Warning: Permanently added '[localhost]:53341' (ECDSA) to the list of known hosts. 2025/09/01 09:07:37 fuzzer started 2025/09/01 09:07:38 dialing manager at localhost:35473 syzkaller login: [ 51.725419] cgroup: Unknown subsys name 'net' [ 51.794970] cgroup: Unknown subsys name 'cpuset' [ 51.813117] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:07:49 syscalls: 2214 2025/09/01 09:07:49 code coverage: enabled 2025/09/01 09:07:49 comparison tracing: enabled 2025/09/01 09:07:49 extra coverage: enabled 2025/09/01 09:07:49 setuid sandbox: enabled 2025/09/01 09:07:49 namespace sandbox: enabled 2025/09/01 09:07:49 Android sandbox: enabled 2025/09/01 09:07:49 fault injection: enabled 2025/09/01 09:07:49 leak checking: enabled 2025/09/01 09:07:49 net packet injection: enabled 2025/09/01 09:07:49 net device setup: enabled 2025/09/01 09:07:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:07:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:07:49 USB emulation: enabled 2025/09/01 09:07:49 hci packet injection: enabled 2025/09/01 09:07:49 wifi device emulation: enabled 2025/09/01 09:07:49 802.15.4 emulation: enabled 2025/09/01 09:07:49 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:07:49 fetching corpus: 50, signal 27869/31068 (executing program) 2025/09/01 09:07:49 fetching corpus: 100, signal 34604/39116 (executing program) 2025/09/01 09:07:49 fetching corpus: 150, signal 42629/48270 (executing program) 2025/09/01 09:07:50 fetching corpus: 200, signal 50819/57297 (executing program) 2025/09/01 09:07:50 fetching corpus: 250, signal 53596/61140 (executing program) 2025/09/01 09:07:50 fetching corpus: 300, signal 60462/68572 (executing program) 2025/09/01 09:07:50 fetching corpus: 350, signal 64554/73359 (executing program) 2025/09/01 09:07:50 fetching corpus: 400, signal 68954/78281 (executing program) 2025/09/01 09:07:50 fetching corpus: 450, signal 72047/82003 (executing program) 2025/09/01 09:07:50 fetching corpus: 500, signal 76216/86536 (executing program) 2025/09/01 09:07:50 fetching corpus: 550, signal 79933/90596 (executing program) 2025/09/01 09:07:51 fetching corpus: 600, signal 82012/93252 (executing program) 2025/09/01 09:07:51 fetching corpus: 650, signal 84890/96430 (executing program) 2025/09/01 09:07:51 fetching corpus: 700, signal 87030/98945 (executing program) 2025/09/01 09:07:51 fetching corpus: 750, signal 89683/101806 (executing program) 2025/09/01 09:07:51 fetching corpus: 800, signal 91379/103852 (executing program) 2025/09/01 09:07:51 fetching corpus: 850, signal 93300/105986 (executing program) 2025/09/01 09:07:51 fetching corpus: 900, signal 95840/108528 (executing program) 2025/09/01 09:07:51 fetching corpus: 950, signal 99493/111848 (executing program) 2025/09/01 09:07:51 fetching corpus: 1000, signal 100789/113385 (executing program) 2025/09/01 09:07:52 fetching corpus: 1050, signal 101787/114658 (executing program) 2025/09/01 09:07:52 fetching corpus: 1100, signal 103112/116198 (executing program) 2025/09/01 09:07:52 fetching corpus: 1150, signal 103993/117339 (executing program) 2025/09/01 09:07:52 fetching corpus: 1200, signal 105661/119008 (executing program) 2025/09/01 09:07:52 fetching corpus: 1250, signal 106919/120403 (executing program) 2025/09/01 09:07:52 fetching corpus: 1300, signal 110249/123094 (executing program) 2025/09/01 09:07:52 fetching corpus: 1350, signal 111517/124336 (executing program) 2025/09/01 09:07:52 fetching corpus: 1400, signal 112803/125622 (executing program) 2025/09/01 09:07:52 fetching corpus: 1450, signal 114273/126933 (executing program) 2025/09/01 09:07:53 fetching corpus: 1500, signal 115544/128097 (executing program) 2025/09/01 09:07:53 fetching corpus: 1550, signal 116285/128948 (executing program) 2025/09/01 09:07:53 fetching corpus: 1600, signal 117804/130255 (executing program) 2025/09/01 09:07:53 fetching corpus: 1650, signal 119035/131304 (executing program) 2025/09/01 09:07:53 fetching corpus: 1700, signal 120199/132325 (executing program) 2025/09/01 09:07:53 fetching corpus: 1750, signal 121247/133168 (executing program) 2025/09/01 09:07:53 fetching corpus: 1800, signal 122183/133968 (executing program) 2025/09/01 09:07:53 fetching corpus: 1850, signal 122720/134588 (executing program) 2025/09/01 09:07:54 fetching corpus: 1900, signal 124069/135518 (executing program) 2025/09/01 09:07:54 fetching corpus: 1950, signal 