Warning: Permanently added '[localhost]:17629' (ECDSA) to the list of known hosts. 2025/08/29 08:15:30 fuzzer started 2025/08/29 08:15:30 dialing manager at localhost:43077 syzkaller login: [ 50.858741] cgroup: Unknown subsys name 'net' [ 50.929479] cgroup: Unknown subsys name 'cpuset' [ 50.946750] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:15:40 syscalls: 2214 2025/08/29 08:15:40 code coverage: enabled 2025/08/29 08:15:40 comparison tracing: enabled 2025/08/29 08:15:40 extra coverage: enabled 2025/08/29 08:15:40 setuid sandbox: enabled 2025/08/29 08:15:40 namespace sandbox: enabled 2025/08/29 08:15:40 Android sandbox: enabled 2025/08/29 08:15:40 fault injection: enabled 2025/08/29 08:15:40 leak checking: enabled 2025/08/29 08:15:40 net packet injection: enabled 2025/08/29 08:15:40 net device setup: enabled 2025/08/29 08:15:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:15:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:15:40 USB emulation: enabled 2025/08/29 08:15:40 hci packet injection: enabled 2025/08/29 08:15:40 wifi device emulation: enabled 2025/08/29 08:15:40 802.15.4 emulation: enabled 2025/08/29 08:15:40 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:15:40 fetching corpus: 45, signal 23949/26867 (executing program) 2025/08/29 08:15:40 fetching corpus: 95, signal 35759/39288 (executing program) 2025/08/29 08:15:40 fetching corpus: 145, signal 44896/48802 (executing program) 2025/08/29 08:15:40 fetching corpus: 195, signal 52943/56934 (executing program) 2025/08/29 08:15:40 fetching corpus: 245, signal 57700/61958 (executing program) 2025/08/29 08:15:41 fetching corpus: 295, signal 60334/64813 (executing program) 2025/08/29 08:15:41 fetching corpus: 345, signal 63582/68078 (executing program) 2025/08/29 08:15:41 fetching corpus: 395, signal 66661/71090 (executing program) 2025/08/29 08:15:41 fetching corpus: 445, signal 70284/74347 (executing program) 2025/08/29 08:15:41 fetching corpus: 495, signal 72430/76370 (executing program) 2025/08/29 08:15:41 fetching corpus: 545, signal 75305/78876 (executing program) 2025/08/29 08:15:41 fetching corpus: 595, signal 79293/81930 (executing program) 2025/08/29 08:15:42 fetching corpus: 645, signal 81254/83421 (executing program) 2025/08/29 08:15:42 fetching corpus: 695, signal 83593/85121 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/85522 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/85620 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/85694 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/85778 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/85863 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/85936 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86010 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86104 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86205 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86297 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86384 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86472 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86549 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86630 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86735 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86821 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86898 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/86981 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87055 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87153 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87234 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87303 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87392 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87476 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87562 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87649 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87739 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87807 (executing program) 2025/08/29 08:15:42 fetching corpus: 710, signal 84072/87807 (executing program) 2025/08/29 08:15:44 starting 8 fuzzer processes 08:15:44 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigaction(0x36, 0x0, 0x0, 0x8, &(0x7f00000001c0)) 08:15:44 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0) 08:15:44 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r0, 0x107, 0x18, 0x0, &(0x7f0000000240)) 08:15:44 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)={0x14}, 0x14}}, 0x0) 08:15:44 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 08:15:44 