Warning: Permanently added '[localhost]:16602' (ECDSA) to the list of known hosts. 2025/08/29 09:31:00 fuzzer started 2025/08/29 09:31:01 dialing manager at localhost:43077 syzkaller login: [ 51.190759] cgroup: Unknown subsys name 'net' [ 51.258715] cgroup: Unknown subsys name 'cpuset' [ 51.273951] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:31:11 syscalls: 2214 2025/08/29 09:31:11 code coverage: enabled 2025/08/29 09:31:11 comparison tracing: enabled 2025/08/29 09:31:11 extra coverage: enabled 2025/08/29 09:31:11 setuid sandbox: enabled 2025/08/29 09:31:11 namespace sandbox: enabled 2025/08/29 09:31:11 Android sandbox: enabled 2025/08/29 09:31:11 fault injection: enabled 2025/08/29 09:31:11 leak checking: enabled 2025/08/29 09:31:11 net packet injection: enabled 2025/08/29 09:31:11 net device setup: enabled 2025/08/29 09:31:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:31:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:31:11 USB emulation: enabled 2025/08/29 09:31:11 hci packet injection: enabled 2025/08/29 09:31:11 wifi device emulation: enabled 2025/08/29 09:31:11 802.15.4 emulation: enabled 2025/08/29 09:31:11 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:31:11 fetching corpus: 50, signal 24567/27893 (executing program) 2025/08/29 09:31:11 fetching corpus: 100, signal 36532/41051 (executing program) 2025/08/29 09:31:11 fetching corpus: 150, signal 41777/47519 (executing program) 2025/08/29 09:31:11 fetching corpus: 200, signal 48146/54936 (executing program) 2025/08/29 09:31:11 fetching corpus: 250, signal 52715/60547 (executing program) 2025/08/29 09:31:11 fetching corpus: 300, signal 56823/65618 (executing program) 2025/08/29 09:31:12 fetching corpus: 350, signal 61437/70985 (executing program) 2025/08/29 09:31:12 fetching corpus: 400, signal 64294/74675 (executing program) 2025/08/29 09:31:12 fetching corpus: 450, signal 69091/80143 (executing program) 2025/08/29 09:31:12 fetching corpus: 500, signal 71795/83585 (executing program) 2025/08/29 09:31:12 fetching corpus: 550, signal 74585/86949 (executing program) 2025/08/29 09:31:12 fetching corpus: 600, signal 77396/90336 (executing program) 2025/08/29 09:31:12 fetching corpus: 650, signal 80445/93789 (executing program) 2025/08/29 09:31:12 fetching corpus: 700, signal 82303/96203 (executing program) 2025/08/29 09:31:12 fetching corpus: 750, signal 84339/98697 (executing program) 2025/08/29 09:31:13 fetching corpus: 800, signal 87016/101696 (executing program) 2025/08/29 09:31:13 fetching corpus: 850, signal 89079/104161 (executing program) 2025/08/29 09:31:13 fetching corpus: 900, signal 91728/107034 (executing program) 2025/08/29 09:31:13 fetching corpus: 950, signal 93096/108852 (executing program) 2025/08/29 09:31:13 fetching corpus: 1000, signal 95966/111690 (executing program) 2025/08/29 09:31:13 fetching corpus: 1050, signal 97501/113549 (executing program) 2025/08/29 09:31:13 fetching corpus: 1100, signal 99299/115486 (executing program) 2025/08/29 09:31:13 fetching corpus: 1150, signal 100745/117154 (executing program) 2025/08/29 09:31:13 fetching corpus: 1200, signal 101897/118603 (executing program) 2025/08/29 09:31:13 fetching corpus: 1250, signal 103541/120344 (executing program) 2025/08/29 09:31:14 fetching corpus: 1300, signal 105129/122085 (executing program) 2025/08/29 09:31:14 fetching corpus: 1350, signal 107304/124096 (executing program) 2025/08/29 09:31:14 fetching corpus: 1400, signal 108726/125628 (executing program) 2025/08/29 09:31:14 fetching corpus: 1450, signal 110145/127076 (executing program) 2025/08/29 09:31:14 fetching corpus: 1500, signal 110954/128169 (executing program) 2025/08/29 09:31:14 fetching corpus: 1550, signal 111718/129162 (executing program) 2025/08/29 09:31:14 fetching corpus: 1600, signal 114176/131091 (executing program) 2025/08/29 09:31:14 fetching corpus: 1650, signal 115236/132197 (executing program) 2025/08/29 09:31:14 fetching corpus: 1700, signal 116749/133543 (executing program) 2025/08/29 09:31:15 fetching corpus: 1750, signal 118120/134728 (executing program) 2025/08/29 09:31:15 fetching corpus: 1800, signal 119834/136050 (executing program) 2025/08/29 09:31:15 fetching corpus: 1850, signal 121206/137181 (executing program) 2025/08/29 09:31:15 fetching corpus: 1900, signal 122187/138077 (executing program) 2025/08/29 09:31:15 fetching corpus: 1950, signal 123494/139141 (executing program) 2025/08/29 09:31:15 fetching corpus: 2000, signal 124302/139851 (executing program) 2025/08/29 09:31:15 fetching corpus: 2050, signal 125275/140662 (executing program) 2025/08/29 09:31:15 fetching corpus: 2100, signal 125993/141359 (executing program) 2025/08/29 09:31:15 fetching corpus: 2150, signal 126824/142097 (executing program) 2025/08/29 09:31:16 fetching corpus: 2200, signal 127557/142731 (executing program) 2025/08/29 09:31:16 fetching corpus: 2250, signal 128503/143448 (executing program) 2025/08/29 09:31:16 fetching corpus: 2300, signal 130016/144295 (executing program) 2025/08/29 09:31:16 fetching corpus: 2350, signal 130650/144844 (executing program) 2025/08/29 09:31:16 