0x0) 11:34:22 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 11:34:22 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f00000000c0)=0x5) 11:34:22 executing program 6: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 11:34:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, 0x2, 0x2, 0x5, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0x4, 0xb}]}, 0x18}}, 0x0) 11:34:22 executing program 1: shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') pread64(r0, &(0x7f0000001280)=""/4063, 0xfdf, 0x0) 11:34:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 11:34:22 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup(r1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$FIONREAD(r0, 0x541b, 0x0) 11:34:22 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) [ 128.640783] kmemleak: Found object by alias at 0x607f1a63e754 [ 128.640816] CPU: 0 UID: 0 PID: 3929 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.640857] Tainted: [W]=WARN [ 128.640864] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.640877] Call Trace: [ 128.640884] [ 128.640892] dump_stack_lvl+0xca/0x120 [ 128.640936] __lookup_object+0x94/0xb0 [ 128.640967] delete_object_full+0x27/0x70 [ 128.640998] free_percpu+0x30/0x1160 [ 128.641028] ? arch_uprobe_clear_state+0x16/0x140 [ 128.641064] futex_hash_free+0x38/0xc0 [ 128.641089] mmput+0x2d3/0x390 [ 128.641124] do_exit+0x79d/0x2970 [ 128.641150] ? signal_wake_up_state+0x85/0x120 [ 128.641178] ? zap_other_threads+0x2b9/0x3a0 [ 128.641208] ? __pfx_do_exit+0x10/0x10 [ 128.641232] ? do_group_exit+0x1c3/0x2a0 [ 128.641258] ? lock_release+0xc8/0x290 [ 128.641288] do_group_exit+0xd3/0x2a0 [ 128.641316] __x64_sys_exit_group+0x3e/0x50 [ 128.641343] x64_sys_call+0x18c5/0x18d0 [ 128.641372] do_syscall_64+0xbf/0x360 [ 128.641395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.641416] RIP: 0033:0x7f51579c5b19 [ 128.641432] Code: Unable to access opcode bytes at 0x7f51579c5aef. [ 128.641442] RSP: 002b:00007fff07707d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.641463] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f51579c5b19 [ 128.641477] RDX: 00007f515797872b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.641491] RBP: 0000000000000000 R08: 0000001b2cd22e58 R09: 0000000000000000 [ 128.641504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.641516] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff07707e70 [ 128.641545] [ 128.641552] kmemleak: Object (percpu) 0x607f1a63e750 (size 8): [ 128.641564] kmemleak: comm "syz-executor.3", pid 3931, jiffies 4294795415 [ 128.641577] kmemleak: min_count = 1 [ 128.641584] kmemleak: count = 0 [ 128.641591] kmemleak: flags = 0x21 [ 128.641598] kmemleak: checksum = 0 [ 128.641605] kmemleak: backtrace: [ 128.641611] pcpu_alloc_noprof+0x87a/0x1170 [ 128.641640] percpu_ref_init+0x37/0x400 [ 128.641659] blkg_alloc+0xe9/0x7d0 [ 128.641681] blkg_create+0xe08/0x1420 [ 128.641704] bio_associate_blkg_from_css+0xe06/0x1380 [ 128.641731] bio_associate_blkg+0x10e/0x2a0 [ 128.641755] bio_init+0x2dd/0x570 [ 128.641778] bio_alloc_bioset+0x2cf/0x8c0 [ 128.641806] submit_bh_wbc+0x286/0x720 [ 128.641836] write_dirty_buffer+0xca/0x170 [ 128.641855] __flush_batch+0x107/0x2d0 [ 128.641874] jbd2_log_do_checkpoint+0x810/0xb20 [ 128.641894] jbd2_journal_flush+0x1a8/0xc20 [ 128.641917] __ext4_ioctl+0x2d2e/0x38b0 [ 128.641943] __x64_sys_ioctl+0x18f/0x210 [ 128.641972] do_syscall_64+0xbf/0x360 11:34:22 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup(r1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$FIONREAD(r0, 