Warning: Permanently added '[localhost]:58534' (ECDSA) to the list of known hosts. 2025/08/29 10:19:43 fuzzer started 2025/08/29 10:19:43 dialing manager at localhost:43077 syzkaller login: [ 50.603886] cgroup: Unknown subsys name 'net' [ 50.666677] cgroup: Unknown subsys name 'cpuset' [ 50.686343] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:19:54 syscalls: 2214 2025/08/29 10:19:54 code coverage: enabled 2025/08/29 10:19:54 comparison tracing: enabled 2025/08/29 10:19:54 extra coverage: enabled 2025/08/29 10:19:54 setuid sandbox: enabled 2025/08/29 10:19:54 namespace sandbox: enabled 2025/08/29 10:19:54 Android sandbox: enabled 2025/08/29 10:19:54 fault injection: enabled 2025/08/29 10:19:54 leak checking: enabled 2025/08/29 10:19:54 net packet injection: enabled 2025/08/29 10:19:54 net device setup: enabled 2025/08/29 10:19:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:19:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:19:54 USB emulation: enabled 2025/08/29 10:19:54 hci packet injection: enabled 2025/08/29 10:19:54 wifi device emulation: enabled 2025/08/29 10:19:54 802.15.4 emulation: enabled 2025/08/29 10:19:54 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:19:54 fetching corpus: 36, signal 20041/23567 (executing program) 2025/08/29 10:19:54 fetching corpus: 86, signal 29122/34121 (executing program) 2025/08/29 10:19:54 fetching corpus: 136, signal 43088/49083 (executing program) 2025/08/29 10:19:54 fetching corpus: 186, signal 49535/56649 (executing program) 2025/08/29 10:19:54 fetching corpus: 236, signal 55681/63822 (executing program) 2025/08/29 10:19:54 fetching corpus: 286, signal 59513/68730 (executing program) 2025/08/29 10:19:54 fetching corpus: 336, signal 64414/74538 (executing program) 2025/08/29 10:19:55 fetching corpus: 386, signal 67623/78674 (executing program) 2025/08/29 10:19:55 fetching corpus: 436, signal 71515/83388 (executing program) 2025/08/29 10:19:55 fetching corpus: 486, signal 75379/87936 (executing program) 2025/08/29 10:19:55 fetching corpus: 536, signal 78078/91389 (executing program) 2025/08/29 10:19:55 fetching corpus: 586, signal 80694/94706 (executing program) 2025/08/29 10:19:55 fetching corpus: 636, signal 82520/97347 (executing program) 2025/08/29 10:19:55 fetching corpus: 686, signal 84658/100165 (executing program) 2025/08/29 10:19:55 fetching corpus: 736, signal 86746/102883 (executing program) 2025/08/29 10:19:55 fetching corpus: 786, signal 88311/105117 (executing program) 2025/08/29 10:19:55 fetching corpus: 836, signal 90509/107825 (executing program) 2025/08/29 10:19:56 fetching corpus: 886, signal 92058/110001 (executing program) 2025/08/29 10:19:56 fetching corpus: 936, signal 93282/111872 (executing program) 2025/08/29 10:19:56 fetching corpus: 986, signal 94863/114007 (executing program) 2025/08/29 10:19:56 fetching corpus: 1036, signal 97941/117178 (executing program) 2025/08/29 10:19:56 fetching corpus: 1086, signal 99562/119257 (executing program) 2025/08/29 10:19:56 fetching corpus: 1136, signal 100914/121095 (executing program) 2025/08/29 10:19:56 fetching corpus: 1186, signal 102115/122801 (executing program) 2025/08/29 10:19:56 fetching corpus: 1236, signal 103262/124426 (executing program) 2025/08/29 10:19:56 fetching corpus: 1286, signal 104351/126052 (executing program) 2025/08/29 10:19:56 fetching corpus: 1336, signal 105751/127792 (executing program) 2025/08/29 10:19:56 fetching corpus: 1386, signal 107191/129517 (executing program) 2025/08/29 10:19:57 fetching corpus: 1436, signal 108429/131139 (executing program) 2025/08/29 10:19:57 fetching corpus: 1486, signal 109697/132706 (executing program) 2025/08/29 10:19:57 fetching corpus: 1534, signal 111252/134462 (executing program) 2025/08/29 10:19:57 fetching corpus: 1584, signal 112233/135812 (executing program) 2025/08/29 10:19:57 fetching corpus: 1634, signal 113866/137533 (executing program) 2025/08/29 10:19:57 fetching corpus: 1684, signal 115197/139000 (executing program) 2025/08/29 10:19:57 fetching corpus: 1734, signal 116992/140693 (executing program) 2025/08/29 10:19:57 fetching corpus: 1784, signal 117685/141733 (executing program) 2025/08/29 10:19:57 fetching corpus: 1834, signal 118737/143020 (executing program) 2025/08/29 10:19:57 fetching corpus: 1884, signal 119867/144323 (executing program) 2025/08/29 10:19:57 fetching corpus: 1934, signal 121220/145655 (executing program) 2025/08/29 10:19:57 fetching corpus: 1984, signal 121863/146610 (executing program) 2025/08/29 10:19:58 fetching corpus: 2034, signal 123172/147867 (executing program) 2025/08/29 10:19:58 fetching corpus: 2084, signal 124031/148926 (executing program) 2025/08/29 10:19:58 fetching corpus: 2134, signal 124702/149865 (executing program) 2025/08/29 10:19:58 fetching corpus: 2183, signal 126020/151098 (executing program) 2025/08/29 10:19:58 fetching corpus: 2232, signal 126816/152025 (executing program) 2025/08/29 10:19:58 fetching corpus: 2281, signal 127431/152817 (executing program) 2025/08/29 10:19:58 fetching corpus: 2331, signal 128681/153892 (executing program) 2025/08/29 10:19:58 fetching corpus: 2381, signal 129554/154794 (executing program) 2025/08/29 10:19:58 fetching corpus: 2429, signal 130167/155552 (executing program) 2025/08/29 10:19:58 fetching corpus: 2479, signal 131132/156430 (executing program) 2025/08/29 10:19:58 fetching corpus: 2529, signal 131713/157174 (executing