125216/136361 (executing program) 2025/09/01 09:07:54 fetching corpus: 2000, signal 126001/137014 (executing program) 2025/09/01 09:07:54 fetching corpus: 2050, signal 127094/137718 (executing program) 2025/09/01 09:07:54 fetching corpus: 2100, signal 127846/138300 (executing program) 2025/09/01 09:07:54 fetching corpus: 2150, signal 128663/138867 (executing program) 2025/09/01 09:07:54 fetching corpus: 2200, signal 129544/139417 (executing program) 2025/09/01 09:07:54 fetching corpus: 2250, signal 130415/139947 (executing program) 2025/09/01 09:07:54 fetching corpus: 2300, signal 131074/140405 (executing program) 2025/09/01 09:07:54 fetching corpus: 2350, signal 131750/140815 (executing program) 2025/09/01 09:07:55 fetching corpus: 2400, signal 132725/141346 (executing program) 2025/09/01 09:07:55 fetching corpus: 2450, signal 133466/141760 (executing program) 2025/09/01 09:07:55 fetching corpus: 2500, signal 134359/142192 (executing program) 2025/09/01 09:07:55 fetching corpus: 2550, signal 135015/142539 (executing program) 2025/09/01 09:07:55 fetching corpus: 2600, signal 135694/142955 (executing program) 2025/09/01 09:07:55 fetching corpus: 2650, signal 136381/143281 (executing program) 2025/09/01 09:07:55 fetching corpus: 2700, signal 137165/143560 (executing program) 2025/09/01 09:07:55 fetching corpus: 2750, signal 137933/143847 (executing program) 2025/09/01 09:07:55 fetching corpus: 2800, signal 138319/144029 (executing program) 2025/09/01 09:07:56 fetching corpus: 2850, signal 138716/144213 (executing program) 2025/09/01 09:07:56 fetching corpus: 2900, signal 139246/144414 (executing program) 2025/09/01 09:07:56 fetching corpus: 2950, signal 139752/144593 (executing program) 2025/09/01 09:07:56 fetching corpus: 3000, signal 141864/144985 (executing program) 2025/09/01 09:07:56 fetching corpus: 3050, signal 142468/145128 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145256 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145299 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145336 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145379 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145417 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145453 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145495 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145531 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145570 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145593 (executing program) 2025/09/01 09:07:56 fetching corpus: 3089, signal 143065/145593 (executing program) 2025/09/01 09:07:59 starting 8 fuzzer processes 09:07:59 executing program 0: r0 = mq_open(&(0x7f00000001c0)='{#:E,,\x00\x9e\\\xe5\x9a\x86{w\x1f1\xfcN\x85U_0\x96\x13\xab\x12\b\x00\x00\x00\xfe\xc6\xf3y\x05\x8deeU?5\x19\x88\xef;:\xb2#\x1b\\\x98\xe6`k9D\xca\xd5\xd0s\xb5!.\x04+\xa3\xc4:\xdbj\xfb\x0f\xf1\xe0y\xe8+9\xa6#\x1e\xf0P\x8c#h\xbb\f\x0e\x18\x87\xc4\n\x92zK/\xe2\x10M8\x9a\xf0\x02\xab,\xb5\xc5\x81\x99\x00'/124, 0x41, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)) 09:07:59 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup2(r0, r0) setsockopt$bt_BT_VOICE(r1, 0x112, 0x10, 0x0, 0x0) 09:07:59 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@uid={'uid', 0x3d, 0xffffffffffffffff}}]}) 09:07:59 executing program 6: signalfd4(0xffffffffffffffff, &(0x7f00000003c0), 0x8, 0x0) 09:07:59 executing program 3: ioperm(0x800, 0x4, 0x100) ioperm(0x8, 0x800, 0x0) 09:07:59 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x8000, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:07:59 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x3e, 0x0, "2b8bdd7c4ddf64e573fb90df56398a1720f4258b059e1284a5e036e5b36663a4bb5f524aaa3cddc9979de0ac95be0cfe5d2da5789a5f0a9f69873c1d89b4a5c44047b1d152345682dc9509f6718ca65d"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x0, 0x0, "9e2550c22db3e71843aef7ed344e875f82ad11808b6f453b40abf8c2a09fbef9396c024d7e16ef99b6002dc647a600e4c072cbb15053db46562576eaffe309a49cae78a40c3b228860c5c66f4283c102"}, 0xd8) [ 72.799316] audit: type=1400 audit(1756717679.240:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:07:59 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}}], 0x1, 0x0) semget(0x1, 0x0, 0x0) [ 