Warning: Permanently added '[localhost]:56173' (ECDSA) to the list of known hosts. 2025/09/01 10:03:50 fuzzer started 2025/09/01 10:03:51 dialing manager at localhost:35473 syzkaller login: [ 50.639990] cgroup: Unknown subsys name 'net' [ 50.732357] cgroup: Unknown subsys name 'cpuset' [ 50.752351] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:04:00 syscalls: 2214 2025/09/01 10:04:00 code coverage: enabled 2025/09/01 10:04:00 comparison tracing: enabled 2025/09/01 10:04:00 extra coverage: enabled 2025/09/01 10:04:00 setuid sandbox: enabled 2025/09/01 10:04:00 namespace sandbox: enabled 2025/09/01 10:04:00 Android sandbox: enabled 2025/09/01 10:04:00 fault injection: enabled 2025/09/01 10:04:00 leak checking: enabled 2025/09/01 10:04:00 net packet injection: enabled 2025/09/01 10:04:00 net device setup: enabled 2025/09/01 10:04:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:04:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:04:00 USB emulation: enabled 2025/09/01 10:04:00 hci packet injection: enabled 2025/09/01 10:04:00 wifi device emulation: enabled 2025/09/01 10:04:00 802.15.4 emulation: enabled 2025/09/01 10:04:00 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:04:01 fetching corpus: 47, signal 18976/22489 (executing program) 2025/09/01 10:04:01 fetching corpus: 97, signal 33165/37907 (executing program) 2025/09/01 10:04:01 fetching corpus: 147, signal 41525/47458 (executing program) 2025/09/01 10:04:01 fetching corpus: 197, signal 45601/52804 (executing program) 2025/09/01 10:04:01 fetching corpus: 247, signal 51595/59772 (executing program) 2025/09/01 10:04:01 fetching corpus: 297, signal 57731/66753 (executing program) 2025/09/01 10:04:01 fetching corpus: 347, signal 62872/72725 (executing program) 2025/09/01 10:04:01 fetching corpus: 397, signal 67495/78017 (executing program) 2025/09/01 10:04:01 fetching corpus: 447, signal 70949/82227 (executing program) 2025/09/01 10:04:02 fetching corpus: 497, signal 77958/89435 (executing program) 2025/09/01 10:04:02 fetching corpus: 547, signal 81126/93209 (executing program) 2025/09/01 10:04:02 fetching corpus: 597, signal 83268/95997 (executing program) 2025/09/01 10:04:02 fetching corpus: 647, signal 86058/99286 (executing program) 2025/09/01 10:04:02 fetching corpus: 697, signal 88108/101846 (executing program) 2025/09/01 10:04:02 fetching corpus: 747, signal 90601/104796 (executing program) 2025/09/01 10:04:02 fetching corpus: 797, signal 92086/106885 (executing program) 2025/09/01 10:04:02 fetching corpus: 847, signal 93927/109170 (executing program) 2025/09/01 10:04:02 fetching corpus: 897, signal 96061/111706 (executing program) 2025/09/01 10:04:02 fetching corpus: 947, signal 98325/114233 (executing program) 2025/09/01 10:04:03 fetching corpus: 997, signal 100472/116660 (executing program) 2025/09/01 10:04:03 fetching corpus: 1047, signal 101582/118229 (executing program) 2025/09/01 10:04:03 fetching corpus: 1097, signal 103255/120195 (executing program) 2025/09/01 10:04:03 fetching corpus: 1147, signal 105447/122465 (executing program) 2025/09/01 10:04:03 fetching corpus: 1197, signal 106789/124107 (executing program) 2025/09/01 10:04:03 fetching corpus: 1247, signal 107962/125671 (executing program) 2025/09/01 10:04:03 fetching corpus: 1297, signal 108791/126899 (executing program) 2025/09/01 10:04:03 fetching corpus: 1347, signal 109818/128246 (executing program) 2025/09/01 10:04:03 fetching corpus: 1397, signal 111043/129733 (executing program) 2025/09/01 10:04:03 fetching corpus: 1447, signal 111906/130908 (executing program) 2025/09/01 10:04:03 fetching corpus: 1497, signal 113077/132289 (executing program) 2025/09/01 10:04:04 fetching corpus: 1547, signal 114316/133645 (executing program) 2025/09/01 10:04:04 fetching corpus: 1597, signal 115448/134930 (executing program) 2025/09/01 10:04:04 fetching corpus: 1647, signal 116325/136042 (executing program) 2025/09/01 10:04:04 fetching corpus: 1697, signal 116966/136964 (executing program) 2025/09/01 10:04:04 fetching corpus: 1747, signal 118559/138484 (executing program) 2025/09/01 10:04:04 fetching corpus: 1797, signal 119834/139729 (executing program) 2025/09/01 10:04:04 fetching corpus: 1847, signal 120822/140894 (executing program) 2025/09/01 10:04:04 fetching corpus: 1897, signal 122088/142076 (executing program) 2025/09/01 10:04:04 fetching corpus: 1947, signal 123003/143112 (executing program) 2025/09/01 10:04:04 fetching corpus: 1997, signal 123964/144126 (executing program) 2025/09/01 10:04:05 fetching corpus: 2047, signal 124604/144923 (executing program) 2025/09/01 10:04:05 fetching corpus: 2097, signal 125055/145588 (executing program) 2025/09/01 10:04:05 