program) 2025/08/29 10:19:59 fetching corpus: 2579, signal 132268/157863 (executing program) 2025/08/29 10:19:59 fetching corpus: 2629, signal 132885/158608 (executing program) 2025/08/29 10:19:59 fetching corpus: 2679, signal 133770/159419 (executing program) 2025/08/29 10:19:59 fetching corpus: 2729, signal 134419/160129 (executing program) 2025/08/29 10:19:59 fetching corpus: 2779, signal 135224/160836 (executing program) 2025/08/29 10:19:59 fetching corpus: 2828, signal 137569/162046 (executing program) 2025/08/29 10:19:59 fetching corpus: 2878, signal 138352/162725 (executing program) 2025/08/29 10:19:59 fetching corpus: 2927, signal 138879/163340 (executing program) 2025/08/29 10:19:59 fetching corpus: 2976, signal 139836/164042 (executing program) 2025/08/29 10:19:59 fetching corpus: 3026, signal 140563/164637 (executing program) 2025/08/29 10:20:00 fetching corpus: 3076, signal 141254/165208 (executing program) 2025/08/29 10:20:00 fetching corpus: 3126, signal 141940/165775 (executing program) 2025/08/29 10:20:00 fetching corpus: 3176, signal 142526/166278 (executing program) 2025/08/29 10:20:00 fetching corpus: 3226, signal 143483/166905 (executing program) 2025/08/29 10:20:00 fetching corpus: 3276, signal 144128/167451 (executing program) 2025/08/29 10:20:00 fetching corpus: 3326, signal 144931/167935 (executing program) 2025/08/29 10:20:00 fetching corpus: 3376, signal 145666/168425 (executing program) 2025/08/29 10:20:00 fetching corpus: 3426, signal 146318/168834 (executing program) 2025/08/29 10:20:00 fetching corpus: 3476, signal 146757/169259 (executing program) 2025/08/29 10:20:00 fetching corpus: 3525, signal 147449/169689 (executing program) 2025/08/29 10:20:01 fetching corpus: 3575, signal 147970/170098 (executing program) 2025/08/29 10:20:01 fetching corpus: 3625, signal 148705/170512 (executing program) 2025/08/29 10:20:01 fetching corpus: 3675, signal 149304/170881 (executing program) 2025/08/29 10:20:01 fetching corpus: 3725, signal 149823/171247 (executing program) 2025/08/29 10:20:01 fetching corpus: 3774, signal 150245/171606 (executing program) 2025/08/29 10:20:01 fetching corpus: 3824, signal 150886/171959 (executing program) 2025/08/29 10:20:01 fetching corpus: 3874, signal 151439/172268 (executing program) 2025/08/29 10:20:01 fetching corpus: 3924, signal 151980/172612 (executing program) 2025/08/29 10:20:01 fetching corpus: 3974, signal 152507/172908 (executing program) 2025/08/29 10:20:01 fetching corpus: 4024, signal 153039/173164 (executing program) 2025/08/29 10:20:01 fetching corpus: 4074, signal 153502/173417 (executing program) 2025/08/29 10:20:02 fetching corpus: 4124, signal 153894/173653 (executing program) 2025/08/29 10:20:02 fetching corpus: 4174, signal 154689/173753 (executing program) 2025/08/29 10:20:02 fetching corpus: 4224, signal 155266/173813 (executing program) 2025/08/29 10:20:02 fetching corpus: 4274, signal 156077/173840 (executing program) 2025/08/29 10:20:02 fetching corpus: 4324, signal 156820/173840 (executing program) 2025/08/29 10:20:02 fetching corpus: 4374, signal 157465/173851 (executing program) 2025/08/29 10:20:02 fetching corpus: 4423, signal 157902/173874 (executing program) 2025/08/29 10:20:02 fetching corpus: 4473, signal 158348/173920 (executing program) 2025/08/29 10:20:02 fetching corpus: 4523, signal 158824/173932 (executing program) 2025/08/29 10:20:02 fetching corpus: 4573, signal 159226/173944 (executing program) 2025/08/29 10:20:03 fetching corpus: 4623, signal 159763/173970 (executing program) 2025/08/29 10:20:03 fetching corpus: 4673, signal 160294/173984 (executing program) 2025/08/29 10:20:03 fetching corpus: 4723, signal 161114/174035 (executing program) 2025/08/29 10:20:03 fetching corpus: 4773, signal 161808/174043 (executing program) 2025/08/29 10:20:03 fetching corpus: 4823, signal 162155/174052 (executing program) 2025/08/29 10:20:03 fetching corpus: 4872, signal 162976/174217 (executing program) 2025/08/29 10:20:03 fetching corpus: 4922, signal 163404/174241 (executing program) 2025/08/29 10:20:03 fetching corpus: 4972, signal 163780/174268 (executing program) 2025/08/29 10:20:03 fetching corpus: 5022, signal 164234/174279 (executing program) 2025/08/29 10:20:03 fetching corpus: 5072, signal 164534/174279 (executing program) 2025/08/29 10:20:04 fetching corpus: 5122, signal 164973/174298 (executing program) 2025/08/29 10:20:04 fetching corpus: 5172, signal 165260/174303 (executing program) 2025/08/29 10:20:04 fetching corpus: 5222, signal 165684/174316 (executing program) 2025/08/29 10:20:04 fetching corpus: 5272, signal 166052/174331 (executing program) 2025/08/29 10:20:04 fetching corpus: 5322, signal 166513/174336 (executing program) 2025/08/29 10:20:04 fetching corpus: 5372, signal 167009/174357 (executing program) 2025/08/29 10:20:04 fetching corpus: 5422, signal 167357/174371 (executing program) 2025/08/29 10:20:04 fetching corpus: 5472, signal 167747/174382 (executing program) 2025/08/29 10:20:04 fetching corpus: 5522, signal 168021/174392 (executing program) 2025/08/29 10:20:04 fetching corpus: 5572, signal 168272/174401 (executing program) 2025/08/29 10:20:04 fetching corpus: 5622, signal 168570/174403 (executing program) 2025/08/29 10:20:05 fetching corpus: 5672, signal 168919/174413 (executing program) 2025/08/29 10:20:05 fetching corpus: 5722, signal 169224/174413 (executing program) 2025/08/29 10:20:05 