fetching corpus: 2400, signal 131286/145406 (executing program) 2025/08/29 09:31:16 fetching corpus: 2450, signal 132148/146013 (executing program) 2025/08/29 09:31:16 fetching corpus: 2500, signal 133086/146647 (executing program) 2025/08/29 09:31:16 fetching corpus: 2550, signal 133760/147134 (executing program) 2025/08/29 09:31:17 fetching corpus: 2600, signal 134497/147635 (executing program) 2025/08/29 09:31:17 fetching corpus: 2650, signal 135127/148100 (executing program) 2025/08/29 09:31:17 fetching corpus: 2700, signal 135916/148560 (executing program) 2025/08/29 09:31:17 fetching corpus: 2750, signal 136696/149008 (executing program) 2025/08/29 09:31:17 fetching corpus: 2800, signal 137409/149533 (executing program) 2025/08/29 09:31:17 fetching corpus: 2850, signal 138205/149916 (executing program) 2025/08/29 09:31:17 fetching corpus: 2900, signal 138898/150291 (executing program) 2025/08/29 09:31:17 fetching corpus: 2950, signal 139455/150640 (executing program) 2025/08/29 09:31:17 fetching corpus: 3000, signal 140067/150958 (executing program) 2025/08/29 09:31:18 fetching corpus: 3050, signal 140700/151295 (executing program) 2025/08/29 09:31:18 fetching corpus: 3100, signal 141253/151580 (executing program) 2025/08/29 09:31:18 fetching corpus: 3150, signal 142184/151906 (executing program) 2025/08/29 09:31:18 fetching corpus: 3200, signal 142779/152154 (executing program) 2025/08/29 09:31:18 fetching corpus: 3250, signal 143509/152379 (executing program) 2025/08/29 09:31:18 fetching corpus: 3300, signal 143894/152578 (executing program) 2025/08/29 09:31:18 fetching corpus: 3350, signal 144424/152755 (executing program) 2025/08/29 09:31:18 fetching corpus: 3400, signal 145320/152936 (executing program) 2025/08/29 09:31:19 fetching corpus: 3450, signal 145824/153067 (executing program) 2025/08/29 09:31:19 fetching corpus: 3500, signal 146271/153175 (executing program) 2025/08/29 09:31:19 fetching corpus: 3550, signal 146841/153347 (executing program) 2025/08/29 09:31:19 fetching corpus: 3600, signal 147611/153469 (executing program) 2025/08/29 09:31:19 fetching corpus: 3650, signal 148205/153543 (executing program) 2025/08/29 09:31:19 fetching corpus: 3700, signal 148637/153586 (executing program) 2025/08/29 09:31:19 fetching corpus: 3750, signal 149256/153586 (executing program) 2025/08/29 09:31:19 fetching corpus: 3800, signal 149796/153609 (executing program) 2025/08/29 09:31:19 fetching corpus: 3850, signal 150237/153634 (executing program) 2025/08/29 09:31:19 fetching corpus: 3900, signal 150852/153719 (executing program) 2025/08/29 09:31:20 fetching corpus: 3950, signal 151343/153744 (executing program) 2025/08/29 09:31:20 fetching corpus: 3993, signal 151636/153756 (executing program) 2025/08/29 09:31:20 fetching corpus: 3993, signal 151636/153756 (executing program) 2025/08/29 09:31:22 starting 8 fuzzer processes 09:31:22 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend}, {@access_any}]}}) 09:31:22 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7fffffffffffffff, 0x2}) 09:31:22 executing program 7: keyctl$set_timeout(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$update(0x2, r0, &(0x7f0000000340)=':', 0x1) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000240)) 09:31:22 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000d2f4655fd2f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="020000001200000022", 0x9, 0x800}, {&(0x7f0000012e00)="ed41000000080000d0f4655fd2f4655fd2f4655f000000000000040004", 0x1d, 0x11080}], 0x0, &(0x7f0000000440)=ANY=[]) getdents64(r0, 0x0, 0x0) 09:31:22 executing program 2: openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000040)={0x103d43, 0x0, 0x13}, 0x18) 09:31:22 executing program 4: syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 09:31:22 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7) 09:31:22 executing program 6: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x121802, 0x0) write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='c *:'], 0x8) [ 72.325344] audit: type=1400 audit(1756459882.442:7): avc: denied { execmem } for pid=272 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 73.528318] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.532258] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.536372] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.541176] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.545081] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.594016] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.595683] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.597481] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.601041] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.605947] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.661384] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.664854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.666281] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.670284] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.678358] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.690909] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.701538] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.706001] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.709981] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.718760] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.726407] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.728570] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.732561] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.739945] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.739975] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.741558] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.742091] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.745525] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.749857] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.755847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.762941] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.766195] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.772760] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.777164] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.780423] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.782923] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.792949] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.803951] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.805379] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.811759] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.619982] Bluetooth: hci0: command tx timeout [ 75.683907] Bluetooth: hci1: command tx timeout [ 75.748664] Bluetooth: hci2: command tx timeout [ 75.811835] Bluetooth: hci3: command tx timeout [ 75.875468] Bluetooth: hci6: command tx timeout [ 75.875502] Bluetooth: hci7: command tx timeout [ 75.876503] Bluetooth: hci4: command tx timeout [ 75.876683] Bluetooth: hci5: command tx timeout [ 77.666661] Bluetooth: hci0: command tx timeout [ 77.730657] Bluetooth: hci1: command tx timeout [ 77.795839] Bluetooth: hci2: command tx timeout [ 77.860621] Bluetooth: hci3: command tx timeout [ 77.922684] Bluetooth: hci6: command tx timeout [ 77.923106] Bluetooth: hci5: command tx timeout [ 77.923496] Bluetooth: hci7: command tx timeout [ 77.923988] Bluetooth: hci4: command tx timeout [ 79.714706] Bluetooth: hci0: command tx timeout [ 79.779153] Bluetooth: hci1: command tx timeout [ 79.842708] Bluetooth: hci2: command tx timeout [ 79.906647] Bluetooth: hci3: command tx timeout [ 79.971624] Bluetooth: hci4: command tx timeout [ 79.972071] Bluetooth: hci7: command tx timeout [ 79.972451] Bluetooth: hci5: command tx timeout [ 79.972872] Bluetooth: hci6: command tx timeout [ 81.762687] Bluetooth: hci0: command tx timeout [ 81.826772] Bluetooth: hci1: command tx timeout [ 81.890731] Bluetooth: hci2: command tx timeout [ 81.955645] Bluetooth: hci3: command tx timeout [ 82.018720] Bluetooth: hci6: command tx timeout [ 82.019520] Bluetooth: hci5: command tx timeout [ 82.020297] Bluetooth: hci7: command tx timeout [ 82.021173] Bluetooth: hci4: command tx timeout [ 114.039032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.039768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.120030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.120692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.483645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.484277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.630258] audit: type=1400 audit(1756459924.747:8): avc: denied { open } for pid=3812 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 114.634673] audit: type=1400 audit(1756459924.747:9): avc: denied { kernel } for pid=3812 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 114.657817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.658442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:32:04 executing program 7: keyctl$set_timeout(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$update(0x2, r0, &(0x7f0000000340)=':', 0x1) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000240)) 09:32:05 executing program 7: keyctl$set_timeout(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$update(0x2, r0, &(0x7f0000000340)=':', 0x1) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000240)) [ 114.996125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.997474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:32:05 executing program 7: keyctl$set_timeout(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$update(0x2, r0, &(0x7f0000000340)=':', 0x1) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000240)) [ 