fetching corpus: 2147, signal 125961/146526 (executing program) 2025/09/01 10:04:05 fetching corpus: 2197, signal 127382/147633 (executing program) 2025/09/01 10:04:05 fetching corpus: 2247, signal 128205/148452 (executing program) 2025/09/01 10:04:05 fetching corpus: 2297, signal 129028/149229 (executing program) 2025/09/01 10:04:05 fetching corpus: 2347, signal 130532/150267 (executing program) 2025/09/01 10:04:05 fetching corpus: 2397, signal 131419/151115 (executing program) 2025/09/01 10:04:05 fetching corpus: 2447, signal 132550/151923 (executing program) 2025/09/01 10:04:05 fetching corpus: 2497, signal 133236/152554 (executing program) 2025/09/01 10:04:05 fetching corpus: 2547, signal 134208/153303 (executing program) 2025/09/01 10:04:06 fetching corpus: 2597, signal 134777/153904 (executing program) 2025/09/01 10:04:06 fetching corpus: 2647, signal 135496/154529 (executing program) 2025/09/01 10:04:06 fetching corpus: 2697, signal 136166/155112 (executing program) 2025/09/01 10:04:06 fetching corpus: 2747, signal 136996/155701 (executing program) 2025/09/01 10:04:06 fetching corpus: 2797, signal 137600/156205 (executing program) 2025/09/01 10:04:06 fetching corpus: 2847, signal 138283/156731 (executing program) 2025/09/01 10:04:06 fetching corpus: 2897, signal 139072/157243 (executing program) 2025/09/01 10:04:06 fetching corpus: 2947, signal 139592/157699 (executing program) 2025/09/01 10:04:06 fetching corpus: 2997, signal 140503/158238 (executing program) 2025/09/01 10:04:06 fetching corpus: 3047, signal 141095/158748 (executing program) 2025/09/01 10:04:06 fetching corpus: 3097, signal 141808/159230 (executing program) 2025/09/01 10:04:06 fetching corpus: 3147, signal 142745/159689 (executing program) 2025/09/01 10:04:07 fetching corpus: 3197, signal 143518/160139 (executing program) 2025/09/01 10:04:07 fetching corpus: 3247, signal 143933/160454 (executing program) 2025/09/01 10:04:07 fetching corpus: 3297, signal 144419/160804 (executing program) 2025/09/01 10:04:07 fetching corpus: 3347, signal 144842/161125 (executing program) 2025/09/01 10:04:07 fetching corpus: 3397, signal 145466/161437 (executing program) 2025/09/01 10:04:07 fetching corpus: 3447, signal 146160/161808 (executing program) 2025/09/01 10:04:07 fetching corpus: 3497, signal 146910/162142 (executing program) 2025/09/01 10:04:07 fetching corpus: 3547, signal 147546/162498 (executing program) 2025/09/01 10:04:07 fetching corpus: 3597, signal 148309/162804 (executing program) 2025/09/01 10:04:07 fetching corpus: 3647, signal 148896/163070 (executing program) 2025/09/01 10:04:07 fetching corpus: 3697, signal 149495/163370 (executing program) 2025/09/01 10:04:08 fetching corpus: 3747, signal 150155/163610 (executing program) 2025/09/01 10:04:08 fetching corpus: 3797, signal 150707/163829 (executing program) 2025/09/01 10:04:08 fetching corpus: 3847, signal 151489/164031 (executing program) 2025/09/01 10:04:08 fetching corpus: 3897, signal 152071/164219 (executing program) 2025/09/01 10:04:08 fetching corpus: 3947, signal 152639/164432 (executing program) 2025/09/01 10:04:08 fetching corpus: 3997, signal 153241/164581 (executing program) 2025/09/01 10:04:08 fetching corpus: 4047, signal 153867/164585 (executing program) 2025/09/01 10:04:08 fetching corpus: 4097, signal 154208/164590 (executing program) 2025/09/01 10:04:08 fetching corpus: 4147, signal 154667/164601 (executing program) 2025/09/01 10:04:08 fetching corpus: 4197, signal 155339/164612 (executing program) 2025/09/01 10:04:09 fetching corpus: 4247, signal 155731/164628 (executing program) 2025/09/01 10:04:09 fetching corpus: 4297, signal 156135/164639 (executing program) 2025/09/01 10:04:09 fetching corpus: 4347, signal 156750/164717 (executing program) 2025/09/01 10:04:09 fetching corpus: 4397, signal 157088/164728 (executing program) 2025/09/01 10:04:09 fetching corpus: 4447, signal 157510/164750 (executing program) 2025/09/01 10:04:09 fetching corpus: 4497, signal 157850/164766 (executing program) 2025/09/01 10:04:09 fetching corpus: 4547, signal 158223/164812 (executing program) 2025/09/01 10:04:09 fetching corpus: 4597, signal 158634/164818 (executing program) 2025/09/01 10:04:09 fetching corpus: 4647, signal 158994/164834 (executing program) 2025/09/01 10:04:09 fetching corpus: 4697, signal 159467/164847 (executing program) 2025/09/01 10:04:09 fetching corpus: 4747, signal 159915/164891 (executing program) 2025/09/01 10:04:10 fetching corpus: 4797, signal 160234/164899 (executing program) 2025/09/01 10:04:10 fetching corpus: 4847, signal 160568/164899 (executing program) 2025/09/01 10:04:10 fetching corpus: 4897, signal 161445/164911 (executing program) 2025/09/01 