fetching corpus: 5772, signal 169555/174439 (executing program) 2025/08/29 10:20:05 fetching corpus: 5822, signal 169890/174449 (executing program) 2025/08/29 10:20:05 fetching corpus: 5872, signal 170262/174455 (executing program) 2025/08/29 10:20:05 fetching corpus: 5921, signal 170757/174532 (executing program) 2025/08/29 10:20:05 fetching corpus: 5971, signal 171004/174540 (executing program) 2025/08/29 10:20:05 fetching corpus: 6021, signal 171367/174569 (executing program) 2025/08/29 10:20:05 fetching corpus: 6071, signal 171766/174585 (executing program) 2025/08/29 10:20:05 fetching corpus: 6121, signal 172109/174594 (executing program) 2025/08/29 10:20:06 fetching corpus: 6153, signal 172287/174594 (executing program) 2025/08/29 10:20:06 fetching corpus: 6153, signal 172287/174594 (executing program) 2025/08/29 10:20:08 starting 8 fuzzer processes 10:20:08 executing program 0: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RLINK(r0, &(0x7f00000000c0)={0x7}, 0x7) fcntl$setpipe(r0, 0x407, 0x0) fcntl$setpipe(r0, 0x407, 0x0) 10:20:08 executing program 1: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000001480)={0x0, 0x1}) 10:20:08 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 10:20:08 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) 10:20:08 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000000)=0x3, 0x4) 10:20:08 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fdatasync(r0) 10:20:08 executing program 3: clock_gettime(0x0, &(0x7f0000000000)) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x227b, &(0x7f0000000000)) read(r0, 0x0, 0x23) 10:20:08 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) poll(0x0, 0x0, 0x0) [ 75.531153] audit: type=1400 audit(1756462808.865:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 76.845102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.848175] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.850238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.852236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.853921] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.858160] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.864078] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.865424] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.869423] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.877849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.915366] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.923934] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.925300] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.929872] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.931020] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.935231] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.938400] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.940714] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.943486] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.945401] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.951031] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.953306] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.954501] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.955904] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.960802] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.961167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.961935] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.966125] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.970839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.975649] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.980098] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.980135] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.985865] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.986883] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.988481] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.001868] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.011977] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.014482] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.055032] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.065272] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.934225] Bluetooth: hci1: command tx timeout [ 78.934250] Bluetooth: hci0: command tx timeout [ 79.061749] Bluetooth: hci3: command tx timeout [ 79.061754] Bluetooth: hci5: command tx timeout [ 79.062688] Bluetooth: hci6: command tx timeout [ 79.063872] Bluetooth: hci2: command tx timeout [ 79.125752] Bluetooth: hci7: command tx timeout [ 79.127266] Bluetooth: hci4: command tx timeout [ 80.981627] Bluetooth: hci0: command tx timeout [ 80.982091] Bluetooth: hci1: command tx timeout [ 81.109711] Bluetooth: hci3: command tx timeout [ 81.110172] Bluetooth: hci2: command tx timeout [ 81.111572] Bluetooth: hci6: command tx timeout [ 81.111955] Bluetooth: hci5: command tx timeout [ 81.173650] Bluetooth: hci7: command tx timeout [ 81.173710] Bluetooth: hci4: command tx timeout [ 83.031585] Bluetooth: hci1: command tx timeout [ 83.031606] Bluetooth: hci0: command tx timeout [ 83.157625] Bluetooth: hci2: command tx timeout [ 83.157717] Bluetooth: hci5: command tx timeout [ 83.158420] Bluetooth: hci6: command tx timeout [ 83.158883] Bluetooth: hci3: command tx timeout [ 83.221727] Bluetooth: hci4: command tx timeout [ 83.222192] Bluetooth: hci7: command tx timeout [ 85.077595] Bluetooth: hci1: command tx timeout [ 85.078070] Bluetooth: hci0: command tx timeout [ 85.205744] Bluetooth: hci5: command tx timeout [ 85.206223] Bluetooth: hci3: command tx timeout [ 85.207432] Bluetooth: hci2: command tx timeout [ 85.207948] Bluetooth: hci6: command tx timeout [ 85.269643] Bluetooth: hci4: command tx timeout [ 85.270115] Bluetooth: hci7: command tx timeout [ 116.911065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.911768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.083255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.083898] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.301087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.301686] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.454353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.455609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:20:50 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) poll(0x0, 0x0, 0x0) [ 117.627357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.627996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:20:50 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) poll(0x0, 0x0, 0x0) 10:20:51 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) poll(0x0, 0x0, 0x0) [ 117.781429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.782604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:20:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610500000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010007ae770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020007ae770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020007ae770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20007ae770325132510000e7703251070064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e2020202020202020202010007ae770325132510000e77032510300000000002e2e20202020202020202010007ae770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020007ae770325132510000e770325104001a040000", 0x80, 0x15000}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x19000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x1d000}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x25000}], 0x0, &(0x7f0000011000)) [ 117.935805] loop6: detected capacity change from 0 to 592 10:20:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610500000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010007ae770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020007ae770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020007ae770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20007ae770325132510000e7703251070064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e2020202020202020202010007ae770325132510000e77032510300000000002e2e20202020202020202010007ae770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020007ae770325132510000e770325104001a040000", 0x80, 0x15000}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x19000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x1d000}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x25000}], 0x0, &(0x7f0000011000)) [ 118.104891] loop6: detected capacity change from 0 to 592 10:20:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610500000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010007ae770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020007ae770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020007ae770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20007ae770325132510000e7703251070064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e2020202020202020202010007ae770325132510000e77032510300000000002e2e20202020202020202010007ae770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020007ae770325132510000e770325104001a040000", 0x80, 0x15000}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x19000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x1d000}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x25000}], 0x0, &(0x7f0000011000)) [ 118.319745] loop6: detected capacity change from 0 to 592 10:20:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610500000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f7366cef82e00080820000200008000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010007ae770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020007ae770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020007ae770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20007ae770325132510000e7703251070064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e2020202020202020202010007ae770325132510000e77032510300000000002e2e20202020202020202010007ae770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020007ae770325132510000e770325104001a040000", 0x80, 0x15000}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x19000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x1d000}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x25000}], 0x0, &(0x7f0000011000)) 10:20:51 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000000)=0x3, 0x4) [ 118.547458] loop6: detected capacity change from 0 to 592 [ 119.005979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.006775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.174356] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.175028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.245206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.245930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.352290] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.353370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.463461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.464129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.549594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.550247] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.785158] audit: type=1400 audit(1756462853.115:8): avc: denied { open } for pid=3889 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.796911] audit: type=1400 audit(1756462853.116:9): avc: denied { kernel } for pid=3889 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 120.051196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.052409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.095833] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.096467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.391234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.392209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.431153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.432144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:20:53 executing program 0: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RLINK(r0, &(0x7f00000000c0)={0x7}, 0x7) fcntl$setpipe(r0, 0x407, 0x0) fcntl$setpipe(r0, 0x407, 0x0) 10:20:53 executing program 3: clock_gettime(0x0, &(0x7f0000000000)) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x227b, &(0x7f0000000000)) read(r0, 0x0, 0x23) 10:20:53 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 10:20:53 executing program 1: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000001480)={0x0, 0x1}) 10:20:53 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fdatasync(r0) 10:20:53 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) 10:20:53 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000000)=0x3, 0x4) 10:20:53 executing program 6: r0 = memfd_create(&(0x7f0000000000)='{{*\x00', 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) dup2(r0, r1) lseek(r1, 0x1, 0x1) 10:20:54 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000000)=0x3, 0x4) 10:20:54 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fdatasync(r0) 10:20:54 executing program 0: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RLINK(r0, &(0x7f00000000c0)={0x7}, 0x7) fcntl$setpipe(r0, 0x407, 0x0) fcntl$setpipe(r0, 0x407, 0x0) 10:20:54 executing program 1: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000001480)={0x0, 0x1}) 10:20:54 executing program 6: r0 = memfd_create(&(0x7f0000000000)='{{*\x00', 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) dup2(r0, r1) lseek(r1, 0x1, 0x1) 10:20:54 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) 10:20:54 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) 10:20:54 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r1, 0x0) splice(r1, 0x0, r0, 0x0, 0xaffff7ffffc, 0x0) 10:20:54 executing program 3: clock_gettime(0x0, &(0x7f0000000000)) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x227b, &(0x7f0000000000)) read(r0, 0x0, 0x23) 10:20:54 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fdatasync(r0) 10:20:54 executing program 1: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000001480)={0x0, 0x1}) 10:20:54 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) [ 121.658559] kmemleak: Found object by alias at 0x607f1a6396c4 [ 121.658579] CPU: 0 UID: 0 PID: 3941 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.658597] Tainted: [W]=WARN [ 121.658601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.658608] Call Trace: [ 121.658612] [ 121.658617] dump_stack_lvl+0xca/0x120 [ 121.658642] __lookup_object+0x94/0xb0 [ 121.658659] delete_object_full+0x27/0x70 [ 121.658675] free_percpu+0x30/0x1160 [ 121.658691] ? arch_uprobe_clear_state+0x16/0x140 [ 121.658711] futex_hash_free+0x38/0xc0 [ 121.658726] mmput+0x2d3/0x390 [ 121.658744] do_exit+0x79d/0x2970 [ 121.658758] ? signal_wake_up_state+0x85/0x120 [ 121.658774] ? zap_other_threads+0x2b9/0x3a0 [ 121.658789] ? __pfx_do_exit+0x10/0x10 [ 121.658802] ? do_group_exit+0x1c3/0x2a0 [ 121.658815] ? lock_release+0xc8/0x290 [ 121.658832] do_group_exit+0xd3/0x2a0 [ 121.658846] __x64_sys_exit_group+0x3e/0x50 [ 121.658860] x64_sys_call+0x18c5/0x18d0 [ 121.658875] do_syscall_64+0xbf/0x360 [ 121.658887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.658899] RIP: 0033:0x7f11f6265b19 [ 121.658907] Code: Unable to access opcode bytes at 0x7f11f6265aef. [ 121.658913] RSP: 002b:00007ffe36fa11d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 121.658924] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f11f6265b19 [ 121.658932] RDX: 00007f11f621872b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 121.658939] RBP: 0000000000000000 R08: 0000001b2cf24174 R09: 0000000000000000 [ 121.658946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.658952] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe36fa12c0 [ 121.658968] [ 121.658972] kmemleak: Object (percpu) 0x607f1a6396c0 (size 8): [ 121.658978] kmemleak: comm "syz-executor.4", pid 3948, jiffies 4294788350 [ 121.658985] kmemleak: min_count = 1 [ 121.658989] kmemleak: count = 0 [ 121.658993] kmemleak: flags = 0x21 [ 121.658996] kmemleak: checksum = 0 [ 121.659000] kmemleak: backtrace: [ 121.659003] pcpu_alloc_noprof+0x87a/0x1170 [ 121.659018] perf_trace_event_init+0x366/0xa10 [ 121.659032] perf_trace_init+0x1a4/0x2f0 [ 121.659043] perf_tp_event_init+0xa6/0x120 [ 