Warning: Permanently added '[localhost]:36508' (ECDSA) to the list of known hosts. 2025/09/01 10:01:10 fuzzer started 2025/09/01 10:01:11 dialing manager at localhost:35473 syzkaller login: [ 59.309240] cgroup: Unknown subsys name 'net' [ 59.364225] cgroup: Unknown subsys name 'cpuset' [ 59.376392] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:01:21 syscalls: 2214 2025/09/01 10:01:21 code coverage: enabled 2025/09/01 10:01:21 comparison tracing: enabled 2025/09/01 10:01:21 extra coverage: enabled 2025/09/01 10:01:21 setuid sandbox: enabled 2025/09/01 10:01:21 namespace sandbox: enabled 2025/09/01 10:01:21 Android sandbox: enabled 2025/09/01 10:01:21 fault injection: enabled 2025/09/01 10:01:21 leak checking: enabled 2025/09/01 10:01:21 net packet injection: enabled 2025/09/01 10:01:21 net device setup: enabled 2025/09/01 10:01:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:01:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:01:21 USB emulation: enabled 2025/09/01 10:01:21 hci packet injection: enabled 2025/09/01 10:01:21 wifi device emulation: enabled 2025/09/01 10:01:21 802.15.4 emulation: enabled 2025/09/01 10:01:21 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:01:21 fetching corpus: 50, signal 20787/24274 (executing program) 2025/09/01 10:01:21 fetching corpus: 100, signal 35047/39746 (executing program) 2025/09/01 10:01:21 fetching corpus: 150, signal 45294/51083 (executing program) 2025/09/01 10:01:21 fetching corpus: 200, signal 49873/56812 (executing program) 2025/09/01 10:01:21 fetching corpus: 250, signal 53064/61129 (executing program) 2025/09/01 10:01:21 fetching corpus: 300, signal 56459/65565 (executing program) 2025/09/01 10:01:22 fetching corpus: 350, signal 61551/71498 (executing program) 2025/09/01 10:01:22 fetching corpus: 400, signal 64883/75763 (executing program) 2025/09/01 10:01:22 fetching corpus: 450, signal 67815/79563 (executing program) 2025/09/01 10:01:22 fetching corpus: 500, signal 71574/83924 (executing program) 2025/09/01 10:01:22 fetching corpus: 550, signal 73874/86990 (executing program) 2025/09/01 10:01:22 fetching corpus: 600, signal 75999/89882 (executing program) 2025/09/01 10:01:22 fetching corpus: 650, signal 77638/92289 (executing program) 2025/09/01 10:01:22 fetching corpus: 700, signal 82202/97094 (executing program) 2025/09/01 10:01:22 fetching corpus: 750, signal 85098/100373 (executing program) 2025/09/01 10:01:22 fetching corpus: 800, signal 87678/103404 (executing program) 2025/09/01 10:01:23 fetching corpus: 850, signal 90271/106384 (executing program) 2025/09/01 10:01:23 fetching corpus: 900, signal 91985/108629 (executing program) 2025/09/01 10:01:23 fetching corpus: 950, signal 93736/110792 (executing program) 2025/09/01 10:01:23 fetching corpus: 1000, signal 94912/112527 (executing program) 2025/09/01 10:01:23 fetching corpus: 1050, signal 95800/114008 (executing program) 2025/09/01 10:01:23 fetching corpus: 1100, signal 97603/116151 (executing program) 2025/09/01 10:01:23 fetching corpus: 1150, signal 99709/118394 (executing program) 2025/09/01 10:01:23 fetching corpus: 1200, signal 101141/120161 (executing program) 2025/09/01 10:01:23 fetching corpus: 1250, signal 102390/121811 (executing program) 2025/09/01 10:01:23 fetching corpus: 1300, signal 104584/124021 (executing program) 2025/09/01 10:01:24 fetching corpus: 1350, signal 105891/125652 (executing program) 2025/09/01 10:01:24 fetching corpus: 1400, signal 107869/127640 (executing program) 2025/09/01 10:01:24 fetching corpus: 1450, signal 108830/128962 (executing program) 2025/09/01 10:01:24 fetching corpus: 1500, signal 110128/130453 (executing program) 2025/09/01 10:01:24 fetching corpus: 1550, signal 111012/131695 (executing program) 2025/09/01 10:01:24 fetching corpus: 1600, signal 112241/133112 (executing program) 2025/09/01 10:01:24 fetching corpus: 1650, signal 113309/134363 (executing program) 2025/09/01 10:01:24 fetching corpus: 1700, signal 114494/135614 (executing program) 2025/09/01 10:01:24 fetching corpus: 1750, signal 115446/136746 (executing program) 2025/09/01 10:01:24 fetching corpus: 1800, signal 116547/138018 (executing program) 2025/09/01 10:01:25 fetching corpus: 1850, signal 117833/139355 (executing program) 2025/09/01 10:01:25 fetching corpus: 1900, signal 118699/140314 (executing program) 2025/09/01 10:01:25 fetching corpus: 1950, signal 119965/141497 (executing program) 2025/09/01 10:01:25 fetching corpus: 2000, signal 120988/142616 (executing program) 2025/09/01 10:01:25 fetching corpus: 2050, signal 122042/143686 (executing program) 2025/09/01 10:01:25 fetching corpus: 2100, signal 123572/144945 (executing program) 2025/09/01 10:01:25 fetching corpus: 2150, signal 124528/145918 (executing program) 2025/09/01 10:01:25 fetching corpus: 2200, signal 125046/146602 (executing program) 