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r0, 0x0, &(0x7f0000000980)) 08:15:44 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$nbd(r0, &(0x7f0000000400), 0x10) [ 64.351514] audit: type=1400 audit(1756455344.185:7): avc: denied { execmem } for pid=272 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:15:44 executing program 6: sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0xc8, 0x3ed, 0x0, 0x0, 0x0, "efea6d00d6417b99ab6c5457e382d513d37f9cfac5190d19f4780afaf9107d5a5ad0ea6cd7781f35cff65ab070422043433941f4309ffecc5d321c5c61d686aa270feb581ad00361a360cbf6bd999c9fd9b4cd1ead6ff4e846ef810679cc8a5eccd1133c786827f3beddcd4624765d7cedbf64f68516b8c12f553c107751411f6766ea710992d99b88f78d2d1af3082c73b7850384c248c1f3b9c82910429d8f12db6dcc0e6803aebaf62a94179b2963a097f2f31f8caeac"}, 0xc8}}, 0x0) r0 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000140), 0x0) [ 65.573547] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.577394] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.580330] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.587155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.590579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.634388] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.637711] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.640731] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.652998] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.654879] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.657163] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.658911] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.665971] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.679283] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.683174] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.689099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.690298] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.691034] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.695170] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.712523] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.713858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.715283] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.716524] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.723383] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.724766] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.729729] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.731350] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.736903] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.741906] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.746772] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.753960] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.755471] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.756940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.758047] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.759168] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.776163] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.779090] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.780339] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.784116] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.814983] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.669130] Bluetooth: hci0: command tx timeout [ 67.733327] Bluetooth: hci1: command tx timeout [ 67.796740] Bluetooth: hci3: command tx timeout [ 67.797596] Bluetooth: hci4: command tx timeout [ 67.860917] Bluetooth: hci7: command tx timeout [ 67.861815] Bluetooth: hci5: command tx timeout [ 67.862573] Bluetooth: hci2: command tx timeout [ 67.863364] Bluetooth: hci6: command tx timeout [ 69.716834] Bluetooth: hci0: command tx timeout [ 69.782645] Bluetooth: hci1: command tx timeout [ 69.844747] Bluetooth: hci4: command tx timeout [ 69.845155] Bluetooth: hci3: command tx timeout [ 69.911465] Bluetooth: hci2: command tx timeout [ 69.912112] Bluetooth: hci6: command tx timeout [ 69.912498] Bluetooth: hci5: command tx timeout [ 69.912922] Bluetooth: hci7: command tx timeout [ 71.764912] Bluetooth: hci0: command tx timeout [ 71.828908] Bluetooth: hci1: command tx timeout [ 71.892924] Bluetooth: hci4: command tx timeout [ 71.893931] Bluetooth: hci3: command tx timeout [ 71.957153] Bluetooth: hci6: command tx timeout [ 71.957919] Bluetooth: hci5: command tx timeout [ 71.958614] Bluetooth: hci7: command tx timeout [ 71.959380] Bluetooth: hci2: command tx timeout [ 73.812733] Bluetooth: hci0: command tx timeout [ 73.876715] Bluetooth: hci1: command tx timeout [ 73.942073] Bluetooth: hci3: command tx timeout [ 73.943867] Bluetooth: hci4: command tx timeout [ 74.004777] Bluetooth: hci5: command tx timeout [ 74.005476] Bluetooth: hci6: command tx timeout [ 74.006327] Bluetooth: hci2: command tx timeout [ 74.007075] Bluetooth: hci7: command tx timeout [ 102.578858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.579504] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.814710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.815345] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:16:23 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)={0x14}, 0x14}}, 0x0) [ 103.448274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.448973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:16:23 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)={0x14}, 0x14}}, 0x0) 08:16:23 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)={0x14}, 0x14}}, 0x0) [ 103.629227] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.629833] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.744412] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.745087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:16:23 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 08:16:23 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) [ 103.905465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.906303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:16:23 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) 08:16:23 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) [ 104.053679] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.054258] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:16:23 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) [ 104.188959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.189589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.228756] audit: type=1400 audit(1756455384.060:8): avc: denied { open } for pid=3867 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.243190] audit: type=1400 audit(1756455384.060:9): avc: denied { kernel } for pid=3867 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.447512] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.448263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.504513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.505743] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.534306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.534968] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.602803] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.603417] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.686863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.687485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.740519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.742485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.812737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.813373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.867112] audit: type=1400 audit(1756455384.698:10): avc: denied { read } for pid=3909 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.914797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.915434] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:16:24 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r0, 0x107, 0x18, 0x0, &(0x7f0000000240)) 08:16:24 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r0, 0x0, &(0x7f0000000980)) 08:16:24 executing program 6: sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0xc8, 0x3ed, 0x0, 0x0, 0x0, "efea6d00d6417b99ab6c5457e382d513d37f9cfac5190d19f4780afaf9107d5a5ad0ea6cd7781f35cff65ab070422043433941f4309ffecc5d321c5c61d686aa270feb581ad00361a360cbf6bd999c9fd9b4cd1ead6ff4e846ef810679cc8a5eccd1133c786827f3beddcd4624765d7cedbf64f68516b8c12f553c107751411f6766ea710992d99b88f78d2d1af3082c73b7850384c248c1f3b9c82910429d8f12db6dcc0e6803aebaf62a94179b2963a097f2f31f8caeac"}, 0xc8}}, 0x0) r0 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000140), 0x0) 08:16:24 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0) 08:16:24 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$nbd(r0, &(0x7f0000000400), 0x10) 08:16:24 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 08:16:24 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigaction(0x36, 0x0, 0x0, 0x8, &(0x7f00000001c0)) 08:16:24 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 08:16:24 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r0, 0x107, 0x18, 0x0, &(0x7f0000000240)) 08:16:25 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 