10:04:10 fetching corpus: 4947, signal 161797/164951 (executing program) 2025/09/01 10:04:10 fetching corpus: 4978, signal 162084/164958 (executing program) 2025/09/01 10:04:10 fetching corpus: 4978, signal 162084/164958 (executing program) 2025/09/01 10:04:12 starting 8 fuzzer processes 10:04:12 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) 10:04:12 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) setsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000000)={@multicast2, @remote, @multicast2}, 0xc) setsockopt$inet_mreqsrc(r1, 0x0, 0x25, &(0x7f00000000c0)={@multicast2, @remote, @multicast2}, 0xc) 10:04:12 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xd) openat$null(0xffffffffffffff9c, 0x0, 0x2e201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() setpriority(0x2, r0, 0x0) 10:04:12 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f00000000c0)) 10:04:13 executing program 3: prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) epoll_create1(0x0) 10:04:13 executing program 4: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 72.526230] audit: type=1400 audit(1756721053.062:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:04:13 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x4d2, 0x6c}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:04:13 executing program 6: r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) io_submit(r1, 0x2, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000200)={0x0, 0x0, 0x500, 0x0, 0x0, r0, 0x0}]) [ 73.708295] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.714466] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.716544] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.726388] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.729985] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.805255] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.807819] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.809877] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.813395] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.815622] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.827002] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.832348] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.837077] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.848719] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.857296] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.974140] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.990011] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.990931] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.993006] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.006079] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.007178] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.007963] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.008714] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.009694] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.015002] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.017165] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.021036] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.021774] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.022488] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.023803] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.024754] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.030206] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.031250] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.032432] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.033353] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.034956] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.035975] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.040173] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.042183] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 74.043159] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.800067] Bluetooth: hci0: command tx timeout [ 75.864979] Bluetooth: hci1: command tx timeout [ 75.928706] Bluetooth: hci2: command tx timeout [ 76.119961] Bluetooth: hci4: command tx timeout [ 76.121528] Bluetooth: hci6: command tx timeout [ 76.183981] Bluetooth: hci5: command tx timeout [ 76.185277] Bluetooth: hci3: command tx timeout [ 76.185356] Bluetooth: hci7: command tx timeout [ 77.847736] Bluetooth: hci0: command tx timeout [ 77.911696] Bluetooth: hci1: command tx timeout [ 77.976267] Bluetooth: hci2: command tx timeout [ 78.167856] Bluetooth: hci6: command tx timeout [ 78.167887] Bluetooth: hci4: command tx timeout [ 78.232828] Bluetooth: hci7: command tx timeout [ 78.232845] Bluetooth: hci5: command tx timeout [ 