Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:33844' (ECDSA) to the list of known hosts. 2025/09/01 10:11:17 fuzzer started 2025/09/01 10:11:17 dialing manager at localhost:35473 syzkaller login: [ 50.588998] cgroup: Unknown subsys name 'net' [ 50.639182] cgroup: Unknown subsys name 'cpuset' [ 50.646557] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:11:27 syscalls: 2214 2025/09/01 10:11:27 code coverage: enabled 2025/09/01 10:11:27 comparison tracing: enabled 2025/09/01 10:11:27 extra coverage: enabled 2025/09/01 10:11:27 setuid sandbox: enabled 2025/09/01 10:11:27 namespace sandbox: enabled 2025/09/01 10:11:27 Android sandbox: enabled 2025/09/01 10:11:27 fault injection: enabled 2025/09/01 10:11:27 leak checking: enabled 2025/09/01 10:11:27 net packet injection: enabled 2025/09/01 10:11:27 net device setup: enabled 2025/09/01 10:11:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:11:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:11:27 USB emulation: enabled 2025/09/01 10:11:27 hci packet injection: enabled 2025/09/01 10:11:27 wifi device emulation: enabled 2025/09/01 10:11:27 802.15.4 emulation: enabled 2025/09/01 10:11:27 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:11:27 fetching corpus: 45, signal 21259/24773 (executing program) 2025/09/01 10:11:27 fetching corpus: 95, signal 36881/41617 (executing program) 2025/09/01 10:11:27 fetching corpus: 145, signal 48741/54428 (executing program) 2025/09/01 10:11:27 fetching corpus: 195, signal 54839/61558 (executing program) 2025/09/01 10:11:27 fetching corpus: 245, signal 59528/67272 (executing program) 2025/09/01 10:11:28 fetching corpus: 295, signal 63587/72286 (executing program) 2025/09/01 10:11:28 fetching corpus: 345, signal 66203/75856 (executing program) 2025/09/01 10:11:28 fetching corpus: 395, signal 70753/81136 (executing program) 2025/09/01 10:11:28 fetching corpus: 445, signal 72600/83886 (executing program) 2025/09/01 10:11:28 fetching corpus: 495, signal 76730/88577 (executing program) 2025/09/01 10:11:28 fetching corpus: 545, signal 79060/91691 (executing program) 2025/09/01 10:11:28 fetching corpus: 595, signal 82101/95300 (executing program) 2025/09/01 10:11:28 fetching corpus: 645, signal 85380/99070 (executing program) 2025/09/01 10:11:28 fetching corpus: 695, signal 86937/101323 (executing program) 2025/09/01 10:11:28 fetching corpus: 745, signal 88931/103952 (executing program) 2025/09/01 10:11:28 fetching corpus: 795, signal 91026/106597 (executing program) 2025/09/01 10:11:28 fetching corpus: 845, signal 93672/109581 (executing program) 2025/09/01 10:11:28 fetching corpus: 895, signal 94990/111484 (executing program) 2025/09/01 10:11:29 fetching corpus: 945, signal 96637/113608 (executing program) 2025/09/01 10:11:29 fetching corpus: 995, signal 98551/115928 (executing program) 2025/09/01 10:11:29 fetching corpus: 1045, signal 100187/117967 (executing program) 2025/09/01 10:11:29 fetching corpus: 1095, signal 101610/119828 (executing program) 2025/09/01 10:11:29 fetching corpus: 1145, signal 102931/121656 (executing program) 2025/09/01 10:11:29 fetching corpus: 1195, signal 104147/123296 (executing program) 2025/09/01 10:11:29 fetching corpus: 1245, signal 105740/125179 (executing program) 2025/09/01 10:11:29 fetching corpus: 1295, signal 106946/126761 (executing program) 2025/09/01 10:11:29 fetching corpus: 1345, signal 108057/128259 (executing program) 2025/09/01 10:11:29 fetching corpus: 1395, signal 110076/130344 (executing program) 2025/09/01 10:11:29 fetching corpus: 1445, signal 111639/132066 (executing program) 2025/09/01 10:11:30 fetching corpus: 1495, signal 113005/133592 (executing program) 2025/09/01 10:11:30 fetching corpus: 1545, signal 113845/134781 (executing program) 2025/09/01 10:11:30 fetching corpus: 1595, signal 115416/136398 (executing program) 2025/09/01 10:11:30 fetching corpus: 1645, signal 115972/137352 (executing program) 2025/09/01 10:11:30 fetching corpus: 1695, signal 116936/138561 (executing program) 2025/09/01 10:11:30 fetching corpus: 1745, signal 117946/139717 (executing program) 2025/09/01 10:11:30 fetching corpus: 1795, signal 118746/140748 (executing program) 2025/09/01 10:11:30 fetching corpus: 1845, signal 119252/141632 (executing program) 2025/09/01 10:11:30 fetching corpus: 1895, signal 119935/142614 (executing program) 2025/09/01 10:11:30 fetching corpus: 1945, signal 121076/143789 (executing program) 2025/09/01 10:11:30 fetching corpus: 1995, signal 121740/144702 (executing program) 2025/09/01 10:11:31 fetching corpus: 2045, signal 122355/145595 (executing program) 2025/09/01 10:11:31 fetching corpus: 2095, signal 123154/146530 (executing program) 2025/09/01 10:11:31 fetching corpus: 