08:16:25 executing program 6: sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0xc8, 0x3ed, 0x0, 0x0, 0x0, "efea6d00d6417b99ab6c5457e382d513d37f9cfac5190d19f4780afaf9107d5a5ad0ea6cd7781f35cff65ab070422043433941f4309ffecc5d321c5c61d686aa270feb581ad00361a360cbf6bd999c9fd9b4cd1ead6ff4e846ef810679cc8a5eccd1133c786827f3beddcd4624765d7cedbf64f68516b8c12f553c107751411f6766ea710992d99b88f78d2d1af3082c73b7850384c248c1f3b9c82910429d8f12db6dcc0e6803aebaf62a94179b2963a097f2f31f8caeac"}, 0xc8}}, 0x0) r0 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000140), 0x0) 08:16:25 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$nbd(r0, &(0x7f0000000400), 0x10) 08:16:25 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r0, 0x0, &(0x7f0000000980)) 08:16:25 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r0, 0x107, 0x18, 0x0, &(0x7f0000000240)) 08:16:25 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0) [ 105.415482] kmemleak: Found object by alias at 0x607f1a638f3c [ 105.415503] CPU: 0 UID: 0 PID: 3945 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.415521] Tainted: [W]=WARN [ 105.415525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.415532] Call Trace: [ 105.415536] [ 105.415541] dump_stack_lvl+0xca/0x120 [ 105.415566] __lookup_object+0x94/0xb0 [ 105.415582] delete_object_full+0x27/0x70 [ 105.415598] free_percpu+0x30/0x1160 [ 105.415619] ? arch_uprobe_clear_state+0x16/0x140 [ 105.415639] futex_hash_free+0x38/0xc0 [ 105.415654] mmput+0x2d3/0x390 [ 105.415672] do_exit+0x79d/0x2970 [ 105.415690] ? __pfx_do_exit+0x10/0x10 [ 105.415703] ? find_held_lock+0x2b/0x80 [ 105.415722] ? get_signal+0x835/0x2340 [ 105.415741] do_group_exit+0xd3/0x2a0 [ 105.415756] get_signal+0x2315/0x2340 [ 105.415774] ? ksys_write+0x187/0x240 [ 105.415789] ? __pfx_get_signal+0x10/0x10 [ 105.415805] ? do_futex+0x135/0x370 [ 105.415818] ? __pfx_do_futex+0x10/0x10 [ 105.415833] arch_do_signal_or_restart+0x80/0x790 [ 105.415851] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.415867] ? __x64_sys_futex+0x1c9/0x4d0 [ 105.415879] ? __x64_sys_futex+0x1d2/0x4d0 [ 105.415892] ? fput+0x6a/0x100 [ 105.415906] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.415919] ? ksys_write+0x1a3/0x240 [ 105.415930] ? __pfx_ksys_write+0x10/0x10 [ 105.415945] exit_to_user_mode_loop+0x8b/0x110 [ 105.415958] do_syscall_64+0x2f7/0x360 [ 105.415969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.415981] RIP: 0033:0x7fca8c9e6b19 [ 105.415990] Code: Unable to access opcode bytes at 0x7fca8c9e6aef. [ 105.415995] RSP: 002b:00007fca89f5c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.416006] RAX: fffffffffffffe00 RBX: 00007fca8caf9f68 RCX: 00007fca8c9e6b19 [ 105.416014] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fca8caf9f68 [ 105.416021] RBP: 00007fca8caf9f60 R08: 0000000000000000 R09: 0000000000000000 [ 105.416027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca8caf9f6c [ 105.416034] R13: 00007ffe43e818bf R14: 00007fca89f5c300 R15: 0000000000022000 [ 105.416050] [ 105.416053] kmemleak: Object (percpu) 0x607f1a638f38 (size 8): [ 105.416060] kmemleak: comm "syz-executor.4", pid 3948, jiffies 4294772192 [ 105.416067] kmemleak: min_count = 1 [ 105.416070] kmemleak: count = 0 [ 105.416074] kmemleak: flags = 0x21 [ 105.416077] kmemleak: checksum = 0 [ 105.416081] kmemleak: backtrace: [ 105.416084] pcpu_alloc_noprof+0x87a/0x1170 [ 105.416099] perf_trace_event_init+0x366/0xa10 [ 105.416113] perf_trace_init+0x1a4/0x2f0 [ 105.416124] perf_tp_event_init+0xa6/0x120 [ 105.416140] perf_try_init_event+0x140/0x9f0 [ 105.416152] perf_event_alloc.part.0+0x118e/0x45f0 [ 105.416169] __do_sys_perf_event_open+0x719/0x2c20 [ 105.416181] do_syscall_64+0xbf/0x360 [ 105.416189] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:16:25 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigaction(0x36, 0x0, 0x0, 0x8, &(0x7f00000001c0)) 08:16:25 executing program 6: sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0xc8, 0x3ed, 0x0, 0x0, 0x0, "efea6d00d6417b99ab6c5457e382d513d37f9cfac5190d19f4780afaf9107d5a5ad0ea6cd7781f35cff65ab070422043433941f4309ffecc5d321c5c61d686aa270feb581ad00361a360cbf6bd999c9fd9b4cd1ead6ff4e846ef810679cc8a5eccd1133c786827f3beddcd4624765d7cedbf64f68516b8c12f553c107751411f6766ea710992d99b88f78d2d1af3082c73b7850384c248c1f3b9c82910429d8f12db6dcc0e6803aebaf62a94179b2963a097f2f31f8caeac"}, 0xc8}}, 0x0) r0 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000140), 0x0) 08:16:25 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000480)=""/4096, 0x1000) 08:16:25 executing