78.233252] Bluetooth: hci3: command tx timeout [ 79.895689] Bluetooth: hci0: command tx timeout [ 79.959770] Bluetooth: hci1: command tx timeout [ 80.023778] Bluetooth: hci2: command tx timeout [ 80.215798] Bluetooth: hci6: command tx timeout [ 80.216798] Bluetooth: hci4: command tx timeout [ 80.279820] Bluetooth: hci3: command tx timeout [ 80.280255] Bluetooth: hci7: command tx timeout [ 80.280766] Bluetooth: hci5: command tx timeout [ 81.944013] Bluetooth: hci0: command tx timeout [ 82.008229] Bluetooth: hci1: command tx timeout [ 82.073802] Bluetooth: hci2: command tx timeout [ 82.263709] Bluetooth: hci4: command tx timeout [ 82.264125] Bluetooth: hci6: command tx timeout [ 82.327785] Bluetooth: hci7: command tx timeout [ 82.327797] Bluetooth: hci3: command tx timeout [ 82.328784] Bluetooth: hci5: command tx timeout [ 110.091373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.092052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.266682] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.267288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.277106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.277812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.380044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.380728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.851186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.851845] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.874812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.875425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.915764] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.916421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.952216] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.952858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.970320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.971103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.992347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.993082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.395218] audit: type=1400 audit(1756721091.930:8): avc: denied { open } for pid=3874 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.418062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.418994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.423064] audit: type=1400 audit(1756721091.930:9): avc: denied { kernel } for pid=3874 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.456785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.457378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.574812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.575438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.636569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.637587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.843719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.844350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.878570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.879224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:04:52 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) setsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000000)={@multicast2, @remote, @multicast2}, 0xc) setsockopt$inet_mreqsrc(r1, 0x0, 0x25, &(0x7f00000000c0)={@multicast2, @remote, @multicast2}, 0xc) 10:04:52 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f00000000c0)) 10:04:52 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) 10:04:52 executing program 6: r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) io_submit(r1, 0x2, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000200)={0x0, 0x0, 0x500, 0x0, 0x0, r0, 0x0}]) 10:04:52 executing program 3: prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) epoll_create1(0x0) 10:04:52 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xd) openat$null(0xffffffffffffff9c, 0x0, 0x2e201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() setpriority(0x2, r0, 0x0) 10:04:52 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x4d2, 0x6c}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:04:52 executing program 4: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 10:04:52 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x4d2, 0x6c}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:04:52 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) 10:04:52 executing program 4: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 10:04:52 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xd) openat$null(0xffffffffffffff9c, 0x0, 0x2e201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() setpriority(0x2, r0, 0x0) 10:04:52 executing program 6: r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) io_submit(r1, 