115.213414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.214335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.381647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.382800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.524250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.526687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.637036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.637732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.777493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.778409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.816532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.817234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.888937] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.889754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.939640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.940309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.981970] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.982695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.044531] loop1: detected capacity change from 0 to 512 [ 116.091066] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 116.111750] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.153822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.231084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.231872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.284096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.285072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.406877] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 09:32:06 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000d2f4655fd2f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="020000001200000022", 0x9, 0x800}, {&(0x7f0000012e00)="ed41000000080000d0f4655fd2f4655fd2f4655f000000000000040004", 0x1d, 0x11080}], 0x0, &(0x7f0000000440)=ANY=[]) getdents64(r0, 0x0, 0x0) 09:32:06 executing program 7: keyctl$set_timeout(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$update(0x2, r0, &(0x7f0000000340)=':', 0x1) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000240)) 09:32:06 executing program 4: syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 09:32:06 executing program 6: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x121802, 0x0) write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='c *:'], 0x8) 09:32:06 executing program 2: openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000040)={0x103d43, 0x0, 0x13}, 0x18) 09:32:06 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7fffffffffffffff, 0x2}) 09:32:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7) 09:32:06 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend}, {@access_any}]}}) [ 116.487569] loop1: detected capacity change from 0 to 512 [ 116.527877] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 116.578403] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. 09:32:06 executing program 4: syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 09:32:06 executing program 2: openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000040)={0x103d43, 0x0, 0x13}, 0x18) 09:32:06 executing program 6: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x121802, 0x0) write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='c *:'], 0x8) [ 116.684170] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. 09:32:06 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$lock(r0, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7fffffffffffffff, 0x2}) 09:32:06 executing program 2: openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000040)={0x103d43, 0x0, 0x13}, 0x18) 09:32:06 executing program 7: keyctl$set_timeout(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$update(0x2, r0, &(0x7f0000000340)=':', 0x1) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000240)) 09:32:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7) 09:32:06 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend}, {@access_any}]}}) 09:32:06 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000d2f4655fd2f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="020000001200000022", 0x9, 0x800}, {&(0x7f0000012e00)="ed41000000080000d0f4655fd2f4655fd2f4655f000000000000040004", 0x1d, 0x11080}], 0x0, &(0x7f0000000440)=ANY=[]) getdents64(r0, 0x0, 0x0) 09:32:06 executing program 4: syz_mount_image$nfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 09:32:06 executing program 6: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x121802, 0x0) write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='c *:'], 0x8) [ 116.780786] loop1: detected capacity change from 0 to 512 [ 116.786946] BUG: unable to handle page fault for address: ffffed10212c91ce [ 116.787548] #PF: supervisor read access in kernel mode [ 116.787983] #PF: error_code(0x0000) - not-present page [ 116.788403] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 116.788853] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 116.789532] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.793628] Tainted: [W]=WARN [ 116.793881] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.794529] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.794914] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.796348] RSP: 0018:ffff88801b7ff800 EFLAGS: 00010212 [ 116.796769] RAX: 1ffff110212c91ce RBX: ffff888109648c80 RCX: ffffc90004a06000 [ 116.797377] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109648e70 [ 116.797937] RBP: ffff88801b7ffa70 R08: ffff88806ce31340 R09: ffffe8ffffc16720 [ 116.798519] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 