Warning: Permanently added '[localhost]:22449' (ECDSA) to the list of known hosts. 2025/09/01 08:33:52 fuzzer started 2025/09/01 08:33:52 dialing manager at localhost:35473 syzkaller login: [ 51.095015] cgroup: Unknown subsys name 'net' [ 51.168620] cgroup: Unknown subsys name 'cpuset' [ 51.193161] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:34:04 syscalls: 2214 2025/09/01 08:34:04 code coverage: enabled 2025/09/01 08:34:04 comparison tracing: enabled 2025/09/01 08:34:04 extra coverage: enabled 2025/09/01 08:34:04 setuid sandbox: enabled 2025/09/01 08:34:04 namespace sandbox: enabled 2025/09/01 08:34:04 Android sandbox: enabled 2025/09/01 08:34:04 fault injection: enabled 2025/09/01 08:34:04 leak checking: enabled 2025/09/01 08:34:04 net packet injection: enabled 2025/09/01 08:34:04 net device setup: enabled 2025/09/01 08:34:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:34:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:34:04 USB emulation: enabled 2025/09/01 08:34:04 hci packet injection: enabled 2025/09/01 08:34:04 wifi device emulation: enabled 2025/09/01 08:34:04 802.15.4 emulation: enabled 2025/09/01 08:34:04 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:34:04 fetching corpus: 50, signal 21624/24914 (executing program) 2025/09/01 08:34:05 fetching corpus: 100, signal 38786/42892 (executing program) 2025/09/01 08:34:05 fetching corpus: 150, signal 45221/50311 (executing program) 2025/09/01 08:34:05 fetching corpus: 200, signal 50941/56780 (executing program) 2025/09/01 08:34:05 fetching corpus: 250, signal 56121/62624 (executing program) 2025/09/01 08:34:05 fetching corpus: 300, signal 60076/67163 (executing program) 2025/09/01 08:34:05 fetching corpus: 350, signal 63895/71405 (executing program) 2025/09/01 08:34:05 fetching corpus: 400, signal 69623/77210 (executing program) 2025/09/01 08:34:05 fetching corpus: 450, signal 73601/81336 (executing program) 2025/09/01 08:34:06 fetching corpus: 500, signal 76848/84779 (executing program) 2025/09/01 08:34:06 fetching corpus: 550, signal 80363/88265 (executing program) 2025/09/01 08:34:06 fetching corpus: 600, signal 81920/90104 (executing program) 2025/09/01 08:34:06 fetching corpus: 650, signal 85445/93448 (executing program) 2025/09/01 08:34:06 fetching corpus: 700, signal 87428/95497 (executing program) 2025/09/01 08:34:06 fetching corpus: 750, signal 89118/97298 (executing program) 2025/09/01 08:34:06 fetching corpus: 800, signal 91854/99763 (executing program) 2025/09/01 08:34:06 fetching corpus: 850, signal 94052/101820 (executing program) 2025/09/01 08:34:06 fetching corpus: 900, signal 96035/103584 (executing program) 2025/09/01 08:34:07 fetching corpus: 950, signal 100138/106759 (executing program) 2025/09/01 08:34:07 fetching corpus: 1000, signal 101657/108129 (executing program) 2025/09/01 08:34:07 fetching corpus: 1050, signal 103593/109654 (executing program) 2025/09/01 08:34:07 fetching corpus: 1100, signal 105687/111207 (executing program) 2025/09/01 08:34:07 fetching corpus: 1150, signal 106934/112229 (executing program) 2025/09/01 08:34:07 fetching corpus: 1200, signal 108972/113656 (executing program) 2025/09/01 08:34:07 fetching corpus: 1250, signal 111063/115017 (executing program) 2025/09/01 08:34:08 fetching corpus: 1300, signal 112028/115702 (executing program) 2025/09/01 08:34:08 fetching corpus: 1350, signal 112907/116323 (executing program) 2025/09/01 08:34:08 fetching corpus: 1400, signal 114540/117288 (executing program) 2025/09/01 08:34:08 fetching corpus: 1450, signal 115701/117973 (executing program) 2025/09/01 08:34:08 fetching corpus: 1500, signal 116876/118650 (executing program) 2025/09/01 08:34:08 fetching corpus: 1550, signal 117972/119248 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119313 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119355 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119392 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119423 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119463 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119510 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119553 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119590 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119624 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119661 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119712 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119755 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119787 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119820 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119860 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119893 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119923 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/119980 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/120017 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/120057 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/120105 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/120141 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/120192 (executing program) 2025/09/01 08:34:08 fetching corpus: 1554, signal 118015/120230 (executing program) 2025/09/01 08:34:09 fetching corpus: 1554, signal 118015/120268 (executing program) 2025/09/01 08:34:09 fetching corpus: 1554, signal 118015/120300 (executing program) 2025/09/01 08:34:09 fetching corpus: 1554, signal 118015/120346 (executing program) 2025/09/01 08:34:09 fetching corpus: 1554, signal 118015/120368 (executing program) 2025/09/01 08:34:09 fetching corpus: 1554, signal 118015/120368 (executing program) 2025/09/01 08:34:11 starting 8 fuzzer processes 08:34:11 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(0x0, 0x0) r0 = getpgid(0x0) capset(&(0x7f0000000280)={0x19980330, r0}, 0x0) 08:34:11 executing program 1: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:34:11 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x42, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:34:11 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x109902) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000280)=""/95, 0x8}], 0x1) 08:34:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:11 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) 08:34:11 executing program 4: mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x88172, 0xffffffffffffffff, 0x8000000) mprotect(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000006) 08:34:11 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) [ 69.656268] audit: type=1400 audit(1756715651.579:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 70.772960] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.775265] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.777274] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.781764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.785093] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.897383] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.899749] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.903109] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.910435] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.918349] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.972636] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.984410] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.986522] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.998329] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.003733] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.035759] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.039977] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.041618] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.044413] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.047485] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.054719] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.057560] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.059746] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.065266] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.066735] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.071311] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.072435] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.073996] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.078073] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.079204] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.079325] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.084228] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.084258] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.085634] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.097942] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.108507] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.112022] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.117393] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.125900] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.133895] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.800310] Bluetooth: hci0: command tx timeout [ 72.992835] Bluetooth: hci1: command tx timeout [ 73.119840] Bluetooth: hci2: command tx timeout [ 73.185807] Bluetooth: hci7: command tx timeout [ 73.185847] Bluetooth: hci6: command tx timeout [ 73.186422] Bluetooth: hci5: command tx timeout [ 73.187323] Bluetooth: hci3: command tx timeout [ 73.187588] Bluetooth: hci4: command tx timeout [ 74.849150] Bluetooth: hci0: command tx timeout [ 75.039836] Bluetooth: hci1: command tx timeout [ 75.168945] Bluetooth: hci2: command tx timeout [ 75.233905] Bluetooth: hci4: command tx timeout [ 75.234333] Bluetooth: hci3: command tx timeout [ 75.234716] Bluetooth: hci5: command tx timeout [ 75.235207] Bluetooth: hci6: command tx timeout [ 75.235588] Bluetooth: hci7: command tx timeout [ 76.895918] Bluetooth: hci0: command tx timeout [ 77.088982] Bluetooth: hci1: command tx timeout [ 77.216833] Bluetooth: hci2: command tx timeout [ 77.281946] Bluetooth: hci7: command tx timeout [ 77.281968] Bluetooth: hci6: command tx timeout [ 77.282405] Bluetooth: hci5: command tx timeout [ 77.282863] Bluetooth: hci3: command tx timeout [ 77.282892] Bluetooth: hci4: command tx timeout [ 78.943859] Bluetooth: hci0: command tx timeout [ 79.135900] Bluetooth: hci1: command tx timeout [ 79.263866] Bluetooth: hci2: command tx timeout [ 79.327919] Bluetooth: hci5: command tx timeout [ 79.328338] Bluetooth: hci6: command tx timeout [ 79.328710] Bluetooth: hci4: command tx timeout [ 79.329309] Bluetooth: hci3: command tx timeout [ 79.329679] Bluetooth: hci7: command tx timeout [ 109.346032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.346699] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.528133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.528758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.854166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.854996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.868466] audit: type=1400 audit(1756715691.794:8): avc: denied { open } for pid=3789 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 109.876894] audit: type=1400 audit(1756715691.794:9): avc: denied { kernel } for pid=3789 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:34:51 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) 08:34:51 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 110.108343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.109410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:52 