121.659058] perf_try_init_event+0x140/0x9f0 [ 121.659071] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.659088] __do_sys_perf_event_open+0x719/0x2c20 [ 121.659100] do_syscall_64+0xbf/0x360 [ 121.659108] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:20:55 executing program 6: r0 = memfd_create(&(0x7f0000000000)='{{*\x00', 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) dup2(r0, r1) lseek(r1, 0x1, 0x1) 10:20:55 executing program 0: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RLINK(r0, &(0x7f00000000c0)={0x7}, 0x7) fcntl$setpipe(r0, 0x407, 0x0) fcntl$setpipe(r0, 0x407, 0x0) 10:20:55 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd(0x0) read$eventfd(r0, &(0x7f0000000000), 0x8) write$eventfd(r0, &(0x7f0000000100)=0x2, 0x8) [ 121.742202] BUG: unable to handle page fault for address: ffffed10212c935e [ 121.742781] #PF: supervisor read access in kernel mode [ 121.743201] #PF: error_code(0x0000) - not-present page [ 121.743635] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 121.744100] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 121.744789] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.746608] Tainted: [W]=WARN [ 121.747165] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.748524] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.749442] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.753361] RSP: 0018:ffff8880468cf800 EFLAGS: 00010212 [ 121.753801] RAX: 1ffff110212c935e RBX: ffff888109649900 RCX: ffffc900023f3000 [ 121.754377] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109649af0 [ 121.754944] RBP: ffff8880468cfa70 R08: ffff88806ce31340 R09: ffffe8ffffc166c0 [ 121.755477] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.756002] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.756529] FS: 00007f11f37db700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.757124] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.757557] CR2: ffffed10212c935e CR3: 0000000009f08000 CR4: 0000000000350ef0 [ 121.758085] Call Trace: [ 121.758287] [ 121.758460] ? perf_swevent_event+0x63/0x3f0 [ 121.758802] ? __pfx_perf_tp_event+0x10/0x10 [ 121.759142] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.759519] ? perf_swevent_event+0x63/0x3f0 [ 121.759856] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.760232] ? perf_swevent_event+0x63/0x3f0 [ 121.760571] ? perf_tp_event+0x807/0xe70 [ 121.760885] ? __pfx_perf_tp_event+0x10/0x10 [ 121.761224] ? __perf_install_in_context+0x503/0xb90 [ 121.761608] ? do_raw_spin_unlock+0x53/0x220 [ 121.761950] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.762332] perf_trace_run_bpf_submit+0xef/0x180 [ 121.762703] perf_trace_lock+0x337/0x5d0 [ 121.763017] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.763365] ? lock_acquire+0x15e/0x2f0 [ 121.763667] ? futex_ref_get+0x48/0x300 [ 121.763968] ? futex_ref_get+0x114/0x300 [ 121.764273] ? futex_hash+0x15c/0x390 [ 121.764561] lock_release+0x1ab/0x290 [ 121.764853] ? futex_hash+0x15c/0x390 [ 121.765141] futex_ref_get+0x119/0x300 [ 121.765435] ? futex_hash+0x15c/0x390 [ 121.765727] futex_hash+0x70/0x390 [ 121.765999] futex_wake+0x143/0x540 [ 121.766285] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.766632] ? __pfx_futex_wake+0x10/0x10 [ 121.766949] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 121.767329] ? lock_release+0xc8/0x290 [ 121.767626] do_futex+0x26d/0x370 [ 121.767895] ? __pfx_do_futex+0x10/0x10 [ 121.768196] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 121.768598] ? find_held_lock+0x2b/0x80 [ 121.768906] __x64_sys_futex+0x1c9/0x4d0 [ 121.769215] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.769561] ? xfd_validate_state+0x55/0x180 [ 121.769905] do_syscall_64+0xbf/0x360 [ 121.770204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.770589] RIP: 0033:0x7f11f6265b19 [ 121.770872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.772200] RSP: 002b:00007f11f37db218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.772759] RAX: ffffffffffffffda RBX: 00007f11f6378f68 RCX: 00007f11f6265b19 [ 121.773282] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f11f6378f6c [ 121.773810] RBP: 00007f11f6378f60 R08: 000000000000000e R09: 0000000000000000 [ 121.774339] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f11f6378f6c [ 121.774866] R13: 00007ffe36fa0faf R14: 00007f11f37db300 R15: 0000000000022000 [ 121.775403] [ 121.775582] Modules linked in: [ 121.775830] CR2: ffffed10212c935e [ 121.776090] ---[ end trace 0000000000000000 ]--- [ 121.776096] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 121.776438] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.777747] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.778089] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.778964] CPU: 1 UID: 0 PID: 3953 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.780279] RSP: 0018:ffff8880468cf800 EFLAGS: 00010212 [ 121.781645] Tainted: [D]=DIE, [W]=WARN [ 121.782033] RAX: 1ffff110212c935e RBX: ffff888109649900 RCX: ffffc900023f3000 [ 121.782495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.783012] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109649af0 [ 121.783958] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.784480] RBP: ffff8880468cfa70 R08: ffff88806ce31340 R09: ffffe8ffffc166c0 [ 121.785013] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.785530] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.787628] RSP: 