74.015106] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.017235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.022255] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.026860] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.028447] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.032834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.034329] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.037324] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.042939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.054065] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.217731] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.221218] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.223185] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.253202] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.262880] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.265713] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.267815] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.277257] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.281887] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.283370] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.298356] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.302430] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.317080] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.321141] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.323332] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.326239] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.334046] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.335431] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.339203] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.341270] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.345159] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.347054] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.351995] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.364347] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.370271] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.375131] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 74.388295] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.389945] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.397011] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.406556] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.111644] Bluetooth: hci0: command tx timeout [ 76.112911] Bluetooth: hci1: command tx timeout [ 76.367018] Bluetooth: hci3: command tx timeout [ 76.368178] Bluetooth: hci2: command tx timeout [ 76.430951] Bluetooth: hci7: command tx timeout [ 76.431885] Bluetooth: hci5: command tx timeout [ 76.432784] Bluetooth: hci4: command tx timeout [ 76.494841] Bluetooth: hci6: command tx timeout [ 78.158840] Bluetooth: hci0: command tx timeout [ 78.159293] Bluetooth: hci1: command tx timeout [ 78.416597] Bluetooth: hci2: command tx timeout [ 78.417366] Bluetooth: hci3: command tx timeout [ 78.478857] Bluetooth: hci4: command tx timeout [ 78.479313] Bluetooth: hci5: command tx timeout [ 78.479691] Bluetooth: hci7: command tx timeout [ 78.544770] Bluetooth: hci6: command tx timeout [ 80.206971] Bluetooth: hci0: command tx timeout [ 80.207418] Bluetooth: hci1: command tx timeout [ 80.463955] Bluetooth: hci3: command tx timeout [ 80.464388] Bluetooth: hci2: command tx timeout [ 80.526788] Bluetooth: hci7: command tx timeout [ 80.527171] Bluetooth: hci5: command tx timeout [ 80.527539] Bluetooth: hci4: command tx timeout [ 80.590788] Bluetooth: hci6: command tx timeout [ 82.255251] Bluetooth: hci1: command tx timeout [ 82.255693] Bluetooth: hci0: command tx timeout [ 82.510876] Bluetooth: hci2: command tx timeout [ 82.511307] Bluetooth: hci3: command tx timeout [ 82.574858] Bluetooth: hci4: command tx timeout [ 82.575262] Bluetooth: hci7: command tx timeout [ 82.575638] Bluetooth: hci5: command tx timeout [ 82.638886] Bluetooth: hci6: command tx timeout [ 111.249394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.250170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.371476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.372789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.503073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.503702] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.627402] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.628585] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.719348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.720019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:08:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x3e, 