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) 08:34:52 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) chroot(&(0x7f00000006c0)='./file0\x00') 08:34:52 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) chroot(&(0x7f00000006c0)='./file0\x00') 08:34:52 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x42, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 110.663430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.664080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:34:52 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) chroot(&(0x7f00000006c0)='./file0\x00') 08:34:52 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x42, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 110.775832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.776447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.908656] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.909295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.993245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.993886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.054998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.055631] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.135541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.136245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.222474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.223249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.266669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.267381] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.326339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.326991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.421430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.422225] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.461569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.462196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.464879] capability: warning: `syz-executor.0' uses 32-bit capabilities (legacy support in use) [ 111.504011] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.504581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.639671] ======================================================= [ 111.639671] WARNING: The mand mount option has been deprecated and [ 111.639671] and is ignored by this kernel. Remove the mand [ 111.639671] option from the mount to silence this warning. [ 111.639671] ======================================================= [ 111.656113] audit: type=1326 audit(1756715693.579:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3910 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff14949bb19 code=0x0 [ 112.488246] audit: type=1326 audit(1756715694.414:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3910 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff14949bb19 code=0x0 08:34:54 executing program 1: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:34:54 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(0x0, 0x0) r0 = getpgid(0x0) capset(&(0x7f0000000280)={0x19980330, r0}, 0x0) 08:34:54 executing program 4: mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x88172, 0xffffffffffffffff, 0x8000000) mprotect(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000006) 08:34:54 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x109902) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000280)=""/95, 0x8}], 0x1) 08:34:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:54 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x42, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:34:54 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) chroot(&(0x7f00000006c0)='./file0\x00') 08:34:54 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) [ 112.627827] audit: type=1326 audit(1756715694.552:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3927 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff14949bb19 code=0x0 08:34:54 executing program 4: mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x88172, 0xffffffffffffffff, 0x8000000) mprotect(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000006) 08:34:54 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x109902) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000280)=""/95, 0x8}], 0x1) 08:34:54 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 08:34:54 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(0x0, 0x0) r0 = getpgid(0x0) capset(&(0x7f0000000280)={0x19980330, r0}, 0x0) 08:34:54 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x109902) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000280)=""/95, 0x8}], 0x1) [ 112.806203] audit: type=1326 audit(1756715694.731:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3937 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3af77b6b19 code=0x0 08:34:55 executing program 1: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:34:55 executing program 4: mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x88172, 0xffffffffffffffff, 0x8000000) mprotect(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000006) 08:34:55 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:55 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(0x0, 0x0) r0 = getpgid(0x0) capset(&(0x7f0000000280)={0x19980330, r0}, 0x0) 08:34:55 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(0x0, 0x0) r0 = getpgid(0x0) capset(&(0x7f0000000280)={0x19980330, r0}, 0x0) 08:34:55 executing program 7: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:34:55 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 08:34:55 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) [ 113.747688] audit: type=1326 audit(1756715695.671:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3951 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff14949bb19 