0x541b, 0x0) 11:34:22 executing program 6: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) 11:34:22 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) 11:34:22 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f00000000c0)=0x5) [ 128.836760] kmemleak: Found object by alias at 0x607f1a63e75c [ 128.836793] CPU: 1 UID: 0 PID: 3941 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.836830] Tainted: [W]=WARN [ 128.836837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.836858] Call Trace: [ 128.836865] [ 128.836874] dump_stack_lvl+0xca/0x120 [ 128.836918] __lookup_object+0x94/0xb0 [ 128.836950] delete_object_full+0x27/0x70 [ 128.836983] free_percpu+0x30/0x1160 [ 128.837015] ? arch_uprobe_clear_state+0x16/0x140 [ 128.837053] futex_hash_free+0x38/0xc0 [ 128.837081] mmput+0x2d3/0x390 [ 128.837117] do_exit+0x79d/0x2970 [ 128.837144] ? signal_wake_up_state+0x85/0x120 [ 128.837175] ? zap_other_threads+0x2b9/0x3a0 [ 128.837207] ? __pfx_do_exit+0x10/0x10 [ 128.837233] ? do_group_exit+0x1c3/0x2a0 [ 128.837260] ? lock_release+0xc8/0x290 [ 128.837293] do_group_exit+0xd3/0x2a0 [ 128.837323] __x64_sys_exit_group+0x3e/0x50 [ 128.837351] x64_sys_call+0x18c5/0x18d0 [ 128.837382] do_syscall_64+0xbf/0x360 [ 128.837406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.837429] RIP: 0033:0x7f4e52fd7b19 [ 128.837446] Code: Unable to access opcode bytes at 0x7f4e52fd7aef. [ 128.837456] RSP: 002b:00007ffd98230208 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 128.837479] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f4e52fd7b19 [ 128.837494] RDX: 00007f4e52f8a72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 128.837508] RBP: 0000000000000000 R08: 0000001b2da24b28 R09: 0000000000000000 [ 128.837522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.837535] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd982302f0 [ 128.837566] [ 128.837573] kmemleak: Object (percpu) 0x607f1a63e750 (size 16): [ 128.837587] kmemleak: comm "syz-executor.0", pid 276, jiffies 4294795663 [ 128.837601] kmemleak: min_count = 1 [ 128.837609] kmemleak: count = 0 [ 128.837616] kmemleak: flags = 0x21 [ 128.837623] kmemleak: checksum = 0 [ 128.837631] kmemleak: backtrace: [ 128.837637] pcpu_alloc_noprof+0x87a/0x1170 [ 128.837668] mm_init+0x99b/0x1170 [ 128.837685] copy_process+0x3ab7/0x73c0 [ 128.837705] kernel_clone+0xea/0x7f0 [ 128.837725] __do_sys_clone+0xce/0x120 [ 128.837745] do_syscall_64+0xbf/0x360 [ 128.837764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.842465] kmemleak: Found object by alias at 0x607f1a63e758 [ 128.842501] CPU: 0 UID: 0 PID: 3942 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.842537] Tainted: [W]=WARN [ 128.842544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.842557] Call Trace: [ 128.842565] [ 128.842573] dump_stack_lvl+0xca/0x120 [ 128.842617] __lookup_object+0x94/0xb0 [ 128.842649] delete_object_full+0x27/0x70 [ 128.842680] free_percpu+0x30/0x1160 [ 128.842711] ? arch_uprobe_clear_state+0x16/0x140 [ 128.842748] futex_hash_free+0x38/0xc0 [ 128.842775] mmput+0x2d3/0x390 [ 128.842810] do_exit+0x79d/0x2970 [ 128.842835] ? lock_release+0xc8/0x290 [ 128.842875] ? __pfx_do_exit+0x10/0x10 [ 128.842902] ? find_held_lock+0x2b/0x80 [ 128.842948] ? get_signal+0x835/0x2340 [ 128.842986] do_group_exit+0xd3/0x2a0 [ 128.843014] get_signal+0x2315/0x2340 [ 128.843057] ? __pfx_get_signal+0x10/0x10 [ 128.843089] ? do_futex+0x135/0x370 [ 128.843114] ? __pfx_do_futex+0x10/0x10 [ 128.843143] arch_do_signal_or_restart+0x80/0x790 [ 