0x0, "2b8bdd7c4ddf64e573fb90df56398a1720f4258b059e1284a5e036e5b36663a4bb5f524aaa3cddc9979de0ac95be0cfe5d2da5789a5f0a9f69873c1d89b4a5c44047b1d152345682dc9509f6718ca65d"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x0, 0x0, "9e2550c22db3e71843aef7ed344e875f82ad11808b6f453b40abf8c2a09fbef9396c024d7e16ef99b6002dc647a600e4c072cbb15053db46562576eaffe309a49cae78a40c3b228860c5c66f4283c102"}, 0xd8) 09:08:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x3e, 0x0, "2b8bdd7c4ddf64e573fb90df56398a1720f4258b059e1284a5e036e5b36663a4bb5f524aaa3cddc9979de0ac95be0cfe5d2da5789a5f0a9f69873c1d89b4a5c44047b1d152345682dc9509f6718ca65d"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x0, 0x0, "9e2550c22db3e71843aef7ed344e875f82ad11808b6f453b40abf8c2a09fbef9396c024d7e16ef99b6002dc647a600e4c072cbb15053db46562576eaffe309a49cae78a40c3b228860c5c66f4283c102"}, 0xd8) [ 111.817790] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.818416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:08:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x3e, 0x0, "2b8bdd7c4ddf64e573fb90df56398a1720f4258b059e1284a5e036e5b36663a4bb5f524aaa3cddc9979de0ac95be0cfe5d2da5789a5f0a9f69873c1d89b4a5c44047b1d152345682dc9509f6718ca65d"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x0, 0x0, "9e2550c22db3e71843aef7ed344e875f82ad11808b6f453b40abf8c2a09fbef9396c024d7e16ef99b6002dc647a600e4c072cbb15053db46562576eaffe309a49cae78a40c3b228860c5c66f4283c102"}, 0xd8) [ 111.876085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.876714] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.968644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.970016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:08:38 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) [ 112.016835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.017454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:08:38 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) [ 112.077545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.078177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.114422] audit: type=1400 audit(1756717718.555:8): avc: denied { open } for pid=3886 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.116426] audit: type=1400 audit(1756717718.555:9): avc: denied { kernel } for pid=3886 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:08:38 executing program 3: ioperm(0x800, 0x4, 0x100) ioperm(0x8, 0x800, 0x0) 09:08:38 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) [ 112.173072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.173681] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:08:38 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x8000, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 112.207603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.208218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.290227] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.291974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.326983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.327578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.404076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.404675] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.454159] tmpfs: Bad value for 'uid' [ 112.454503] tmpfs: Bad value for 'uid' [ 112.456110] tmpfs: Bad value for 'uid' [ 112.456449] tmpfs: Bad value for 'uid' [ 112.462302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.463557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:08:39 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) 09:08:39 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_SERVICE(r0, 0x0, 0x0) 09:08:39 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x8000, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:08:39 executing program 3: ioperm(0x800, 0x4, 0x100) ioperm(0x8, 0x800, 0x0) 09:08:39 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@uid={'uid', 0x3d, 0xffffffffffffffff}}]}) 09:08:39 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}}], 0x1, 0x0) semget(0x1, 0x0, 0x0) 09:08:39 executing program 0: r0 = mq_open(&(0x7f00000001c0)='{#:E,,\x00\x9e\\\xe5\x9a\x86{w\x1f1\xfcN\x85U_0\x96\x13\xab\x12\b\x00\x00\x00\xfe\xc6\xf3y\x05\x8deeU?5\x19\x88\xef;:\xb2#\x1b\\\x98\xe6`k9D\xca\xd5\xd0s\xb5!.