code=0x0 [ 113.762297] audit: type=1326 audit(1756715695.687:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3954 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3af77b6b19 code=0x0 08:34:55 executing program 7: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:34:55 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007600", @ANYRES32], 0x18}], 0x1}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 08:34:55 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:34:55 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(0x0, 0x0) r0 = getpgid(0x0) capset(&(0x7f0000000280)={0x19980330, r0}, 0x0) [ 113.910578] BUG: unable to handle page fault for address: ffffed10212c967e [ 113.911170] #PF: supervisor read access in kernel mode [ 113.911606] #PF: error_code(0x0000) - not-present page [ 113.912025] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 113.912480] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 113.912884] CPU: 0 UID: 0 PID: 3964 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.915461] Tainted: [W]=WARN [ 113.916204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.918378] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.919398] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.922164] RSP: 0018:ffff888043ecf800 EFLAGS: 00010216 [ 113.922592] RAX: 1ffff110212c967e RBX: ffff88810964b200 RCX: ffffc9000580d000 [ 113.923166] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964b3f0 [ 113.923746] RBP: ffff888043ecfa70 R08: ffff88806ce31340 R09: ffffe8ffffc15af0 [ 113.924319] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.924895] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.925467] FS: 00007fb4d485d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.926115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.926583] CR2: ffffed10212c967e CR3: 0000000044150000 CR4: 0000000000350ef0 [ 113.927156] Call Trace: [ 113.927376] [ 113.927566] ? perf_swevent_event+0x63/0x3f0 [ 113.927939] ? __pfx_perf_tp_event+0x10/0x10 [ 113.928303] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 113.928713] ? perf_swevent_event+0x63/0x3f0 [ 113.929078] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 113.929478] ? perf_swevent_event+0x63/0x3f0 [ 113.929848] ? perf_tp_event+0x807/0xe70 [ 113.930189] ? __pfx_perf_tp_event+0x10/0x10 [ 113.930558] ? __perf_install_in_context+0x503/0xb90 [ 113.930977] ? do_raw_spin_unlock+0x53/0x220 [ 113.931353] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.931765] perf_trace_run_bpf_submit+0xef/0x180 [ 113.932167] perf_trace_lock+0x337/0x5d0 [ 113.932507] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.932890] ? lock_acquire+0x15e/0x2f0 [ 113.933217] ? futex_ref_get+0x48/0x300 [ 113.933546] ? futex_ref_get+0x114/0x300 [ 113.933876] ? futex_hash+0x15c/0x390 [ 113.934194] lock_release+0x1ab/0x290 [ 113.934511] ? futex_hash+0x15c/0x390 [ 113.934825] futex_ref_get+0x119/0x300 [ 113.935147] ? futex_hash+0x15c/0x390 [ 113.935468] futex_hash+0x70/0x390 [ 113.935766] futex_wake+0x143/0x540 [ 113.936073] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.936450] ? __pfx_futex_wake+0x10/0x10 [ 113.936798] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 113.937214] ? lock_release+0xc8/0x290 [ 113.937546] do_futex+0x26d/0x370 [ 113.937838] ? __pfx_do_futex+0x10/0x10 [ 113.938165] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 113.938597] ? find_held_lock+0x2b/0x80 [ 113.938936] __x64_sys_futex+0x1c9/0x4d0 [ 113.939281] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.939657] ? xfd_validate_state+0x55/0x180 [ 113.940037] do_syscall_64+0xbf/0x360 [ 113.940352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.940774] RIP: 0033:0x7fb4d72e7b19 [ 113.941078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.942526] RSP: 002b:00007fb4d485d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.943134] RAX: ffffffffffffffda RBX: 00007fb4d73faf68 RCX: 00007fb4d72e7b19 [ 113.943711] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb4d73faf6c [ 113.944283] RBP: 00007fb4d73faf60 R08: 000000000000000e R09: 0000000000000000 [ 113.944855] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb4d73faf6c [ 113.945430] R13: 00007fff9965b85f R14: 00007fb4d485d300 R15: 0000000000022000 [ 113.946011] [ 113.946203] Modules linked in: [ 113.946468] CR2: ffffed10212c967e [ 113.946752] ---[ end trace 0000000000000000 ]--- [ 113.947135] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.947530] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.948981] RSP: 0018:ffff888043ecf800 EFLAGS: 00010216 [ 113.949415] RAX: 1ffff110212c967e RBX: ffff88810964b200 RCX: ffffc9000580d000 [ 113.949988] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964b3f0 [ 113.950559] RBP: ffff888043ecfa70 R08: ffff88806ce31340 R09: ffffe8ffffc15af0 [ 113.951135] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.951716] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.952288] FS: 00007fb4d485d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.952939] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.953403] CR2: ffffed10212c967e CR3: 0000000044150000 CR4: 0000000000350ef0 [ 113.953981] note: syz-executor.5[3964] exited with irqs disabled [ 113.954473] BUG: unable to handle page fault for address: ffffed10212c967e [ 113.955027] #PF: supervisor read access in kernel mode [ 113.955448] #PF: error_code(0x0000) - not-present page [ 113.955872] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 113.956326] Oops: Oops: 0000 [#2] SMP KASAN NOPTI [ 113.956720] CPU: 0 UID: 0 PID: 3964 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.957670] Tainted: [D]=DIE, [W]=WARN [ 