2025/09/01 10:01:25 fetching corpus: 2250, signal 126253/147637 (executing program) 2025/09/01 10:01:25 fetching corpus: 2300, signal 127088/148483 (executing program) 2025/09/01 10:01:25 fetching corpus: 2350, signal 128200/149425 (executing program) 2025/09/01 10:01:26 fetching corpus: 2400, signal 129168/150260 (executing program) 2025/09/01 10:01:26 fetching corpus: 2450, signal 130379/151114 (executing program) 2025/09/01 10:01:26 fetching corpus: 2500, signal 131186/151827 (executing program) 2025/09/01 10:01:26 fetching corpus: 2550, signal 132053/152570 (executing program) 2025/09/01 10:01:26 fetching corpus: 2600, signal 132777/153216 (executing program) 2025/09/01 10:01:26 fetching corpus: 2650, signal 133527/153892 (executing program) 2025/09/01 10:01:26 fetching corpus: 2700, signal 134318/154526 (executing program) 2025/09/01 10:01:26 fetching corpus: 2750, signal 135020/155163 (executing program) 2025/09/01 10:01:26 fetching corpus: 2800, signal 136368/155920 (executing program) 2025/09/01 10:01:27 fetching corpus: 2850, signal 136924/156414 (executing program) 2025/09/01 10:01:27 fetching corpus: 2900, signal 137632/156980 (executing program) 2025/09/01 10:01:27 fetching corpus: 2950, signal 138867/157615 (executing program) 2025/09/01 10:01:27 fetching corpus: 3000, signal 139549/158102 (executing program) 2025/09/01 10:01:27 fetching corpus: 3050, signal 140014/158509 (executing program) 2025/09/01 10:01:27 fetching corpus: 3100, signal 140575/158926 (executing program) 2025/09/01 10:01:27 fetching corpus: 3150, signal 141464/159427 (executing program) 2025/09/01 10:01:27 fetching corpus: 3200, signal 141924/159801 (executing program) 2025/09/01 10:01:27 fetching corpus: 3250, signal 142438/160190 (executing program) 2025/09/01 10:01:27 fetching corpus: 3300, signal 143185/160658 (executing program) 2025/09/01 10:01:28 fetching corpus: 3350, signal 143637/160999 (executing program) 2025/09/01 10:01:28 fetching corpus: 3400, signal 144070/161346 (executing program) 2025/09/01 10:01:28 fetching corpus: 3450, signal 144574/161623 (executing program) 2025/09/01 10:01:28 fetching corpus: 3500, signal 145200/161979 (executing program) 2025/09/01 10:01:28 fetching corpus: 3550, signal 145814/162295 (executing program) 2025/09/01 10:01:28 fetching corpus: 3600, signal 146205/162547 (executing program) 2025/09/01 10:01:28 fetching corpus: 3650, signal 146947/162833 (executing program) 2025/09/01 10:01:28 fetching corpus: 3700, signal 147420/163130 (executing program) 2025/09/01 10:01:28 fetching corpus: 3750, signal 147887/163372 (executing program) 2025/09/01 10:01:28 fetching corpus: 3800, signal 148429/163581 (executing program) 2025/09/01 10:01:29 fetching corpus: 3850, signal 149493/163838 (executing program) 2025/09/01 10:01:29 fetching corpus: 3900, signal 150033/164058 (executing program) 2025/09/01 10:01:29 fetching corpus: 3950, signal 150694/164387 (executing program) 2025/09/01 10:01:29 fetching corpus: 4000, signal 150975/164529 (executing program) 2025/09/01 10:01:29 fetching corpus: 4050, signal 151815/164534 (executing program) 2025/09/01 10:01:29 fetching corpus: 4100, signal 152176/164556 (executing program) 2025/09/01 10:01:29 fetching corpus: 4150, signal 152664/164574 (executing program) 2025/09/01 10:01:29 fetching corpus: 4200, signal 153393/164595 (executing program) 2025/09/01 10:01:29 fetching corpus: 4250, signal 153871/164600 (executing program) 2025/09/01 10:01:30 fetching corpus: 4300, signal 154530/164603 (executing program) 2025/09/01 10:01:30 fetching corpus: 4350, signal 155047/164621 (executing program) 2025/09/01 10:01:30 fetching corpus: 4400, signal 156769/164644 (executing program) 2025/09/01 10:01:30 fetching corpus: 4450, signal 157399/164655 (executing program) 2025/09/01 10:01:30 fetching corpus: 4500, signal 157748/164670 (executing program) 2025/09/01 10:01:30 fetching corpus: 4550, signal 158313/164678 (executing program) 2025/09/01 10:01:30 fetching corpus: 4600, signal 159013/164704 (executing program) 2025/09/01 10:01:30 fetching corpus: 4650, signal 159477/164712 (executing program) 2025/09/01 10:01:30 fetching corpus: 4700, signal 159733/164718 (executing program) 2025/09/01 10:01:30 fetching corpus: 4750, signal 160109/164742 (executing program) 2025/09/01 10:01:31 fetching corpus: 4800, signal 160567/164742 (executing program) 2025/09/01 10:01:31 fetching corpus: 4850, signal 161069/164749 (executing program) 2025/09/01 10:01:31 fetching corpus: 4900, signal 161672/164770 (executing program) 2025/09/01 10:01:31 fetching corpus: 4950, signal 161968/164770 (executing program) 2025/09/01 10:01:31 fetching corpus: 4952, signal 161979/164770 (executing program) 2025/09/01 10:01:31 fetching corpus: 4952, signal 161979/164770 (executing program) 2025/09/01 10:01:33 starting 8 fuzzer processes 