\x04+\xa3\xc4:\xdbj\xfb\x0f\xf1\xe0y\xe8+9\xa6#\x1e\xf0P\x8c#h\xbb\f\x0e\x18\x87\xc4\n\x92zK/\xe2\x10M8\x9a\xf0\x02\xab,\xb5\xc5\x81\x99\x00'/124, 0x41, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)) 09:08:39 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup2(r0, r0) setsockopt$bt_BT_VOICE(r1, 0x112, 0x10, 0x0, 0x0) [ 112.626522] tmpfs: Bad value for 'uid' [ 112.626910] tmpfs: Bad value for 'uid' 09:08:39 executing program 0: r0 = mq_open(&(0x7f00000001c0)='{#:E,,\x00\x9e\\\xe5\x9a\x86{w\x1f1\xfcN\x85U_0\x96\x13\xab\x12\b\x00\x00\x00\xfe\xc6\xf3y\x05\x8deeU?5\x19\x88\xef;:\xb2#\x1b\\\x98\xe6`k9D\xca\xd5\xd0s\xb5!.\x04+\xa3\xc4:\xdbj\xfb\x0f\xf1\xe0y\xe8+9\xa6#\x1e\xf0P\x8c#h\xbb\f\x0e\x18\x87\xc4\n\x92zK/\xe2\x10M8\x9a\xf0\x02\xab,\xb5\xc5\x81\x99\x00'/124, 0x41, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)) 09:08:39 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}}], 0x1, 0x0) semget(0x1, 0x0, 0x0) 09:08:39 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@uid={'uid', 0x3d, 0xffffffffffffffff}}]}) 09:08:39 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x8000, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:08:39 executing program 3: ioperm(0x800, 0x4, 0x100) ioperm(0x8, 0x800, 0x0) 09:08:39 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}}], 0x1, 0x0) semget(0x1, 0x0, 0x0) 09:08:39 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup2(r0, r0) setsockopt$bt_BT_VOICE(r1, 0x112, 0x10, 0x0, 0x0) 09:08:39 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}}], 0x1, 0x0) semget(0x1, 0x0, 0x0) [ 112.751512] tmpfs: Bad value for 'uid' [ 112.751967] tmpfs: Bad value for 'uid' [ 112.755229] Oops: general protection fault, probably for non-canonical address 0xf5fffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 112.756114] KASAN: maybe wild-memory-access in range [0xb000000000000190-0xb000000000000197] [ 112.756780] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.758548] Tainted: [W]=WARN [ 112.759455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.761265] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.762614] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.766149] RSP: 0018:ffff888045457800 EFLAGS: 00010212 [ 112.766573] RAX: 1600000000000032 RBX: afffffffffffffa0 RCX: ffffc9000a22a000 [ 112.767132] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: b000000000000190 [ 112.767696] RBP: ffff888045457a70 R08: ffff88806ce31340 R09: ffffe8ffffc15eb0 [ 112.768257] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.768816] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.769404] FS: 00007f66b74bd700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.770039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.770505] CR2: 00007f66ba05b018 CR3: 0000000042a91000 CR4: 0000000000350ef0 [ 112.771065] Call Trace: [ 112.771277] [ 112.771461] ? perf_swevent_event+0x63/0x3f0 [ 112.771824] ? __pfx_perf_tp_event+0x10/0x10 [ 112.772181] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.772582] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.772975] ? perf_swevent_event+0x63/0x3f0 [ 112.773339] ? perf_tp_event+0x807/0xe70 [ 112.773673] ? __pfx_perf_tp_event+0x10/0x10 [ 112.774031] ? __perf_install_in_context+0x503/0xb90 [ 112.774438] ? do_raw_spin_unlock+0x53/0x220 [ 112.774797] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.775198] perf_trace_run_bpf_submit+0xef/0x180 [ 112.775591] perf_trace_lock+0x337/0x5d0 [ 112.775923] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.776293] ? lock_acquire+0x15e/0x2f0 [ 112.776613] ? futex_ref_get+0x48/0x300 [ 112.776932] ? futex_ref_get+0x114/0x300 [ 112.777263] ? futex_hash+0x15c/0x390 [ 112.777567] lock_release+0x1ab/0x290 [ 112.777872] ? futex_hash+0x15c/0x390 [ 112.778176] futex_ref_get+0x119/0x300 [ 112.778487] ? futex_hash+0x15c/0x390 [ 112.778792] futex_hash+0x70/0x390 [ 112.779080] futex_wake+0x143/0x540 [ 112.779377] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.779747] ? __pfx_futex_wake+0x10/0x10 [ 112.780083] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 112.780487] ? lock_release+0xc8/0x290 [ 112.780803] do_futex+0x26d/0x370 [ 112.781092] ? __pfx_do_futex+0x10/0x10 [ 112.781413] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.781839] ? find_held_lock+0x2b/0x80 [ 112.782170] __x64_sys_futex+0x1c9/0x4d0 [ 