128.843175] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 128.843206] ? __x64_sys_futex+0x1c9/0x4d0 [ 128.843229] ? __x64_sys_futex+0x1d2/0x4d0 [ 128.843256] ? fput+0x6a/0x100 [ 128.843283] ? __pfx___x64_sys_futex+0x10/0x10 [ 128.843307] ? ksys_write+0x1a3/0x240 [ 128.843330] ? __pfx_ksys_write+0x10/0x10 [ 128.843360] exit_to_user_mode_loop+0x8b/0x110 [ 128.843383] do_syscall_64+0x2f7/0x360 [ 128.843409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.843440] RIP: 0033:0x7f6105ab8b19 [ 128.843463] Code: Unable to access opcode bytes at 0x7f6105ab8aef. [ 128.843477] RSP: 002b:00007f610302e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.843507] RAX: fffffffffffffe00 RBX: 00007f6105bcbf68 RCX: 00007f6105ab8b19 [ 128.843523] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6105bcbf68 [ 128.843536] RBP: 00007f6105bcbf60 R08: 0000000000000000 R09: 0000000000000000 [ 128.843549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6105bcbf6c [ 128.843562] R13: 00007ffdacf25f3f R14: 00007f610302e300 R15: 0000000000022000 [ 128.843592] [ 128.843599] kmemleak: Object (percpu) 0x607f1a63e750 (size 16): [ 128.843612] kmemleak: comm "syz-executor.0", pid 276, jiffies 4294795663 [ 128.843624] kmemleak: min_count = 1 [ 128.843631] kmemleak: count = 0 [ 128.843639] kmemleak: flags = 0x21 [ 128.843646] kmemleak: checksum = 0 [ 128.843653] kmemleak: backtrace: [ 128.843659] pcpu_alloc_noprof+0x87a/0x1170 [ 128.843688] mm_init+0x99b/0x1170 [ 128.843704] copy_process+0x3ab7/0x73c0 [ 128.843723] kernel_clone+0xea/0x7f0 [ 128.843741] __do_sys_clone+0xce/0x120 [ 128.843760] do_syscall_64+0xbf/0x360 [ 128.843778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.959128] kmemleak: Cannot insert 0x607f1a63e758 into the object search tree (overlaps existing) [ 128.959156] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 128.959190] Tainted: [W]=WARN [ 128.959197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.959210] Call Trace: [ 128.959217] [ 128.959225] dump_stack_lvl+0xca/0x120 [ 128.959268] __link_object+0x190/0x210 11:34:22 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) [ 128.959300] __create_object+0x48/0x80 11:34:22 executing program 6: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @echo_reply={0xd}}}}}, 0x0) [ 128.959333] pcpu_alloc_noprof+0x87a/0x1170 [ 128.959378] perf_trace_event_init+0x366/0xa10 [ 128.959405] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 128.959459] perf_trace_init+0x1a4/0x2f0 [ 128.959496] perf_tp_event_init+0xa6/0x120 [ 128.959528] perf_try_init_event+0x140/0x9f0 [ 128.959562] perf_event_alloc.part.0+0x118e/0x45f0 [ 128.959596] ? perf_event_alloc.part.0+0x1074/0x45f0 [ 128.959635] ? __fget_files+0x203/0x3b0 [ 128.959664] ? __pfx_perf_event_alloc.part.0+0x10/0x10 [ 128.959699] ? find_held_lock+0x2b/0x80 [ 128.959733] ? __do_sys_perf_event_open+0x11df/0x2c20 [ 128.959766] __do_sys_perf_event_open+0x719/0x2c20 [ 128.959803] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 128.959829] ? find_held_lock+0x2b/0x80 [ 128.959891] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.959920] do_syscall_64+0xbf/0x360 [ 128.959943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.959965] RIP: 0033:0x7f60fc3ffb19 [ 128.959982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.960002] RSP: 002b:00007f60f9975188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 128.960023] RAX: ffffffffffffffda RBX: 00007f60fc512f60 RCX: 00007f60fc3ffb19 [ 128.960038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 128.960051] RBP: 00007f60fc459f6d R08: 0000000000000000 