0x2, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000200)={0x0, 0x0, 0x500, 0x0, 0x0, r0, 0x0}]) 10:04:52 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) setsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000000)={@multicast2, @remote, @multicast2}, 0xc) setsockopt$inet_mreqsrc(r1, 0x0, 0x25, &(0x7f00000000c0)={@multicast2, @remote, @multicast2}, 0xc) 10:04:52 executing program 3: prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) epoll_create1(0x0) 10:04:52 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f00000000c0)) 10:04:52 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) 10:04:52 executing program 4: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 10:04:52 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xd) openat$null(0xffffffffffffff9c, 0x0, 0x2e201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() setpriority(0x2, r0, 0x0) 10:04:52 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x4d2, 0x6c}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c) 10:04:52 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_getevents(r1, 0x1, 0x0, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x103483) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r2, r4) io_submit(r3, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) io_submit(r3, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x3, 0xd545, r5, &(0x7f0000000400)="6fa3bbf7f334cbb13a7d4128f1c0aa468a9e8beaad821a8f1dd8dad03a3589cb5fda1b1c93ad6b63b1a964efb4aef3602b774e800c787bafa06ad3e43ba66a2cbed8ccc7d953fd3c8d39d25a66fd5cbb53999b42f6aaf89ffe8f604faf09c68be51b1a9add7e86f4f291a6bcc2adeeab8209c8a7a3e42424a83242554e65f57392fde921bdbf2b109698be769aeedd8ab30e4205eb9a486be0a85ce8fc8faf48f019e4aa76ca3bc6a7d52ae4473920e8cc12374117ea44e04b2c956bea1fe329bd184021ac49f889da8ad15439c29d301386fa569240a7d7e5d29048436a4d36e4f4aba3acae43ee9cf18046bfaccec6f705d3bb6c", 0xf5, 0xfff, 0x0, 0x2}]) io_pgetevents(0x0, 0x0, 0x3, &(0x7f00000000c0)=[{}, {}, {}], 0x0, &(0x7f0000000180)={&(0x7f0000000140)={[0x1f2]}, 0x8}) 10:04:52 executing program 3: prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) epoll_create1(0x0) 10:04:52 executing program 6: r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) io_submit(r1, 0x2, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000200)={0x0, 0x0, 0x500, 0x0, 0x0, r0, 0x0}]) 10:04:52 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f00000000c0)) 10:04:52 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) setsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000000)={@multicast2, @remote, @multicast2}, 0xc) setsockopt$inet_mreqsrc(r1, 0x0, 0x25, &(0x7f00000000c0)={@multicast2, @remote, @multicast2}, 0xc) 10:04:52 executing program 0: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 10:04:52 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0x9, 0x19, 0x0, 0x0, @str='&:@\'\x00'}]}]}, 0x2c}], 0x1}, 0x0) [ 112.330595] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.7'. [ 112.332704] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 112.333630] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 112.334342] CPU: 0 UID: 0 PID: 3949 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.336483] Tainted: [W]=WARN [ 112.337162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.338829] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.340179] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.343382] RSP: 0018:ffff88804314f780 EFLAGS: 00010012 [ 112.343825] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90001a97000 [ 112.344410] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 112.344996] RBP: ffff88804314f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15d10 [ 112.345590] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.346179] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.346767] FS: 00007f7ee8657700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.347430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.347911] CR2: 00007f6f245f1000 CR3: 0000000043b22000 CR4: 0000000000350ef0 [ 112.348499] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.349092] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 112.349686] Call Trace: [ 112.349905] [ 112.350099] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 112.350586] ? __pfx_perf_tp_event+0x10/0x10 [ 112.350961] ? kasan_quarantine_put+0x84/0x1e0 [ 112.351344] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 112.351782] ? kasan_quarantine_put+0x84/0x1e0 [ 112.352175] ? kmem_cache_free+0x2a1/0x540 [ 112.352527] ? skb_release_data+0x6a2/0xa40 [ 112.352890] ? kfree_skbmem+0x18a/0x1f0 [ 112.353227] ? kfree_skbmem+0x18a/0x1f0 [ 