112.782500] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.782872] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.783291] do_syscall_64+0xbf/0x360 [ 112.783603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.784014] RIP: 0033:0x7f66b9f47b19 [ 112.784314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.785748] RSP: 002b:00007f66b74bd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.786353] RAX: ffffffffffffffda RBX: 00007f66ba05af68 RCX: 00007f66b9f47b19 [ 112.786915] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f66ba05af6c [ 112.787472] RBP: 00007f66ba05af60 R08: 000000000000000e R09: 0000000000000000 [ 112.788033] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f66ba05af6c [ 112.788602] R13: 00007ffc784f0c7f R14: 00007f66b74bd300 R15: 0000000000022000 [ 112.789184] [ 112.789377] Modules linked in: [ 112.789642] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 112.790573] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 112.791267] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.792219] Tainted: [D]=DIE, [W]=WARN [ 112.792526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.793190] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.793586] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.795027] RSP: 0018:ffff88804543f800 EFLAGS: 00010212 [ 112.795452] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005403000 [ 112.796019] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 112.796587] RBP: ffff88804543fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15eb0 [ 112.797165] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 112.797739] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 112.798308] FS: 00007f6ca8a83700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 112.798946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.799405] CR2: 00007f6cab621018 CR3: 00000000432c0000 CR4: 0000000000350ef0 [ 112.799971] Call Trace: [ 112.800180] [ 112.800371] ? __pfx_perf_tp_event+0x10/0x10 [ 112.800732] ? kvm_sched_clock_read+0x16/0x30 [ 112.801114] ? local_clock_noinstr+0xf/0xc0 [ 112.801470] ? perf_trace_lock+0xb5/0x5d0 [ 112.801808] ? perf_trace_lock+0xb5/0x5d0 [ 112.802143] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.802512] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.802886] ? perf_ctx_unlock+0x73/0x160 [ 112.803221] ? __perf_install_in_context+0x503/0xb90 [ 112.803634] ? lock_release+0x1c7/0x290 [ 112.803954] ? do_raw_spin_unlock+0x53/0x220 [ 112.804308] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.804703] perf_trace_run_bpf_submit+0xef/0x180 [ 112.805096] perf_trace_lock+0x337/0x5d0 [ 112.805422] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.805781] ? perf_trace_lock+0xb5/0x5d0 [ 112.806106] ? __pfx_smp_call_function_single+0x10/0x10 [ 112.806534] ? get_futex_key+0x592/0x14a0 [ 112.806860] ? futex_ref_get+0x114/0x300 [ 112.807177] ? futex_hash+0x15c/0x390 [ 112.807478] lock_release+0x1ab/0x290 [ 112.807783] ? futex_hash+0x15c/0x390 [ 112.808086] futex_ref_get+0x119/0x300 [ 112.808394] ? futex_hash+0x15c/0x390 [ 112.808693] futex_hash+0x70/0x390 [ 112.808981] futex_wake+0x143/0x540 [ 112.809279] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.809638] ? __pfx___mutex_lock+0x10/0x10 [ 112.809981] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.810397] ? __pfx_futex_wake+0x10/0x10 [ 112.810728] ? lock_release+0x1c7/0x290 [ 112.811042] ? fd_install+0x1f0/0x660 [ 112.811347] do_futex+0x26d/0x370 [ 112.811632] ? __pfx_do_futex+0x10/0x10 [ 112.811948] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.812365] ? handle_mm_fault+0x590/0x9b0 [ 112.812707] __x64_sys_futex+0x1c9/0x4d0 [ 112.813037] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.813401] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.813817] do_syscall_64+0xbf/0x360 [ 112.814121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.814524] RIP: 0033:0x7f6cab50db19 [ 112.814818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.816207] RSP: 002b:00007f6ca8a83218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.816796] RAX: ffffffffffffffda RBX: 00007f6cab620f68 RCX: 00007f6cab50db19 [ 112.817354] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6cab620f6c [ 112.817901] RBP: 00007f6cab620f60 R08: 000000000000000e R09: 0000000000000000 [ 112.818451] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f6cab620f6c [ 112.818999] R13: 00007fff727cff6f