program 1: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0) 08:16:25 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 08:16:25 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r0, 0x0, &(0x7f0000000980)) 08:16:25 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0) 08:16:25 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$nbd(r0, &(0x7f0000000400), 0x10) 08:16:25 executing program 1: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0) [ 105.601537] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 105.603328] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 105.604886] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.611240] Tainted: [W]=WARN [ 105.611724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.613017] RIP: 0010:perf_tp_event+0x175/0xe70 [ 105.613758] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 105.616543] RSP: 0018:ffff888043f97780 EFLAGS: 00010012 [ 105.617099] kmemleak: Found object by alias at 0x607f1a638f3c [ 105.617123] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.617142] Tainted: [W]=WARN [ 105.617146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.617153] Call Trace: [ 105.617157] [ 105.617162] dump_stack_lvl+0xca/0x120 [ 105.617188] __lookup_object+0x94/0xb0 [ 105.617205] delete_object_full+0x27/0x70 [ 105.617220] free_percpu+0x30/0x1160 [ 105.617236] ? arch_uprobe_clear_state+0x16/0x140 [ 105.617255] futex_hash_free+0x38/0xc0 [ 105.617269] mmput+0x2d3/0x390 [ 105.617286] do_exit+0x79d/0x2970 [ 105.617300] ? lock_release+0xc8/0x290 [ 105.617315] ? __pfx_do_exit+0x10/0x10 [ 105.617328] ? find_held_lock+0x2b/0x80 [ 105.617344] ? get_signal+0x835/0x2340 [ 105.617363] do_group_exit+0xd3/0x2a0 [ 105.617377] get_signal+0x2315/0x2340 [ 105.617393] ? ksys_write+0x187/0x240 [ 105.617408] ? __pfx_get_signal+0x10/0x10 [ 105.617423] ? do_futex+0x135/0x370 [ 105.617436] ? __pfx_do_futex+0x10/0x10 [ 105.617449] arch_do_signal_or_restart+0x80/0x790 [ 105.617466] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.617482] ? __x64_sys_futex+0x1c9/0x4d0 [ 105.617493] ? __x64_sys_futex+0x1d2/0x4d0 [ 105.617506] ? fput+0x6a/0x100 [ 105.617520] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.617532] ? ksys_write+0x1a3/0x240 [ 105.617542] ? xfd_validate_state+0x55/0x180 [ 105.617558] ? __pfx_ksys_write+0x10/0x10 [ 105.617571] exit_to_user_mode_loop+0x8b/0x110 [ 105.617588] do_syscall_64+0x2f7/0x360 [ 105.617599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.617611] RIP: 0033:0x7fca8c9e6b19 [ 105.617619] Code: Unable to access opcode bytes at 0x7fca8c9e6aef. [ 105.617624] RSP: 002b:00007fca89f5c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.617636] RAX: fffffffffffffe00 RBX: 00007fca8caf9f68 RCX: 00007fca8c9e6b19 [ 105.617643] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fca8caf9f68 [ 105.617650] RBP: 00007fca8caf9f60 R08: 0000000000000000 R09: 0000000000000000 [ 105.617657] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca8caf9f6c [ 105.617663] R13: 00007ffe43e818bf R14: 00007fca89f5c300 R15: 0000000000022000 [ 105.617676] [ 105.617679] kmemleak: Object (percpu) 0x607f1a638f38 (size 8): [ 105.617686] kmemleak: comm "syz-executor.0", pid 3961, jiffies 4294772395 [ 105.617693] kmemleak: min_count = 1 [ 105.617696] kmemleak: count = 0 [ 105.617700] kmemleak: flags = 0x21 [ 105.617704] kmemleak: checksum = 0 [ 105.617707] kmemleak: backtrace: [ 105.617711] pcpu_alloc_noprof+0x87a/0x1170 [ 105.617725] perf_trace_event_init+0x366/0xa10 [ 105.617739] perf_trace_init+0x1a4/0x2f0 [ 105.617750] perf_tp_event_init+0xa6/0x120 [ 105.617765] perf_try_init_event+0x140/0x9f0 [ 105.617778] perf_event_alloc.part.0+0x118e/0x45f0 [ 105.617794] __do_sys_perf_event_open+0x719/0x2c20 [ 105.617806] do_syscall_64+0xbf/0x360 [ 105.617814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.660071] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005a0e000 [ 105.661167] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 105.662267] RBP: ffff888043f979f0 R08: ffff88806cf31340 R09: ffffe8ffffd16580 [ 105.663371] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 105.664467] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 105.665570] FS: 00007f75122c8700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 105.666819] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.667720] CR2: 0000001b2cd23000 CR3: 000000001e34c000 CR4: 0000000000350ef0 [ 105.668822] Call Trace: [ 105.669231] [ 105.669608] ? __pfx_perf_tp_event+0x10/0x10 [ 105.670324] ? perf_tp_event+0x807/0xe70 [ 