112.353573] ? css_rstat_updated+0x1b8/0x4d0 [ 112.353955] ? __pfx_css_rstat_updated+0x10/0x10 [ 112.354356] ? lock_is_held_type+0x9e/0x120 [ 112.354724] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.355142] ? lock_is_held_type+0x9e/0x120 [ 112.355503] perf_trace_run_bpf_submit+0xef/0x180 [ 112.355909] perf_trace_preemptirq_template+0x259/0x430 [ 112.356352] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 112.356838] ? lock_is_held_type+0x9e/0x120 [ 112.357200] ? find_held_lock+0x2b/0x80 [ 112.357551] ? try_to_wake_up+0x8ae/0x11d0 [ 112.357914] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 112.358338] trace_irq_enable.constprop.0+0xa6/0x100 [ 112.358762] trace_hardirqs_on+0x26/0x40 [ 112.359091] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 112.359503] try_to_wake_up+0x8ae/0x11d0 [ 112.359850] ? __pfx_try_to_wake_up+0x10/0x10 [ 112.360230] ? plist_del+0x122/0x270 [ 112.360546] ? find_held_lock+0x2b/0x80 [ 112.360884] ? futex_wake+0x474/0x540 [ 112.361195] wake_up_q+0xa1/0x130 [ 112.361492] futex_wake+0x47e/0x540 [ 112.361796] ? __pfx_futex_wake+0x10/0x10 [ 112.362150] ? __fget_files+0x34/0x3b0 [ 112.362480] ? __fget_files+0x203/0x3b0 [ 112.362802] ? lock_release+0xc8/0x290 [ 112.363116] do_futex+0x26d/0x370 [ 112.363397] ? __pfx_do_futex+0x10/0x10 [ 112.363719] ? fput+0x6a/0x100 [ 112.363987] __x64_sys_futex+0x1c9/0x4d0 [ 112.364312] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 112.364778] ? __pfx___x64_sys_futex+0x10/0x10 [ 112.365154] ? xfd_validate_state+0x55/0x180 [ 112.365523] do_syscall_64+0xbf/0x360 [ 112.365831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.366240] RIP: 0033:0x7f7eeb0e1b19 [ 112.366540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.367956] RSP: 002b:00007f7ee8657218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.368553] RAX: ffffffffffffffda RBX: 00007f7eeb1f4f68 RCX: 00007f7eeb0e1b19 [ 112.369114] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7eeb1f4f6c [ 112.369691] RBP: 00007f7eeb1f4f60 R08: 000000000000000e R09: 0000000000000000 [ 112.370267] R10: 000000000000002c R11: 0000000000000246 R12: 00007f7eeb1f4f6c [ 112.370838] R13: 00007ffef84d788f R14: 00007f7ee8657300 R15: 0000000000022000 [ 112.371411] [ 112.371608] Modules linked in: [ 112.371872] ---[ end trace 0000000000000000 ]--- [ 112.372248] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.372638] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.374109] RSP: 0018:ffff88804314f780 EFLAGS: 00010012 [ 112.374542] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90001a97000 [ 112.375115] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 112.375690] RBP: ffff88804314f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15d10 [ 112.376265] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.376842] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.377418] FS: 00007f7ee8657700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.378065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.378537] CR2: 00007f6f245f1000 CR3: 0000000043b22000 CR4: 0000000000350ef0 [ 112.379112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.379683] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 112.380254] note: syz-executor.7[3949] exited with irqs disabled [ 112.380797] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 112.381698] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 112.382390] CPU: 0 UID: 0 PID: 3949 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.383347] Tainted: [D]=DIE, [W]=WARN [ 112.383660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.384317] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.384703] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.386159] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 112.386592] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 112.387179] RDX: ffff888042ea5280 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 112.387754] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15d10 [ 112.388325] R10: 0000000000000000 R11: ffff888016fbc898 R12: dffffc0000000000 [ 112.388897] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 112.389477] FS: 00007f7ee8657700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.390120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.390594] CR2: 00007f6f245f1000 CR3: 0000000043b22000 CR4: 0000000000350ef0 [ 112.391166] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.391742] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 112.392310] Call Trace: [ 112.392521] [ 112.392706] ? __pfx_perf_tp_event+0x10/0x10 [ 112.393072] ? enqueue_task_fair+0xded/0x1e00 [ 112.393452] ? check_preempt_wakeup_fair+0x6e/0x950 [ 112.393865] ? wakeup_preempt+0x140/0x2a0 [ 