R14: 00007f6ca8a83300 R15: 0000000000022000 [ 112.819555] [ 112.819743] Modules linked in: [ 112.820002] Oops: general protection fault, probably for non-canonical address 0xf5fffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 112.820873] KASAN: maybe wild-memory-access in range [0xb000000000000190-0xb000000000000197] [ 112.821539] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.822468] Tainted: [D]=DIE, [W]=WARN [ 112.822771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.823411] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.823790] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.825203] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 112.825621] RAX: 1600000000000032 RBX: afffffffffffffa0 RCX: ffffffff818998a3 [ 112.826178] RDX: ffff88801671d280 RSI: ffffffff8189a4e7 RDI: b000000000000190 [ 112.826734] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15eb0 [ 112.827288] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 112.827842] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 112.828399] FS: 00007f66b74bd700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.829030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.829487] CR2: 00007f66ba05b018 CR3: 0000000042a91000 CR4: 0000000000350ef0 [ 112.830044] Call Trace: [ 112.830252] [ 112.830433] ? __pfx_perf_tp_event+0x10/0x10 [ 112.830789] ? __lock_acquire+0xc65/0x1b70 [ 112.831128] ? trace_rcu_utilization+0x26/0x190 [ 112.831506] ? rcu_sched_clock_irq+0x7a0/0x2b40 [ 112.831882] ? __lock_acquire+0x694/0x1b70 [ 112.832223] ? lock_acquire+0x15e/0x2f0 [ 112.832545] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.832944] perf_trace_run_bpf_submit+0xef/0x180 [ 112.833339] perf_trace_lock+0x337/0x5d0 [ 112.833667] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.834037] ? find_held_lock+0x2b/0x80 [ 112.834361] ? hrtimer_interrupt+0x114/0x830 [ 112.834712] lock_release+0x1ab/0x290 [ 112.835019] ktime_get_update_offsets_now+0xab/0x3c0 [ 112.835426] ? hrtimer_interrupt+0x114/0x830 [ 112.835776] ? __pfx_lapic_next_deadline+0x10/0x10 [ 112.836174] hrtimer_interrupt+0x114/0x830 [ 112.836517] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 112.836930] sysvec_apic_timer_interrupt+0x6b/0x80 [ 112.837332] [ 112.837514] [ 112.837699] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 112.838116] RIP: 0010:oops_exit+0x0/0x50 [ 112.838444] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 112.839855] RSP: 0018:ffff888045457690 EFLAGS: 00000202 [ 112.840272] RAX: 000000000002b988 RBX: 0000000000000216 RCX: ffffc9000a22a000 [ 112.840829] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 112.841388] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 112.841942] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888045457758 [ 112.842500] R13: 0000000000000000 R14: f5fffc0000000032 R15: 0000000000000000 [ 112.843061] ? oops_end+0x4a/0xe0 [ 112.843352] oops_end+0x65/0xe0 [ 112.843627] exc_general_protection+0x1a2/0x330 [ 112.844004] asm_exc_general_protection+0x26/0x30 [ 112.844386] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.844759] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.846175] RSP: 0018:ffff888045457800 EFLAGS: 00010212 [ 112.846592] RAX: 1600000000000032 RBX: afffffffffffffa0 RCX: ffffc9000a22a000 [ 112.847149] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: b000000000000190 [ 112.847707] RBP: ffff888045457a70 R08: ffff88806ce31340 R09: ffffe8ffffc15eb0 [ 112.848262] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.848814] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.849382] ? perf_tp_event+0x167/0xe70 [ 112.849714] ? perf_swevent_event+0x63/0x3f0 [ 112.850075] ? __pfx_perf_tp_event+0x10/0x10 [ 112.850432] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.850830] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 112.851227] ? perf_swevent_event+0x63/0x3f0 [ 112.851583] ? perf_tp_event+0x807/0xe70 [ 112.851916] ? __pfx_perf_tp_event+0x10/0x10 [ 112.852272] ? __perf_install_in_context+0x503/0xb90 [ 112.852677] ? do_raw_spin_unlock+0x53/0x220 [ 112.853043] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.853443] perf_trace_run_bpf_submit+0xef/0x180 [ 112.853835] perf_trace_lock+0x337/0x5d0 [ 112.854162] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.854531] ? lock_acquire+0x15e/0x2f0 [ 112.854850] ? futex_ref_get+0x48/0x300 [ 