105.670990] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.671779] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.672578] ? perf_trace_lock+0x337/0x5d0 [ 105.673252] ? css_rstat_updated+0x1b8/0x4d0 [ 105.673967] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.674761] perf_trace_run_bpf_submit+0xef/0x180 [ 105.675534] perf_trace_preemptirq_template+0x259/0x430 [ 105.676373] ? __pfx_perf_trace_lock+0x10/0x10 [ 105.677102] ? __pfx_perf_trace_lock+0x10/0x10 [ 105.677833] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.678777] ? find_held_lock+0x2b/0x80 [ 105.679424] ? try_to_wake_up+0x8ae/0x11d0 [ 105.680094] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 105.680909] trace_irq_enable.constprop.0+0xa6/0x100 [ 105.681719] trace_hardirqs_on+0x26/0x40 [ 105.682374] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 105.683186] try_to_wake_up+0x8ae/0x11d0 [ 105.683864] ? __pfx_try_to_wake_up+0x10/0x10 [ 105.684600] ? plist_del+0x122/0x270 [ 105.685218] ? find_held_lock+0x2b/0x80 [ 105.685874] ? futex_wake+0x474/0x540 [ 105.686505] wake_up_q+0xa1/0x130 [ 105.687096] futex_wake+0x47e/0x540 [ 105.687707] ? __pfx_futex_wake+0x10/0x10 [ 105.688389] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 105.689218] ? lock_release+0xc8/0x290 [ 105.689864] do_futex+0x26d/0x370 [ 105.690440] ? __pfx_do_futex+0x10/0x10 [ 105.691102] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 105.691964] ? find_held_lock+0x2b/0x80 [ 105.692628] __x64_sys_futex+0x1c9/0x4d0 [ 105.693293] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.694245] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.695000] ? xfd_validate_state+0x55/0x180 [ 105.695739] do_syscall_64+0xbf/0x360 [ 105.696359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.697189] RIP: 0033:0x7f7514d52b19 [ 105.697793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.700687] RSP: 002b:00007f75122c8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.701901] RAX: ffffffffffffffda RBX: 00007f7514e65f68 RCX: 00007f7514d52b19 [ 105.703048] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7514e65f6c [ 105.704188] RBP: 00007f7514e65f60 R08: 000000000000000e R09: 0000000000000000 [ 105.705326] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7514e65f6c [ 105.706466] R13: 00007ffd735eed9f R14: 00007f75122c8300 R15: 0000000000022000 [ 105.707634] [ 105.708019] Modules linked in: [ 105.708550] ---[ end trace 0000000000000000 ]--- [ 105.709308] RIP: 0010:perf_tp_event+0x175/0xe70 [ 105.710073] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 105.712970] RSP: 0018:ffff888043f97780 EFLAGS: 00010012 [ 105.713829] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005a0e000 [ 105.714975] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 105.716115] RBP: ffff888043f979f0 R08: ffff88806cf31340 R09: ffffe8ffffd16580 [ 105.717258] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 105.718394] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 105.719540] FS: 00007f75122c8700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 105.720826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.721757] CR2: 0000001b2cd23000 CR3: 000000001e34c000 CR4: 0000000000350ef0 [ 105.722905] note: syz-executor.4[3964] exited with irqs disabled [ 105.724073] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 105.725857] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 105.727253] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.729151] Tainted: [D]=DIE, [W]=WARN [ 105.729769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.731086] RIP: 0010:perf_tp_event+0x175/0xe70 [ 105.731861] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 105.734767] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 105.735623] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 105.736767] RDX: ffff888016a5d280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 105.737907] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16580 [ 105.739061] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 105.740228] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 105.741397] FS: 00007f75122c8700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 105.742721] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.743675] CR2: 0000001b2cd23000 CR3: 000000001e34c000 CR4: 0000000000350ef0 [ 105.744843] Call Trace: [ 105.745280] [ 105.745659] ? __pfx_perf_tp_event+0x10/0x10 [ 105.746414] ? __pfx_perf_trace_lock+0x10/0x10 [ 105.747191] ? __pfx_perf_trace_lock+0x10/0x10 [ 105.747960] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.748803] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.749641] ? try_to_wake_up+0x128/0x11d0 [ 105.750356] ? lock_release+0x1c7/0x290 [ 105.750999] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.751811] ? perf_trace_lock+0x337/0x5d0 [ 105.752498] ? __pfx_perf_trace_lock+0x10/0x10 [ 105.753241] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.754050] perf_trace_run_bpf_submit+0xef/0x180 [ 105.754850] perf_trace_preemptirq_template+0x259/0x430 [ 105.755712] ? read_tsc+0x9/0x20 [ 105.756273] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.757226] ? clockevents_program_event+0x135/0x360 [ 105.758051] ? tick_program_event+0xac/0x140 [ 105.758772] ? handle_softirqs+0x16e/0x770 [ 105.759454] trace_irq_enable.constprop.0+0xa6/0x100 [ 105.760237] trace_hardirqs_on+0x26/0x40 [ 105.760896] handle_softirqs+0x16e/0x770 [ 105.761579] __irq_exit_rcu+0xc4/0x100 [ 105.762228] irq_exit_rcu+0x9/0x20 [ 105.762823] sysvec_apic_timer_interrupt+0x70/0x80 [ 105.763628] [ 105.764001] [ 105.764375] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 105.765227] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 105.765992] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 105.768898] RSP: 0018:ffff888043f97f28 EFLAGS: 00000246 [ 105.769755] RAX: 0000000000000001 RBX: ffff888016a5d280 RCX: ffffffff817c2b86 [ 105.770907] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 105.772046] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 105.773185] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016a5d280 [ 105.774321] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 105.775475] ? trace_irq_enable.constprop.0+0x26/0x100 [ 105.776323] ? make_task_dead+0x214/0x3b0 [ 105.777009] ? make_task_dead+0x214/0x3b0 [ 105.777690] ? do_syscall_64+0xbf/0x360 [ 105.778336] rewind_stack_and_make_dead+0x16/0x20 [ 105.779140] RIP: 0033:0x7f7514d52b19 [ 105.779744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.782625] RSP: 002b:00007f75122c8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.783852] RAX: ffffffffffffffda RBX: 00007f7514e65f68 RCX: 00007f7514d52b19 [ 105.784992] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7514e65f6c [ 105.786130] RBP: 00007f7514e65f60 R08: 000000000000000e R09: 0000000000000000 [ 105.787285] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7514e65f6c [ 105.788423] R13: 00007ffd735eed9f R14: 00007f75122c8300 R15: 0000000000022000 [ 105.789580] [ 105.789967] Modules linked in: [ 105.790497] ---[ end trace 0000000000000000 ]--- [ 105.791263] RIP: 0010:perf_tp_event+0x175/0xe70 [ 105.792028] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 105.794950] RSP: 0018:ffff888043f97780 EFLAGS: 00010012 [ 105.795805] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005a0e000 [ 105.796938] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 105.798075] RBP: ffff888043f979f0 R08: ffff88806cf31340 R09: ffffe8ffffd16580 [ 105.799221] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 105.800358] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 105.801496] FS: 00007f75122c8700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 105.802792] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.803727] CR2: 0000001b2cd23000 CR3: 000000001e34c000 CR4: 0000000000350ef0 [ 105.804871] Kernel panic - not syncing: Fatal exception in interrupt [ 105.806192] Kernel Offset: disabled [ 105.806792] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:16:25 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff868a139c RDX=1ffff11002e3eed9 RSI=1ffff11002e3eed8 RDI=1ffff11002e3eed8 RBP=ffff8880171f76c0 RSP=ffff8880171f75f8 R8 =ffffffff868a13a0 R9 =ffff8880171f76a8 R10=000000000003be53 R11=000000000002688c R12=ffff8880171f76c8 R13=ffff8880171f76b0 R14=ffff8880171f7af0 R15=ffff8880171f7668 RIP=ffffffff81358f9a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f103e4b08c0 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555561e8fc58 CR3=000000000f6d4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00005569d12d3a1000005569d12e8a80 XMM06=00000000000000000000000400000003 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888043f970e0 R8 =0000000000000000 R9 =ffffed1001519046 R10=000000000000003a R11=552031203a555043 R12=000000000000003a R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f75122c8700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cd23000 CR3=000000001e34c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7514e397c000007f7514e397c8 XMM02=00007f7514e397e000007f7514e397c0 XMM03=00007f7514e397c800007f7514e397c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000