10:01:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x18, 0x21, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=0xffffffffffffffff}]}, 0x18}], 0x1}, 0x0) 10:01:33 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000180)={@broadcast, @link_local, @void, {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x0, @random="9d23f2344ab6", @private, @empty, @loopback}}}}, 0x0) 10:01:33 executing program 1: setregid(0xee01, 0x0) setresgid(0x0, 0x0, 0xee01) 10:01:33 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote}}}, 0x50}}, 0x0) 10:01:33 executing program 3: mremap(&(0x7f0000ff3000/0xa000)=nil, 0xa000, 0x7ffffffff000, 0x0, &(0x7f0000ff8000/0x3000)=nil) [ 81.417430] audit: type=1400 audit(1756720893.498:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:01:33 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5452, &(0x7f00000002c0)) 10:01:33 executing program 5: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x0, "08bac43417214462c8a613438f727832650d8a1518228667e303a7b0f02be31ec862337f6688bbd019ffe5374c7d222d845020a8de085992526c12fe41dd6c6b"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) 10:01:33 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x3d983f79474f2b28, &(0x7f0000000000)="8365fda1", 0x4) [ 82.671231] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.674285] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.676610] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.680738] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.683591] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.729414] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.731378] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.736432] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.738445] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.740193] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.744323] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.748002] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.750787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.755328] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.761221] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.802603] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.804740] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.811327] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.821250] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.823825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 82.825051] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.826765] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.830223] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.833753] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.838901] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 82.840966] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 82.843102] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 82.843520] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 82.849832] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 82.852281] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.853864] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 82.868330] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 82.869845] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 82.875820] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 82.879312] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.880029] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 82.882663] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 82.885941] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.895178] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 82.936330] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.761323] Bluetooth: hci0: command tx timeout [ 84.823238] Bluetooth: hci1: command tx timeout [ 84.823993] Bluetooth: hci2: command tx timeout [ 84.951176] Bluetooth: hci4: command tx timeout [ 84.952003] Bluetooth: hci5: command tx timeout [ 85.015322] Bluetooth: hci7: command tx timeout [ 85.016237] Bluetooth: hci3: command tx timeout [ 85.016364] Bluetooth: hci6: command tx timeout [ 86.807128] Bluetooth: hci0: command tx timeout [ 86.871163] Bluetooth: hci2: command tx timeout [ 86.871488] Bluetooth: hci1: command tx timeout [ 87.000272] Bluetooth: hci5: command tx timeout [ 87.000729] Bluetooth: hci4: command tx timeout [ 87.064112] Bluetooth: hci6: command tx timeout [ 87.064217] Bluetooth: hci7: command tx timeout [ 87.064589] Bluetooth: hci3: command tx timeout [ 88.856326] Bluetooth: hci0: command tx timeout [ 88.920129] Bluetooth: hci2: command tx timeout [ 88.920564] Bluetooth: hci1: command tx timeout [ 89.047162] Bluetooth: hci5: command tx timeout [ 89.048224] Bluetooth: hci4: command tx timeout [ 89.111183] Bluetooth: hci7: command tx timeout [ 89.113084] Bluetooth: hci6: command tx timeout [ 89.113472] Bluetooth: hci3: command tx timeout [ 90.903142] Bluetooth: hci0: command tx timeout [ 90.967280] Bluetooth: hci1: command tx timeout [ 90.967753] Bluetooth: hci2: command tx timeout [ 91.095195] Bluetooth: hci4: command tx timeout [ 91.095643] Bluetooth: hci5: command tx timeout [ 91.161104] Bluetooth: hci3: command tx timeout [ 91.161576] Bluetooth: hci6: command tx timeout [ 91.161960] Bluetooth: hci7: command tx timeout [ 123.004531] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.005876] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.238921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.240318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.501462] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.502181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.691371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.692327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:02:15 executing program 3: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsmount(r0, 0x0, 0x0) 10:02:15 executing program 3: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsmount(r0, 0x0, 0x0) 10:02:15 executing program 3: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsmount(r0, 0x0, 0x0) [ 123.932475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.933403] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:02:16 executing program 3: r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) fsmount(r1, 0x0, 0x0) fsmount(r0, 0x0, 0x0) [ 124.142818] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.143576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:02:16 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x84, 0x0, 0x0, &(0x7f0000000400), 0x0) 10:02:16 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000180)={@broadcast, @link_local, @void, {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x0, @random="9d23f2344ab6", @private, @empty, @loopback}}}}, 0x0) [ 124.208455] audit: type=1400 audit(1756720936.288:8): avc: denied { open } for pid=3830 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.217192] audit: type=1400 audit(1756720936.288:9): avc: denied { kernel } for pid=3830 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:02:16 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000180)={@broadcast, @link_local, @void, {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x0, @random="9d23f2344ab6", @private, @empty, @loopback}}}}, 0x0) 10:02:16 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x84, 0x0, 0x0, &(0x7f0000000400), 0x0) [ 124.554119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.554819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.741003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.741720] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.123962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.124619] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.210419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.211030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.294269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.295447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.391544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.393031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.455513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.456649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.535618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.537114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.602357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.603513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.694013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.694673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:02:17 executing program 1: setregid(0xee01, 0x0) setresgid(0x0, 0x0, 0xee01) 10:02:17 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5452, &(0x7f00000002c0)) 10:02:17 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000180)={@broadcast, @link_local, @void, {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x0, @random="9d23f2344ab6", @private, @empty, @loopback}}}}, 0x0) 10:02:17 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x84, 0x0, 0x0, &(0x7f0000000400), 0x0) 10:02:17 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote}}}, 0x50}}, 0x0) 10:02:17 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x3d983f79474f2b28, &(0x7f0000000000)="8365fda1", 0x4) 10:02:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x18, 0x21, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=0xffffffffffffffff}]}, 0x18}], 0x1}, 0x0) 10:02:17 executing program 5: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x0, "08bac43417214462c8a613438f727832650d8a1518228667e303a7b0f02be31ec862337f6688bbd019ffe5374c7d222d845020a8de085992526c12fe41dd6c6b"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) 