112.855165] ? futex_ref_get+0x114/0x300 [ 112.855484] ? futex_hash+0x15c/0x390 [ 112.855788] lock_release+0x1ab/0x290 [ 112.856098] ? futex_hash+0x15c/0x390 [ 112.856400] futex_ref_get+0x119/0x300 [ 112.856711] ? futex_hash+0x15c/0x390 [ 112.857023] futex_hash+0x70/0x390 [ 112.857310] futex_wake+0x143/0x540 [ 112.857607] ? __pfx_perf_trace_lock+0x10/0x10 [ 112.857973] ? __pfx_futex_wake+0x10/0x10 [ 112.858307] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 112.858714] ? lock_release+0xc8/0x290 [ 112.859033] do_futex+0x26d/0x370 [ 112.859313] ? __pfx_do_futex+0x10/0x10 [ 112.859632] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 112.860052] ? find_held_lock+0x2b/0x80 [ 112.860376] __x64_sys_futex+0x1c9/0x4d0 [ 112.860703] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.861078] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.861494] do_syscall_64+0xbf/0x360 [ 112.861801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.862206] RIP: 0033:0x7f66b9f47b19 [ 112.862500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.863908] RSP: 002b:00007f66b74bd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.864499] RAX: ffffffffffffffda RBX: 00007f66ba05af68 RCX: 00007f66b9f47b19 [ 112.865063] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f66ba05af6c [ 112.865619] RBP: 00007f66ba05af60 R08: 000000000000000e R09: 0000000000000000 [ 112.866173] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f66ba05af6c [ 112.866726] R13: 00007ffc784f0c7f R14: 00007f66b74bd300 R15: 0000000000022000 [ 112.867287] [ 112.867478] Modules linked in: [ 112.867738] ---[ end trace 0000000000000000 ]--- [ 112.867739] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 112.868105] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.868946] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 112.869308] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.869961] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.871356] RSP: 0018:ffff888045457800 EFLAGS: 00010212 [ 112.872254] Tainted: [D]=DIE, [W]=WARN [ 112.872662] RAX: 1600000000000032 RBX: afffffffffffffa0 RCX: ffffc9000a22a000 [ 112.872960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.873514] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: b000000000000190 [ 112.874146] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.874693] RBP: ffff888045457a70 R08: ffff88806ce31340 R09: ffffe8ffffc15eb0 [ 112.875046] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.875591] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.876971] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 112.877530] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.877543] FS: 00007f66b74bd700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.877940] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 112.878492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.879098] RDX: ffff888016719b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 112.879647] CR2: 00007f66ba05b018 CR3: 0000000042a91000 CR4: 0000000000350ef0 [ 112.880091] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15eb0 [ 112.880646] Kernel panic - not syncing: Fatal exception in interrupt [ 113.922904] Shutting down cpus with NMI [ 113.924480] Kernel Offset: disabled [ 113.924770] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:08:39 Registers: info registers vcpu 0 RAX=0000000000000072 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045457158 R8 =0000000000000000 R9 =ffffed1001649046 R10=0000000000000072 R11=30376578302f4952 R12=0000000000000072 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f66b74bd700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f66ba05b018 CR3=0000000042a91000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f66ba02e7c000007f66ba02e7c8 XMM02=00007f66ba02e7e000007f66ba02e7c0 XMM03=00007f66ba02e7c800007f66ba02e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff88804543f5b0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff11008a87eb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88804543f5e8 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6ca8a83700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6cab621018 CR3=00000000432c0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f6cab5f47c000007f6cab5f47c8 XMM02=00007f6cab5f47e000007f6cab5f47c0 XMM03=00007f6cab5f47c800007f6cab5f47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000