112.394204] ? lock_release+0x1c7/0x290 [ 112.394531] ? lock_release+0x1c7/0x290 [ 112.394860] ? do_raw_spin_unlock+0x53/0x220 [ 112.395226] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 112.395643] ? try_to_wake_up+0x8ae/0x11d0 [ 112.395993] ? do_raw_spin_lock+0x123/0x260 [ 112.396350] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 112.396737] ? perf_trace_run_bpf_submit+0xef/0x180 [ 112.397145] perf_trace_run_bpf_submit+0xef/0x180 [ 112.397552] perf_trace_preemptirq_template+0x259/0x430 [ 112.397985] ? read_tsc+0x9/0x20 [ 112.398266] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 112.398739] ? clockevents_program_event+0x135/0x360 [ 112.399158] ? tick_program_event+0xac/0x140 [ 112.399523] ? handle_softirqs+0x16e/0x770 [ 112.399875] trace_irq_enable.constprop.0+0xa6/0x100 [ 112.400289] trace_hardirqs_on+0x26/0x40 [ 112.400623] handle_softirqs+0x16e/0x770 [ 112.400964] __irq_exit_rcu+0xc4/0x100 [ 112.401287] irq_exit_rcu+0x9/0x20 [ 112.401585] sysvec_apic_timer_interrupt+0x70/0x80 [ 112.401987] [ 112.402173] [ 112.402355] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 112.402782] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 112.403163] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 112.404586] RSP: 0018:ffff88804314ff28 EFLAGS: 00000246 [ 112.405006] RAX: 0000000000000001 RBX: ffff888042ea5280 RCX: ffffffff817c3ab6 [ 112.405573] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 112.406151] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 112.406735] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888042ea5280 [ 112.407325] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 112.407909] ? trace_irq_enable.constprop.0+0x26/0x100 [ 112.408343] ? make_task_dead+0x214/0x3b0 [ 112.408693] ? make_task_dead+0x214/0x3b0 [ 112.409039] ? do_syscall_64+0xbf/0x360 [ 112.409378] rewind_stack_and_make_dead+0x16/0x20 [ 112.409785] RIP: 0033:0x7f7eeb0e1b19 [ 112.410096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.411583] RSP: 002b:00007f7ee8657218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.412203] RAX: ffffffffffffffda RBX: 00007f7eeb1f4f68 RCX: 00007f7eeb0e1b19 [ 112.412788] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7eeb1f4f6c [ 112.413386] RBP: 00007f7eeb1f4f60 R08: 000000000000000e R09: 0000000000000000 [ 112.413995] R10: 000000000000002c R11: 0000000000000246 R12: 00007f7eeb1f4f6c [ 112.414590] R13: 00007ffef84d788f R14: 00007f7ee8657300 R15: 0000000000022000 [ 112.415194] [ 112.415397] Modules linked in: [ 112.415672] ---[ end trace 0000000000000000 ]--- [ 112.416064] RIP: 0010:perf_tp_event+0x175/0xe70 [ 112.416467] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 112.417990] RSP: 0018:ffff88804314f780 EFLAGS: 00010012 [ 112.418432] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90001a97000 [ 112.419036] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 112.419640] RBP: ffff88804314f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15d10 [ 112.420244] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 112.420841] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 112.421437] FS: 00007f7ee8657700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 112.422127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.422626] CR2: 00007f6f245f1000 CR3: 0000000043b22000 CR4: 0000000000350ef0 [ 112.423231] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.423830] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 112.424420] Kernel panic - not syncing: Fatal exception in interrupt [ 112.425163] Kernel Offset: disabled [ 112.425478] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:04:53 Registers: info registers vcpu 0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88804314f0d8 R8 =0000000000000000 R9 =ffffed10015d7046 R10=0000000000000031 R11=30376578302f4952 R12=0000000000000031 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7ee8657700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6f245f1000 CR3=0000000043b22000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7eeb1c87c000007f7eeb1c87c8 XMM02=00007f7eeb1c87e000007f7eeb1c87c0 XMM03=00007f7eeb1c87c800007f7eeb1c87c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000001ad29 RBX=ffff88806ce3de20 RCX=ffffc90007ec9000 RDX=0000000000040000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888018adf5a8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6f21a57700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f946841c018 CR3=000000004106d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f6f245c87c000007f6f245c87c8 XMM02=00007f6f245c87e000007f6f245c87c0 XMM03=00007f6f245c87c800007f6f245c87c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000