116.799086] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 116.799669] FS: 00007f8fcabfe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.800312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.800772] CR2: ffffed10212c91ce CR3: 0000000043f60000 CR4: 0000000000350ef0 [ 116.801350] Call Trace: [ 116.801565] [ 116.801748] ? perf_swevent_event+0x63/0x3f0 [ 116.802122] ? __pfx_perf_tp_event+0x10/0x10 [ 116.802488] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 116.802895] ? perf_swevent_event+0x63/0x3f0 [ 116.803253] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 116.803676] ? perf_swevent_event+0x63/0x3f0 [ 116.804040] ? perf_tp_event+0x807/0xe70 [ 116.804382] ? __pfx_perf_tp_event+0x10/0x10 [ 116.804758] ? __perf_install_in_context+0x503/0xb90 [ 116.805172] ? do_raw_spin_unlock+0x53/0x220 [ 116.805534] ? perf_trace_run_bpf_submit+0xef/0x180 [ 116.805945] perf_trace_run_bpf_submit+0xef/0x180 [ 116.806341] perf_trace_lock+0x337/0x5d0 [ 116.806675] ? __pfx_perf_trace_lock+0x10/0x10 [ 116.807047] ? lock_acquire+0x15e/0x2f0 [ 116.807381] ? futex_ref_get+0x48/0x300 [ 116.807713] ? futex_ref_get+0x114/0x300 [ 116.808044] ? futex_hash+0x15c/0x390 [ 116.808362] lock_release+0x1ab/0x290 [ 116.808675] ? futex_hash+0x15c/0x390 [ 116.808991] futex_ref_get+0x119/0x300 [ 116.809303] ? futex_hash+0x15c/0x390 [ 116.809617] futex_hash+0x70/0x390 [ 116.809913] futex_wake+0x143/0x540 [ 116.810216] ? __pfx_perf_trace_lock+0x10/0x10 [ 116.810586] ? __pfx_futex_wake+0x10/0x10 [ 116.810936] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 116.811344] ? lock_release+0xc8/0x290 [ 116.811668] do_futex+0x26d/0x370 [ 116.811970] ? __pfx_do_futex+0x10/0x10 [ 116.812291] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 116.812720] ? find_held_lock+0x2b/0x80 [ 116.813052] __x64_sys_futex+0x1c9/0x4d0 [ 116.813395] ? __pfx___x64_sys_futex+0x10/0x10 [ 116.813776] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 116.814201] do_syscall_64+0xbf/0x360 [ 116.814515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.814935] RIP: 0033:0x7f8fcd688b19 [ 116.815232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.816693] RSP: 002b:00007f8fcabfe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.817295] RAX: ffffffffffffffda RBX: 00007f8fcd79bf68 RCX: 00007f8fcd688b19 [ 116.817865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8fcd79bf6c [ 116.818427] RBP: 00007f8fcd79bf60 R08: 000000000000000e R09: 0000000000000000 [ 116.819010] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8fcd79bf6c [ 116.819578] R13: 00007ffc1982f98f R14: 00007f8fcabfe300 R15: 0000000000022000 [ 116.820169] [ 116.820360] Modules linked in: [ 116.820626] CR2: ffffed10212c91ce [ 116.820901] ---[ end trace 0000000000000000 ]--- [ 116.821282] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.821670] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.823112] RSP: 0018:ffff88801b7ff800 EFLAGS: 00010212 [ 116.823542] RAX: 1ffff110212c91ce RBX: ffff888109648c80 RCX: ffffc90004a06000 [ 116.824116] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109648e70 [ 116.824693] RBP: ffff88801b7ffa70 R08: ffff88806ce31340 R09: ffffe8ffffc16720 [ 116.825257] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 116.825818] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 116.826393] FS: 00007f8fcabfe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.827030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.827507] CR2: ffffed10212c91ce CR3: 0000000043f60000 CR4: 0000000000350ef0 [ 116.828087] note: syz-executor.5[3943] exited with irqs disabled [ 116.828596] BUG: unable to handle page fault for address: ffffed10212c91ce [ 116.829142] #PF: supervisor read access in kernel mode [ 116.829582] #PF: error_code(0x0000) - not-present page [ 116.830009] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 116.830459] Oops: Oops: 0000 [#2] SMP KASAN NOPTI [ 116.830844] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.831795] Tainted: [D]=DIE, [W]=WARN [ 116.832107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.832762] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.833136] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.834579] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 116.834998] RAX: 1ffff110212c91ce RBX: ffff888109648c80 RCX: 0000000000000002 [ 116.835567] RDX: ffff888017380000 RSI: ffffffff818995b7 RDI: ffff888109648e70 [ 116.836141] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16720 [ 116.836701] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 116.837276] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 116.837832] FS: 00007f8fcabfe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.838461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.838929] CR2: ffffed10212c91ce CR3: 0000000043f60000 CR4: 0000000000350ef0 [ 116.839488] Call Trace: [ 116.839703] [ 116.839885] ? __pfx_perf_tp_event+0x10/0x10 [ 116.840243] ? timerqueue_add+0x1c2/0x330 [ 116.840587] ? hrtimer_start_range_ns+0x444/0xdb0 [ 116.840985] ? __lock_acquire+0x694/0x1b70 [ 116.841324] ? do_raw_spin_unlock+0x2/0x220 [ 116.841687] ? lock_acquire+0x15e/0x2f0 [ 116.842012] ? perf_trace_run_bpf_submit+0xef/0x180 [ 116.842412] perf_trace_run_bpf_submit+0xef/0x180 [ 116.842813] perf_trace_lock+0x337/0x5d0 [ 116.843150] ? __pfx_perf_trace_lock+0x10/0x10 [ 116.843518] ? hrtimer_interrupt+0x114/0x830 [ 116.843878] lock_release+0x1ab/0x290 [ 116.844199] ktime_get_update_offsets_now+0xab/0x3c0 [ 116.844611] ? hrtimer_interrupt+0x114/0x830 [ 116.844963] hrtimer_interrupt+0x114/0x830 [ 116.845312] ? invalidate_bh_lru+0x135/0x180 [ 116.845673] ? __pfx_invalidate_bh_lru+0x10/0x10 [ 116.846057] ? trace_csd_function_exit+0x134/0x190 [ 116.846460] ? __flush_smp_call_function_queue+0x28c/0x740 [ 116.846921] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 116.847334] sysvec_apic_timer_interrupt+0x6b/0x80 [ 116.847737] [ 116.847919] [ 116.848121] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 116.848541] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 116.848920] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 116.850379] RSP: 0018:ffff88801b7fff28 EFLAGS: 00000246 [ 116.850807] RAX: 0000000000000001 RBX: ffff888017380000 RCX: ffffffff817c2b86 [ 116.851363] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 116.851958] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 116.852539] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888017380000 [ 116.853113] R13: 0000000000000009 R14: ffff88801b7ff7e0 R15: 0000000000000000 [ 116.853679] ? trace_irq_enable.constprop.0+0x26/0x100 [ 116.854092] ? make_task_dead+0x214/0x3b0 [ 116.854426] ? make_task_dead+0x214/0x3b0 [ 116.854752] ? do_syscall_64+0xbf/0x360 [ 116.855081] rewind_stack_and_make_dead+0x16/0x20 [ 116.855476] RIP: 0033:0x7f8fcd688b19 [ 116.855780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.857261] RSP: 002b:00007f8fcabfe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.857889] RAX: ffffffffffffffda RBX: 00007f8fcd79bf68 RCX: 00007f8fcd688b19 [ 116.858482] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8fcd79bf6c [ 116.859060] RBP: 00007f8fcd79bf60 R08: 000000000000000e R09: 0000000000000000 [ 116.859648] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8fcd79bf6c [ 116.860229] R13: 00007ffc1982f98f R14: 00007f8fcabfe300 R15: 0000000000022000 [ 116.860821] [ 116.861019] Modules linked in: [ 116.861289] CR2: ffffed10212c91ce [ 116.861579] ---[ end trace 0000000000000000 ]--- [ 116.861583] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 116.861973] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.862826] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 116.863207] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.863769] CPU: 1 UID: 0 PID: 3941 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.865234] RSP: 0018:ffff88801b7ff800 EFLAGS: 00010212 [ 116.866096] Tainted: [D]=DIE, [W]=WARN [ 116.866517] RAX: 1ffff110212c91ce RBX: ffff888109648c80 RCX: ffffc90004a06000 [ 116.866800] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.867367] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109648e70 [ 116.867976] RIP: 0010:perf_tp_event+0x175/0xe70 [ 116.868549] RBP: ffff88801b7ffa70 R08: ffff88806ce31340 R09: ffffe8ffffc16720 [ 116.868893] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 116.869460] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 116.870785] RSP: 0018:ffff888018977800 EFLAGS: 00010212 [ 116.871360] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 116.871363] [ 116.871373] FS: 00007f8fcabfe700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.871761] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 116.872334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.872464] RDX: ffff888015f38000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 116.873105] CR2: ffffed10212c91ce CR3: 0000000043f60000 CR4: 0000000000350ef0 [ 116.873621] RBP: ffff888018977a70 R08: ffff88806cf31340 R09: ffffe8ffffd16720 [ 116.874089] Kernel panic - not syncing: Fatal exception in interrupt [ 116.876557] Kernel Offset: disabled [ 116.876852] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:32:07 Registers: info registers vcpu 0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801b7ff010 R8 =0000000000000000 R9 =ffffed10015fd046 R10=0000000000000031 R11=552030203a555043 R12=0000000000000031 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f8fcabfe700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed10212c91ce CR3=0000000043f60000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f8fcd76f7c000007f8fcd76f7c8 XMM02=00007f8fcd76f7e000007f8fcd76f7c0 XMM03=00007f8fcd76f7c800007f8fcd76f7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000002 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff888017581b80 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804593f8a8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6f7b R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8173e780 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f80ed5bf700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055558be87c18 CR3=000000003a26b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000