10:02:18 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote}}}, 0x50}}, 0x0) 10:02:18 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x3d983f79474f2b28, &(0x7f0000000000)="8365fda1", 0x4) 10:02:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x18, 0x21, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=0xffffffffffffffff}]}, 0x18}], 0x1}, 0x0) 10:02:18 executing program 1: setregid(0xee01, 0x0) setresgid(0x0, 0x0, 0xee01) 10:02:18 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x3d983f79474f2b28, &(0x7f0000000000)="8365fda1", 0x4) 10:02:18 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote}}}, 0x50}}, 0x0) 10:02:18 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x84, 0x0, 0x0, &(0x7f0000000400), 0x0) 10:02:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x18, 0x21, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=0xffffffffffffffff}]}, 0x18}], 0x1}, 0x0) 10:02:18 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000000)={{}, 0x99080b2d45ff9310}) 10:02:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5452, &(0x7f00000002c0)) 10:02:18 executing program 5: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x0, "08bac43417214462c8a613438f727832650d8a1518228667e303a7b0f02be31ec862337f6688bbd019ffe5374c7d222d845020a8de085992526c12fe41dd6c6b"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) 10:02:18 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000000)={{}, 0x99080b2d45ff9310}) 10:02:18 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000280)=0x18) 10:02:18 executing program 1: setregid(0xee01, 0x0) setresgid(0x0, 0x0, 0xee01) 10:02:18 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0x206, @tick, 0x0, {}, 0x0, 0x0, 0x6}) 10:02:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5452, &(0x7f00000002c0)) 10:02:18 executing program 5: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x0, "08bac43417214462c8a613438f727832650d8a1518228667e303a7b0f02be31ec862337f6688bbd019ffe5374c7d222d845020a8de085992526c12fe41dd6c6b"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) 10:02:18 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xbbf, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x9, 0xff, 0x1, 0x8, 0x0, 0x6, 0x32210, 0xf, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, @perf_bp={&(0x7f00000001c0)}, 0x4000, 0x6, 0x3f, 0x0, 0x7, 0x1, 0x5, 0x0, 0x1, 0x0, 0x7fff}, 0xffffffffffffffff, 0x8, r0, 0x2) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup(r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r3, 0x0, &(0x7f0000000000), 0x0, 0x4) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{0x2, 0xac, 0x8, 0xc1}, {0x800, 0x0, 0x6, 0x80000}, {0x0, 0x7, 0x7, 0x7}]}) r5 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) memfd_create(&(0x7f0000000140)='/dev/sg#\x00', 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000002c0)={0x6, &(0x7f0000000280)=[{0x7, 0x8, 0x8, 0x9}, {0x4, 0x1, 0x4, 0x1f7}, {0x5, 0x7, 0x40, 0x20}, {0x17f8, 0x4, 0x0, 0x2}, {0x7, 0x0, 0x0, 0x8}, {0xb0, 0x1c, 0x20, 0x400}]}) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x5, 0x0, r6) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r6}}, 0x52) r7 = socket$inet6(0xa, 0x80000, 0x81) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'geneve1\x00'}) 10:02:18 executing program 3: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) chown(&(0x7f00000009c0)='./file0\x00', r0, 0x0) chown(&(0x7f00000009c0)='./file0\x00', 0x0, 0x0) [ 126.317953] Oops: general protection fault, probably for non-canonical address 0xebfffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 126.319605] KASAN: maybe wild-memory-access in range [0x6000000000000190-0x6000000000000197] [ 126.320834] CPU: 0 UID: 0 PID: 3957 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.327610] Tainted: [W]=WARN [ 126.328768] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.329952] RIP: 0010:perf_tp_event+0x175/0xe70 [ 126.330663] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 126.333275] RSP: 0018:ffff888016c37800 EFLAGS: 00010212 [ 126.334047] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc90004a42000 [ 126.335090] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 6000000000000190 [ 126.336116] RBP: ffff888016c37a70 R08: ffff88806ce31340 R09: ffffe8ffffc16760 [ 126.337159] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 126.338186] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 126.339215] FS: 00007f90ff36a700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 126.340377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.341222] CR2: 00007f3c9dd3c543 CR3: 000000001f4e3000 CR4: 0000000000350ef0 [ 126.342246] Call Trace: [ 126.342628] [ 126.342976] ? __pfx_perf_tp_event+0x10/0x10 [ 126.343640] ? perf_tp_event+0x807/0xe70 [ 