113.957978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.958635] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.959018] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.960472] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010016 [ 113.960899] RAX: 1ffff110212c967e RBX: ffff88810964b200 RCX: 0000000000000002 [ 113.961465] RDX: ffff888009cb1b80 RSI: ffffffff8189a4e7 RDI: ffff88810964b3f0 [ 113.962037] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15af0 [ 113.962614] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 113.963181] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 113.963759] FS: 00007fb4d485d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.964395] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.964865] CR2: ffffed10212c967e CR3: 0000000044150000 CR4: 0000000000350ef0 [ 113.965429] Call Trace: [ 113.965650] [ 113.965832] ? e1000_alloc_rx_buffers+0x7e5/0xe10 [ 113.966227] ? __pfx_perf_tp_event+0x10/0x10 [ 113.966597] ? sched_clock_cpu+0x6c/0x4e0 [ 113.966938] ? trace_pelt_se_tp+0xdf/0x130 [ 113.967290] ? __update_load_avg_se+0x428/0xa40 [ 113.967673] ? lock_is_held_type+0x9e/0x120 [ 113.968024] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 113.968466] ? __resched_curr+0x2a2/0x330 [ 113.968816] ? __pfx___resched_curr+0x10/0x10 [ 113.969184] ? lock_is_held_type+0x9e/0x120 [ 113.969539] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.969947] perf_trace_run_bpf_submit+0xef/0x180 [ 113.970342] perf_trace_lock+0x337/0x5d0 [ 113.970683] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.971058] ? find_held_lock+0x2b/0x80 [ 113.971394] ? hrtimer_interrupt+0x114/0x830 [ 113.971760] lock_release+0x1ab/0x290 [ 113.972075] ktime_get_update_offsets_now+0xab/0x3c0 [ 113.972485] ? hrtimer_interrupt+0x114/0x830 [ 113.972854] ? __pfx_lapic_next_deadline+0x10/0x10 [ 113.973256] hrtimer_interrupt+0x114/0x830 [ 113.973602] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 113.974024] sysvec_apic_timer_interrupt+0x6b/0x80 [ 113.974424] [ 113.974613] [ 113.974802] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.975222] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 113.975609] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 113.977050] RSP: 0018:ffff888043ecff28 EFLAGS: 00000246 [ 113.977475] RAX: 0000000000000001 RBX: ffff888009cb1b80 RCX: ffffffff817c3ab6 [ 113.978044] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 113.978612] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 113.979177] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888009cb1b80 [ 113.979759] R13: 0000000000000009 R14: ffff888043ecf7e0 R15: 0000000000000000 [ 113.980325] ? trace_irq_enable.constprop.0+0x26/0x100 [ 113.980740] ? make_task_dead+0x214/0x3b0 [ 113.981077] ? make_task_dead+0x214/0x3b0 [ 113.981411] ? do_syscall_64+0xbf/0x360 [ 113.981740] rewind_stack_and_make_dead+0x16/0x20 [ 113.982135] RIP: 0033:0x7fb4d72e7b19 [ 113.982433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.983894] RSP: 002b:00007fb4d485d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.984494] RAX: ffffffffffffffda RBX: 00007fb4d73faf68 RCX: 00007fb4d72e7b19 [ 113.985070] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb4d73faf6c [ 113.985633] RBP: 00007fb4d73faf60 R08: 000000000000000e R09: 0000000000000000 [ 113.986195] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb4d73faf6c [ 113.986758] R13: 00007fff9965b85f R14: 00007fb4d485d300 R15: 0000000000022000 [ 113.987333] [ 113.987521] Modules linked in: [ 113.987785] CR2: ffffed10212c967e [ 113.988061] ---[ end trace 0000000000000000 ]--- [ 113.988429] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.988809] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.990227] RSP: 0018:ffff888043ecf800 EFLAGS: 00010216 [ 113.990648] RAX: 1ffff110212c967e RBX: ffff88810964b200 RCX: ffffc9000580d000 [ 113.991207] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964b3f0 [ 113.991779] RBP: ffff888043ecfa70 R08: ffff88806ce31340 R09: ffffe8ffffc15af0 [ 113.992334] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.992901] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.993459] FS: 00007fb4d485d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.994092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.994551] CR2: ffffed10212c967e CR3: 0000000044150000 CR4: 0000000000350ef0 [ 113.995122] Kernel panic - not syncing: Fatal exception in interrupt [ 113.995899] Kernel Offset: disabled [ 113.996192] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:34:56 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888043eceff0 R8 =0000000000000000 R9 =ffffed1001459046 R10=00000000000fe503 R11=6572617764726148 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb4d485d700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed10212c967e CR3=0000000044150000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fb4d73ce7c000007fb4d73ce7c8 XMM02=00007fb4d73ce7e000007fb4d73ce7c0 XMM03=00007fb4d73ce7c800007fb4d73ce7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000016157901 RBX=ffffffff816087b0 RCX=000000000000000d RDX=0000000000000000 RSI=ffffffff85c1c760 RDI=ffff888015f91f7c RBP=ffff888016157950 RSP=ffff8880161578b8 R8 =ffffffff84c93ca0 R9 =ffff8880161578f8 R10=000000000003bea3 R11=0000000000024b22 R12=ffff888016157980 R13=0000000000000000 R14=ffff888015f91b80 R15=0000000000092800 RIP=ffffffff812d9af6 RFL=00000292 [--S-A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f915b5a48c0 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f530b301640 CR3=000000000e026000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff000000ff000000ff000000000000 XMM02=000055bd71003075700065636172742f XMM03=7269762f736563697665642f7379732f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055bd71c520a0000055bd71c52080 XMM06=000055bd71c8e280ffffffff00000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000