0018:ffff888017a4f800 EFLAGS: 00010212 [ 121.788147] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.788151] [ 121.788159] FS: 00007f11f37db700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.788763] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.789281] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.789484] RDX: ffff88801592b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.790067] CR2: ffffed10212c935e CR3: 0000000009f08000 CR4: 0000000000350ef0 [ 121.790884] RBP: ffff888017a4fa70 R08: ffff88806cf31340 R09: ffffe8ffffd166c0 [ 121.791307] note: syz-executor.5[3959] exited with irqs disabled [ 121.792125] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.794985] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.795814] FS: 0000555570bf2400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.796747] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.797429] CR2: 00007f2b27593000 CR3: 000000000ce71000 CR4: 0000000000350ef0 [ 121.798289] Call Trace: [ 121.798601] [ 121.798869] ? __pfx_native_flush_tlb_one_user+0x10/0x10 [ 121.799523] ? __pfx_perf_tp_event+0x10/0x10 [ 121.800060] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.800715] ? __pfx_flush_tlb_func+0x10/0x10 [ 121.801255] ? __pfx_flush_tlb_func+0x10/0x10 [ 121.801792] ? smp_call_function_many_cond+0x332/0x1110 [ 121.802449] ? __pfx_should_flush_tlb+0x10/0x10 [ 121.803006] ? __pfx_flush_tlb_func+0x10/0x10 [ 121.803555] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 121.804232] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.804781] ? page_ref_add_unless.constprop.0+0x118/0x390 [ 121.805448] ? __pfx_flush_tlb_func+0x10/0x10 [ 121.805986] ? perf_trace_lock+0xb5/0x5d0 [ 121.806499] ? perf_trace_lock+0xb5/0x5d0 [ 121.806993] ? css_rstat_updated+0x1b8/0x4d0 [ 121.807535] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.808137] perf_trace_run_bpf_submit+0xef/0x180 [ 121.808715] perf_trace_lock+0x337/0x5d0 [ 121.809214] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.809755] ? do_wp_page+0xb30/0x3430 [ 121.810247] ? get_futex_key+0x592/0x14a0 [ 121.810734] ? futex_ref_get+0x114/0x300 [ 121.811219] ? futex_hash+0x15c/0x390 [ 121.811670] lock_release+0x1ab/0x290 [ 121.812142] ? futex_hash+0x15c/0x390 [ 121.812596] futex_ref_get+0x119/0x300 [ 121.813063] ? futex_hash+0x15c/0x390 [ 121.813518] futex_hash+0x70/0x390 [ 121.813945] futex_wake+0x143/0x540 [ 121.814407] ? ___pte_offset_map+0x176/0x370 [ 121.814934] ? __pfx_futex_wake+0x10/0x10 [ 121.815437] ? __handle_mm_fault+0x753/0x3260 [ 121.815975] ? perf_trace_lock+0xb5/0x5d0 [ 121.816484] ? __pfx___handle_mm_fault+0x10/0x10 [ 121.817064] do_futex+0x26d/0x370 [ 121.817487] ? __pfx_do_futex+0x10/0x10 [ 121.817957] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.818522] ? handle_mm_fault+0x590/0x9b0 [ 121.819037] __x64_sys_futex+0x1c9/0x4d0 [ 121.819533] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.820088] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.820701] do_syscall_64+0xbf/0x360 [ 121.821170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.821770] RIP: 0033:0x7f2b27483b19 [ 121.822232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.824330] RSP: 002b:00007fff097859f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.825220] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2b27483b19 [ 121.826050] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2b27596f68 [ 121.826891] RBP: 00007f2b27596f60 R08: 0000001b2d32001c R09: 0000000000000000 [ 121.827718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2b2759b1f8 [ 121.828545] R13: 00007fff09785b00 R14: 00007f2b27596f60 R15: 000000000001dadc [ 121.829395] [ 121.829674] Modules linked in: [ 121.830070] BUG: unable to handle page fault for address: ffffed10212c935e [ 121.830586] #PF: supervisor read access in kernel mode [ 121.830970] #PF: error_code(0x0000) - not-present page [ 121.831352] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 121.831769] Oops: Oops: 0000 [#3] SMP KASAN NOPTI [ 121.832128] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.832995] Tainted: [D]=DIE, [W]=WARN [ 121.833279] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.833877] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.834237] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.835556] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 121.835947] RAX: 1ffff110212c935e RBX: ffff888109649900 RCX: 0000000000000002 [ 121.836469] RDX: ffff8880459c3700 RSI: ffffffff818995b7 RDI: ffff888109649af0 [ 121.836990] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc166c0 [ 121.837511] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 121.838031] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 121.838561] FS: 00007f11f37db700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.839147] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.839574] CR2: ffffed10212c935e CR3: 0000000009f08000 CR4: 0000000000350ef0 [ 121.840095] Call Trace: [ 121.840289] [ 121.840455] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.840856] ? arch_stack_walk+0x9c/0xf0 [ 121.841162] ? __pfx_perf_tp_event+0x10/0x10 [ 121.841495] ? sched_clock_cpu+0x6c/0x4e0 [ 121.841811] ? trace_pelt_se_tp+0xdf/0x130 [ 121.842137] ? __update_load_avg_se+0x428/0xa40 [ 121.842492] ? match_held_lock+0xb1/0xd0 [ 121.842805] ? update_load_avg+0x17d/0x1ef0 [ 121.843128] ? perf_trace_lock+0xb5/0x5d0 [ 