126.344254] ? __pfx_perf_tp_event+0x10/0x10 [ 126.344915] ? __pfx_ctx_sched_in+0x10/0x10 [ 126.345548] ? arch_stack_walk+0x9c/0xf0 [ 126.346152] ? find_held_lock+0x2b/0x80 [ 126.346754] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.347512] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.348253] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.348983] perf_trace_run_bpf_submit+0xef/0x180 [ 126.349703] perf_trace_lock_acquire+0x3c2/0x700 [ 126.350406] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 126.351181] ? futex_ref_get+0x48/0x300 [ 126.351766] ? find_held_lock+0x2b/0x80 [ 126.352360] lock_acquire+0xc5/0x2f0 [ 126.352923] ? futex_wake+0x228/0x540 [ 126.353497] _raw_spin_lock+0x2b/0x40 [ 126.354065] ? futex_wake+0x228/0x540 [ 126.354628] futex_wake+0x228/0x540 [ 126.355183] ? __pfx_futex_wake+0x10/0x10 [ 126.355805] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 126.356549] ? lock_release+0xc8/0x290 [ 126.357131] do_futex+0x26d/0x370 [ 126.357651] ? __pfx_do_futex+0x10/0x10 [ 126.358236] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 126.359012] ? __pfx___schedule+0x10/0x10 [ 126.359636] __x64_sys_futex+0x1c9/0x4d0 [ 126.360240] ? __pfx___x64_sys_futex+0x10/0x10 [ 126.360914] ? xfd_validate_state+0x55/0x180 [ 126.361578] do_syscall_64+0xbf/0x360 [ 126.362139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.362885] RIP: 0033:0x7f9101df4b19 [ 126.363439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.366028] RSP: 002b:00007f90ff36a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.367123] RAX: ffffffffffffffda RBX: 00007f9101f07f68 RCX: 00007f9101df4b19 [ 126.368144] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9101f07f6c [ 126.369159] RBP: 00007f9101f07f60 R08: 000000000000000e R09: 0000000000000000 [ 126.370175] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f9101f07f6c [ 126.371203] R13: 00007ffd4b01c56f R14: 00007f90ff36a300 R15: 0000000000022000 [ 126.372239] [ 126.372583] Modules linked in: [ 126.373062] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 126.374002] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 126.374697] CPU: 1 UID: 0 PID: 3954 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.375655] Tainted: [D]=DIE, [W]=WARN [ 126.375963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.376620] RIP: 0010:perf_tp_event+0x175/0xe70 [ 126.377016] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 126.378470] RSP: 0018:ffff88801a49f800 EFLAGS: 00010212 [ 126.378898] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000443f000 [ 126.379478] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 126.380053] RBP: ffff88801a49fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16760 [ 126.380621] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 126.381195] R13: 0000000000000024 R14: ffff88806cf31340 R15: dffffc0000000000 [ 126.381764] FS: 00007f782e83d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 126.382406] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.382872] CR2: 0000000020003a04 CR3: 000000000bfab000 CR4: 0000000000350ef0 [ 126.383443] Call Trace: [ 126.383654] [ 126.383842] ? stack_depot_save_flags+0x2c/0xa20 [ 126.384234] ? __pfx_perf_tp_event+0x10/0x10 [ 126.384603] ? do_raw_spin_lock+0x123/0x260 [ 126.384959] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 126.385340] ? lock_acquire+0x18c/0x2f0 [ 126.385666] ? xa_store+0x35/0x50 [ 126.385955] ? __io_uring_add_tctx_node+0x1a1/0x4c0 [ 126.386366] ? perf_trace_lock_acquire+0xc9/0x700 [ 126.386760] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 126.387195] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 126.387619] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 126.388003] ? kmem_cache_alloc_lru_noprof+0x268/0x6a0 [ 126.388426] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 126.388851] ? lock_acquire+0xc5/0x2f0 [ 126.389171] ? lock_acquire+0x18c/0x2f0 [ 126.389500] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.389907] perf_trace_run_bpf_submit+0xef/0x180 [ 126.390310] perf_trace_lock_acquire+0x3c2/0x700 [ 126.390697] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 126.391129] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 126.391557] ? lock_acquire+0xc5/0x2f0 [ 126.391876] ? lock_acquire+0x18c/0x2f0 [ 126.392201] lock_acquire+0xc5/0x2f0 [ 126.392506] ? futex_wake+0x228/0x540 [ 126.392820] ? futex_hash+0x15c/0x390 [ 126.393132] _raw_spin_lock+0x2b/0x40 [ 126.393448] ? futex_wake+0x228/0x540 [ 126.393760] futex_wake+0x228/0x540 [ 126.394071] ? __pfx_futex_wake+0x10/0x10 [ 126.394414] ? lock_release+0x1c7/0x290 [ 126.394744] do_futex+0x26d/0x370 [ 126.395034] ? __pfx_do_futex+0x10/0x10 [ 126.395371] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 126.395734] __x64_sys_futex+0x1c9/0x4d0 [ 126.396066] ? __pfx___x64_sys_futex+0x10/0x10 [ 126.396440] ? ksys_mmap_pgoff+0x85/0x520 [ 126.396783] ? __x64_sys_mmap+0x12f/0x190 [ 126.397132] do_syscall_64+0xbf/0x360 [ 126.397443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.397858] RIP: 0033:0x7f78312c7b19 [ 126.398159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.399611] RSP: 002b:00007f782e83d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.400216] RAX: ffffffffffffffda RBX: 00007f78313daf68 RCX: 00007f78312c7b19 [ 126.400779] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f78313daf6c [ 126.401341] RBP: 00007f78313daf60 R08: 0000000000000016 R09: 0000000000000000 [ 126.401906] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f78313daf6c [ 126.402470] R13: 00007ffd4333625f R14: 00007f782e83d300 R15: 0000000000022000 [ 126.403038] [ 126.403236] Modules linked in: [ 126.403501] Oops: general protection fault, probably for non-canonical address 0xebfffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 126.405089] KASAN: maybe wild-memory-access in range [0x6000000000000190-0x6000000000000197] [ 126.406290] CPU: 0 UID: 0 PID: 3957 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.408009] Tainted: [D]=DIE, [W]=WARN [ 126.408564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.409734] RIP: 0010:perf_tp_event+0x175/0xe70 [ 126.410417] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 126.413013] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 126.413778] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffffff818998a3 [ 126.414800] RDX: ffff888016cc8000 RSI: ffffffff8189a4e7 RDI: 6000000000000190 [ 126.415830] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16760 [ 126.416852] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 126.417868] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 126.418892] FS: 00007f90ff36a700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 126.420072] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.420925] CR2: 00007f3c9dd3c543 CR3: 000000001f4e3000 CR4: 0000000000350ef0 [ 126.421950] Call Trace: [ 126.422327] [ 126.422666] ? __pfx_perf_tp_event+0x10/0x10 [ 126.423328] ? __lock_acquire+0x694/0x1b70 [ 126.423950] ? __lock_acquire+0xc65/0x1b70 [ 126.424573] ? lock_is_held_type+0x9e/0x120 [ 126.425222] ? __pick_eevdf+0x326/0x570 [ 126.425800] ? update_curr+0x1b9/0x500 [ 126.426375] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.427113] perf_trace_run_bpf_submit+0xef/0x180 [ 126.427828] perf_trace_lock_acquire+0x3c2/0x700 [ 126.428535] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 126.429225] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 126.429982] ? lock_acquire+0x15e/0x2f0 [ 126.430571] ? find_held_lock+0x2b/0x80 [ 126.431174] ? clockevents_program_event+0x14f/0x360 [ 126.431910] ? lock_release+0xc8/0x290 [ 126.432485] lock_acquire+0xc5/0x2f0 [ 126.433033] ? hrtimer_interrupt+0xd6/0x830 [ 126.433660] ? __pfx_lapic_next_deadline+0x10/0x10 [ 126.434382] _raw_spin_lock_irqsave+0x3a/0x60 [ 126.435073] ? hrtimer_interrupt+0xd6/0x830 [ 126.435697] hrtimer_interrupt+0xd6/0x830 [ 126.436321] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 126.437067] sysvec_apic_timer_interrupt+0x6b/0x80 [ 126.437790] [ 126.438122] [ 126.438462] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 126.439237] RIP: 0010:oops_exit+0x0/0x50 [ 126.439841] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 126.442456] RSP: 0018:ffff888016c37690 EFLAGS: 00000202 [ 126.443234] RAX: 0000000000029a0f RBX: 0000000000000212 RCX: ffffc90004a42000 [ 126.444265] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 126.445298] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 126.446319] R10: 0000000000000000 R11: 000000000000002c R12: ffff888016c37758 [ 126.447364] R13: 0000000000000000 R14: ebfffc0000000032 R15: 0000000000000000 [ 126.448388] ? oops_end+0x4a/0xe0 [ 126.448906] oops_end+0x65/0xe0 [ 126.449409] exc_general_protection+0x1a2/0x330 [ 126.450091] asm_exc_general_protection+0x26/0x30 [ 126.450794] RIP: 0010:perf_tp_event+0x175/0xe70 [ 126.451490] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 126.454089] RSP: 0018:ffff888016c37800 EFLAGS: 00010212 [ 126.454854] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc90004a42000 [ 126.455886] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 6000000000000190 [ 126.456909] RBP: ffff888016c37a70 R08: ffff88806ce31340 R09: ffffe8ffffc16760 [ 126.457921] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 126.458931] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 126.459965] ? perf_tp_event+0x167/0xe70 [ 126.460576] ? __pfx_perf_tp_event+0x10/0x10 [ 126.461226] ? perf_tp_event+0x807/0xe70 [ 126.461828] ? __pfx_perf_tp_event+0x10/0x10 [ 126.462476] ? __pfx_ctx_sched_in+0x10/0x10 [ 126.463105] ? arch_stack_walk+0x9c/0xf0 [ 126.463695] ? find_held_lock+0x2b/0x80 [ 