R09: 0000000000000000 [ 128.960063] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 128.960077] R13: 00007ffef10a77bf R14: 00007f60f9975300 R15: 0000000000022000 [ 128.960107] [ 128.960974] kmemleak: Kernel memory leak detector disabled [ 128.960982] kmemleak: Object (percpu) 0x607f1a63e750 (size 16): [ 128.960996] kmemleak: comm "syz-executor.0", pid 276, jiffies 4294795663 [ 128.961009] kmemleak: min_count = 1 [ 128.961016] kmemleak: count = 0 [ 128.961023] kmemleak: flags = 0x21 [ 128.961029] kmemleak: checksum = 0 [ 128.961036] kmemleak: backtrace: [ 128.961042] pcpu_alloc_noprof+0x87a/0x1170 [ 128.961072] mm_init+0x99b/0x1170 [ 128.961089] copy_process+0x3ab7/0x73c0 [ 128.961108] kernel_clone+0xea/0x7f0 [ 128.961126] __do_sys_clone+0xce/0x120 [ 128.961145] do_syscall_64+0xbf/0x360 [ 128.961163] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:34:22 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup(r1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$FIONREAD(r0, 0x541b, 0x0) 11:34:22 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) 11:34:22 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]}) [ 129.075101] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000000: 0000 [#1] SMP KASAN NOPTI [ 129.076792] KASAN: probably user-memory-access in range [0x0000000100000000-0x0000000100000007] [ 129.078145] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.085706] Tainted: [W]=WARN [ 129.085717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.085731] RIP: 0010:perf_trace_add+0x21b/0x340 [ 129.085770] Code: 00 0f 85 3a 01 00 00 4c 89 75 00 4d 85 ed 74 2a e8 da b2 f5 ff 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 df 00 00 00 4d 89 75 08 eb 03 45 31 e4 e8 ad b2 [ 129.085793] RSP: 0018:ffff8880173f7748 EFLAGS: 00010017 [ 129.085813] RAX: dffffc0000000000 RBX: ffff888009649f40 RCX: ffffc9000b654000 [ 129.085830] RDX: 0000000020000000 RSI: ffffffff817e43d6 RDI: 0000000100000007 [ 129.085846] RBP: ffffe8ffffc16758 R08: ffffffff85ca4140 R09: ffffed1002e7ef3f [ 129.085861] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 129.085875] R13: 00000000ffffffff R14: ffff888009649fa0 R15: ffff888009649fd8 [ 129.085894] FS: 00007f60f9975700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.085917] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.085933] CR2: 0000001b2cc21000 CR3: 0000000047279000 CR4: 0000000000350ef0 [ 129.085948] Call Trace: [ 129.085956] [ 129.085966] event_sched_in+0x446/0xb60 [ 129.086001] ? __is_insn_slot_addr+0x140/0x290 [ 129.086039] merge_sched_in+0xb4d/0x1810 [ 129.086065] visit_groups_merge.constprop.0.isra.0+0x8d1/0x1150 [ 129.086094] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 129.086123] ? lock_is_held_type+0x9e/0x120 [ 129.086161] ctx_sched_in+0x579/0x9b0 [ 129.086183] ? kasan_save_stack+0x10/0x50 [ 129.086214] ? __pfx_ctx_sched_in+0x10/0x10 [ 129.086235] ? init_file+0x95/0x4c0 [ 129.086270] perf_event_sched_in+0x5d/0x90 [ 129.086293] ctx_resched+0x398/0x840 [ 129.086317] __perf_install_in_context+0x436/0xb90 [ 129.086343] ? __pfx___perf_install_in_context+0x10/0x10 [ 129.086369] remote_function+0x129/0x1b0 [ 129.086406] ? __pfx_remote_function+0x10/0x10 [ 129.086459] generic_exec_single+0x1ca/0x2c0 [ 129.086516] smp_call_function_single+0x327/0x420 [ 129.086554] ? __pfx_remote_function+0x10/0x10 [ 129.086591] ? __pfx_smp_call_function_single+0x10/0x10 [ 129.086630] ? __pfx_remote_function+0x10/0x10 [ 129.086666] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 129.086696] ? kmem_cache_alloc_noprof+0x264/0x690 [ 129.086722] ? percpu_counter_add_batch+0x126/0x240 [ 129.086752] ? __pfx___perf_install_in_context+0x10/0x10 [ 129.086778] task_function_call+0xe4/0x170 [ 129.086810] ? __pfx_task_function_call+0x10/0x10 [ 129.086843] ? __pfx___perf_install_in_context+0x10/0x10 [ 129.086870] ? exclusive_event_installable+0x25a/0x330 [ 129.086903] ? lock_is_held_type+0x9e/0x120 [ 129.086958] perf_install_in_context+0x2ca/0x570 [ 129.086990] ? __pfx_perf_install_in_context+0x10/0x10 [ 129.087022] ? lock_is_held_type+0x9e/0x120 [ 129.087057] ? __perf_event_read_size+0xbe/0xd0 [ 129.087089] __do_sys_perf_event_open+0x1992/0x2c20 [ 129.087122] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 129.087151] ? find_held_lock+0x2b/0x80 [ 129.087194] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 129.087221] do_syscall_64+0xbf/0x360 [ 129.087245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.087269] RIP: 0033:0x7f60fc3ffb19 [ 129.087286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.087308] RSP: 002b:00007f60f9975188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 129.087331] RAX: ffffffffffffffda RBX: 00007f60fc512f60 RCX: 00007f60fc3ffb19 [ 129.087347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 129.087361] RBP: 00007f60fc459f6d R08: 0000000000000000 R09: 0000000000000000 [ 129.087376] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 129.087391] R13: 00007ffef10a77bf R14: 00007f60f9975300 R15: 0000000000022000 [ 129.087417] [ 129.087430] Modules linked in: [ 129.087452] ---[ end trace 0000000000000000 ]--- [ 129.087466] RIP: 0010:perf_trace_add+0x21b/0x340 [ 129.087501] Code: 00 0f 85 3a 01 00 00 4c 89 75 00 4d 85 ed 74 2a e8 da b2 f5 ff 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 df 00 00 00 4d 89 75 08 eb 03 45 31 e4 e8 ad b2 [ 129.087523] RSP: 0018:ffff8880173f7748 EFLAGS: 00010017 [ 129.087542] RAX: dffffc0000000000 RBX: ffff888009649f40 RCX: ffffc9000b654000 [ 129.087558] RDX: 0000000020000000 RSI: ffffffff817e43d6 RDI: 0000000100000007 [ 129.087573] RBP: ffffe8ffffc16758 R08: ffffffff85ca4140 R09: ffffed1002e7ef3f [ 129.087589] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 129.087603] R13: 00000000ffffffff R14: ffff888009649fa0 R15: ffff888009649fd8 [ 129.087622] FS: 00007f60f9975700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.087644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.087659] CR2: 0000001b2cc21000 CR3: 0000000047279000 CR4: 0000000000350ef0 [ 129.087676] note: syz-executor.3[3950] exited with irqs disabled [ 129.087829] note: syz-executor.3[3950] exited with preempt_count 3 VM DIAGNOSIS: 11:34:22 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880173f70a0 R8 =0000000000000000 R9 =ffffed1001752046 R10=0000000000000038 R11=552030203a555043 R12=0000000000000038 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f60f9975700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cc21000 CR3=0000000047279000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f9581f737c000007f9581f737c8 XMM02=00007f9581f737e000007f9581f737c0 XMM03=00007f9581f737c800007f9581f737c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000004445 RBX=ffff88806ce3de20 RCX=ffffc90009c47000 RDX=0000000000040000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888017297410 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8173f720 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f10eff3c700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f10f2ada018 CR3=0000000047177000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000