121.843441] ? perf_trace_lock+0xb5/0x5d0 [ 121.843752] ? update_cfs_group+0x11d/0x260 [ 121.844076] ? kvm_sched_clock_read+0x16/0x30 [ 121.844417] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.844761] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.845107] ? lock_is_held_type+0x9e/0x120 [ 121.845436] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.845812] perf_trace_run_bpf_submit+0xef/0x180 [ 121.846185] perf_trace_lock+0x337/0x5d0 [ 121.846495] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.846842] ? hrtimer_interrupt+0x114/0x830 [ 121.847184] lock_release+0x1ab/0x290 [ 121.847475] ktime_get_update_offsets_now+0xab/0x3c0 [ 121.847867] ? hrtimer_interrupt+0x114/0x830 [ 121.848200] hrtimer_interrupt+0x114/0x830 [ 121.848519] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 121.848884] ? trace_csd_function_exit+0x134/0x190 [ 121.849256] ? __flush_smp_call_function_queue+0x443/0x740 [ 121.849676] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 121.850063] sysvec_apic_timer_interrupt+0x6b/0x80 [ 121.850438] [ 121.850621] [ 121.850802] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 121.851209] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 121.851578] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 121.852972] RSP: 0018:ffff8880468cff28 EFLAGS: 00000246 [ 121.853383] RAX: 0000000000000001 RBX: ffff8880459c3700 RCX: ffffffff817c2b86 [ 121.853934] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 121.854493] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 121.855043] R10: ffffffff8643ac57 R11: 3030303030302043 R12: ffff8880459c3700 [ 121.855592] R13: 0000000000000009 R14: ffff8880468cf7e0 R15: 0000000000000000 [ 121.856146] ? trace_irq_enable.constprop.0+0x26/0x100 [ 121.856556] ? make_task_dead+0x214/0x3b0 [ 121.856885] ? make_task_dead+0x214/0x3b0 [ 121.857209] ? do_syscall_64+0xbf/0x360 [ 121.857519] rewind_stack_and_make_dead+0x16/0x20 [ 121.857900] RIP: 0033:0x7f11f6265b19 [ 121.858199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.859589] RSP: 002b:00007f11f37db218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.860174] RAX: ffffffffffffffda RBX: 00007f11f6378f68 RCX: 00007f11f6265b19 [ 121.860724] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f11f6378f6c [ 121.861271] RBP: 00007f11f6378f60 R08: 000000000000000e R09: 0000000000000000 [ 121.861817] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f11f6378f6c [ 121.862374] R13: 00007ffe36fa0faf R14: 00007f11f37db300 R15: 0000000000022000 [ 121.862928] [ 121.863114] Modules linked in: [ 121.863369] CR2: ffffed10212c935e [ 121.863639] ---[ end trace 0000000000000000 ]--- [ 121.863643] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 121.864001] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.865238] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.865578] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.866460] CPU: 1 UID: 0 PID: 3953 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.867773] RSP: 0018:ffff8880468cf800 EFLAGS: 00010212 [ 121.869135] Tainted: [D]=DIE, [W]=WARN [ 121.869518] RAX: 1ffff110212c935e RBX: ffff888109649900 RCX: ffffc900023f3000 [ 121.869955] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.870482] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109649af0 [ 121.871425] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.871942] RBP: ffff8880468cfa70 R08: ffff88806ce31340 R09: ffffe8ffffc166c0 [ 121.872477] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.872994] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.875105] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 121.875622] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.875634] FS: 00007f11f37db700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.876319] [ 121.876838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.877758] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.877887] CR2: ffffed10212c935e CR3: 0000000009f08000 CR4: 0000000000350ef0 [ 121.878561] RDX: ffff88801592b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.879081] Kernel panic - not syncing: Fatal exception in interrupt [ 122.923010] Shutting down cpus with NMI [ 122.924776] Kernel Offset: disabled [ 122.925071] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:20:55 Registers: info registers vcpu 0 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880468cefa0 R8 =0000000000000000 R9 =ffffed1001477046 R10=000000000000005b R11=0000000065646f43 R12=000000000000005b R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f11f37db700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed10212c935e CR3=0000000009f08000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f11f634c7c000007f11f634c7c8 XMM02=00007f11f634c7e000007f11f634c7c0 XMM03=00007f11f634c7c800007f11f634c7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff888017a4f5b0 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11002f49eb7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888017a4f5e8 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555570bf2400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2b27593000 CR3=000000000ce71000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000ff0000000000 XMM01=00000000000000000000010000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f2b2756a7c800007f2b2756a7c0 XMM04=253d7367726100656d6172665f746365 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000