126.464285] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.465016] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.465744] ? perf_trace_run_bpf_submit+0xef/0x180 [ 126.466469] perf_trace_run_bpf_submit+0xef/0x180 [ 126.467189] perf_trace_lock_acquire+0x3c2/0x700 [ 126.467886] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 126.468647] ? futex_ref_get+0x48/0x300 [ 126.469219] ? find_held_lock+0x2b/0x80 [ 126.469805] lock_acquire+0xc5/0x2f0 [ 126.470349] ? futex_wake+0x228/0x540 [ 126.470918] _raw_spin_lock+0x2b/0x40 [ 126.471483] ? futex_wake+0x228/0x540 [ 126.472040] futex_wake+0x228/0x540 [ 126.472580] ? __pfx_futex_wake+0x10/0x10 [ 126.473195] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 126.473926] ? lock_release+0xc8/0x290 [ 126.474509] do_futex+0x26d/0x370 [ 126.475021] ? __pfx_do_futex+0x10/0x10 [ 126.475608] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 126.476386] ? __pfx___schedule+0x10/0x10 [ 126.476993] __x64_sys_futex+0x1c9/0x4d0 [ 126.477593] ? __pfx___x64_sys_futex+0x10/0x10 [ 126.478262] ? xfd_validate_state+0x55/0x180 [ 126.478920] do_syscall_64+0xbf/0x360 [ 126.479491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.480236] RIP: 0033:0x7f9101df4b19 [ 126.480769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.483353] RSP: 002b:00007f90ff36a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.484434] RAX: ffffffffffffffda RBX: 00007f9101f07f68 RCX: 00007f9101df4b19 [ 126.485452] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9101f07f6c [ 126.486463] RBP: 00007f9101f07f60 R08: 000000000000000e R09: 0000000000000000 [ 126.487477] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f9101f07f6c [ 126.488498] R13: 00007ffd4b01c56f R14: 00007f90ff36a300 R15: 0000000000022000 [ 126.489537] [ 126.489878] Modules linked in: [ 126.490350] ---[ end trace 0000000000000000 ]--- [ 126.490351] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 126.490368] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 126.491028] RIP: 0010:perf_tp_event+0x175/0xe70 [ 126.491895] CPU: 1 UID: 0 PID: 3954 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.493112] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 126.493481] Tainted: [D]=DIE, [W]=WARN [ 126.495152] RSP: 0018:ffff888016c37800 EFLAGS: 00010212 [ 126.496556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.497099] [ 126.497510] RIP: 0010:perf_tp_event+0x175/0xe70 [ 126.498684] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc90004a42000 [ 126.498822] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 126.499486] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 6000000000000190 [ 126.500043] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 126.502615] RBP: ffff888016c37a70 R08: ffff88806ce31340 R09: ffffe8ffffc16760 [ 126.503171] [ 126.503177] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 126.503919] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 126.504468] RDX: ffff888016909b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 126.504716] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 126.505265] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16760 [ 126.506275] FS: 00007f90ff36a700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 126.506822] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 126.507837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.508387] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 126.509529] CR2: 00007f3c9dd3c543 CR3: 000000001f4e3000 CR4: 0000000000350ef0 [ 126.510078] FS: 00007f782e83d700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 126.510914] Kernel panic - not syncing: Fatal exception in interrupt [ 127.588273] Shutting down cpus with NMI [ 127.601276] Kernel Offset: disabled [ 127.601601] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:02:18 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016c37160 R8 =0000000000000000 R9 =ffffed10016ba046 R10=0000000000000020 R11=000000000000002c R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f90ff36a700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3c9dd3c543 CR3=000000001f4e3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f9101edb7c000007f9101edb7c8 XMM02=00007f9101edb7e000007f9101edb7c0 XMM03=00007f9101edb7c800007f9101edb7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff88801a49f5b0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff11003493eb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88801a49f5e8 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f782e83d700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020003a04 CR3=000000000bfab000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffff0000000000000000 XMM01=23232323232323232323232323232323 XMM02=ffffffffffffffffffffffffffffffff XMM03=00000000000000000000000000000000 XMM04=ffffffffffffffff0000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000