2145, signal 124101/147481 (executing program) 2025/09/01 10:11:31 fetching corpus: 2195, signal 124750/148360 (executing program) 2025/09/01 10:11:31 fetching corpus: 2245, signal 125480/149232 (executing program) 2025/09/01 10:11:31 fetching corpus: 2295, signal 126096/150047 (executing program) 2025/09/01 10:11:31 fetching corpus: 2345, signal 128199/151513 (executing program) 2025/09/01 10:11:31 fetching corpus: 2395, signal 129036/152369 (executing program) 2025/09/01 10:11:31 fetching corpus: 2445, signal 130027/153212 (executing program) 2025/09/01 10:11:31 fetching corpus: 2495, signal 130714/153960 (executing program) 2025/09/01 10:11:31 fetching corpus: 2545, signal 131635/154800 (executing program) 2025/09/01 10:11:32 fetching corpus: 2595, signal 132246/155509 (executing program) 2025/09/01 10:11:32 fetching corpus: 2645, signal 132834/156208 (executing program) 2025/09/01 10:11:32 fetching corpus: 2695, signal 133306/156780 (executing program) 2025/09/01 10:11:32 fetching corpus: 2745, signal 134306/157542 (executing program) 2025/09/01 10:11:32 fetching corpus: 2795, signal 135546/158321 (executing program) 2025/09/01 10:11:32 fetching corpus: 2845, signal 136502/159002 (executing program) 2025/09/01 10:11:32 fetching corpus: 2895, signal 137534/159701 (executing program) 2025/09/01 10:11:32 fetching corpus: 2945, signal 138207/160225 (executing program) 2025/09/01 10:11:32 fetching corpus: 2995, signal 138852/160781 (executing program) 2025/09/01 10:11:32 fetching corpus: 3045, signal 139369/161298 (executing program) 2025/09/01 10:11:33 fetching corpus: 3095, signal 140132/161811 (executing program) 2025/09/01 10:11:33 fetching corpus: 3145, signal 142038/162595 (executing program) 2025/09/01 10:11:33 fetching corpus: 3195, signal 142789/163051 (executing program) 2025/09/01 10:11:33 fetching corpus: 3245, signal 143682/163556 (executing program) 2025/09/01 10:11:33 fetching corpus: 3295, signal 144290/163970 (executing program) 2025/09/01 10:11:33 fetching corpus: 3345, signal 145132/164425 (executing program) 2025/09/01 10:11:33 fetching corpus: 3395, signal 145777/164840 (executing program) 2025/09/01 10:11:33 fetching corpus: 3445, signal 146232/165205 (executing program) 2025/09/01 10:11:33 fetching corpus: 3495, signal 146960/165611 (executing program) 2025/09/01 10:11:33 fetching corpus: 3545, signal 147477/165945 (executing program) 2025/09/01 10:11:33 fetching corpus: 3595, signal 148230/166282 (executing program) 2025/09/01 10:11:34 fetching corpus: 3645, signal 148720/166604 (executing program) 2025/09/01 10:11:34 fetching corpus: 3695, signal 149277/166889 (executing program) 2025/09/01 10:11:34 fetching corpus: 3745, signal 149903/167231 (executing program) 2025/09/01 10:11:34 fetching corpus: 3795, signal 150559/167548 (executing program) 2025/09/01 10:11:34 fetching corpus: 3845, signal 151128/167820 (executing program) 2025/09/01 10:11:34 fetching corpus: 3895, signal 151830/168072 (executing program) 2025/09/01 10:11:34 fetching corpus: 3945, signal 152236/168303 (executing program) 2025/09/01 10:11:34 fetching corpus: 3995, signal 152715/168523 (executing program) 2025/09/01 10:11:34 fetching corpus: 4045, signal 153069/168742 (executing program) 2025/09/01 10:11:34 fetching corpus: 4095, signal 153426/168924 (executing program) 2025/09/01 10:11:34 fetching corpus: 4145, signal 153724/168943 (executing program) 2025/09/01 10:11:34 fetching corpus: 4195, signal 154160/168985 (executing program) 2025/09/01 10:11:35 fetching corpus: 4245, signal 154663/168986 (executing program) 2025/09/01 10:11:35 fetching corpus: 4295, signal 155126/168994 (executing program) 2025/09/01 10:11:35 fetching corpus: 4345, signal 155820/169015 (executing program) 2025/09/01 10:11:35 fetching corpus: 4395, signal 156151/169024 (executing program) 2025/09/01 10:11:35 fetching corpus: 4445, signal 156559/169024 (executing program) 2025/09/01 10:11:35 fetching corpus: 4495, signal 156967/169029 (executing program) 2025/09/01 10:11:35 fetching corpus: 4545, signal 157486/169038 (executing program) 2025/09/01 10:11:35 fetching corpus: 4595, signal 158306/169045 (executing program) 2025/09/01 10:11:35 fetching corpus: 4645, signal 158914/169141 (executing program) 2025/09/01 10:11:35 fetching corpus: 4695, signal 159238/169184 (executing program) 2025/09/01 10:11:36 fetching corpus: 4745, signal 159661/169224 (executing program) 2025/09/01 10:11:36 fetching corpus: 4795, signal 159957/169259 (executing program) 2025/09/01 10:11:36 fetching corpus: 4845, signal 160407/169262 (executing program) 2025/09/01 10:11:36 fetching corpus: 4895, signal 160816/169277 (executing program) 2025/09/01 10:11:36 fetching corpus: 4945, signal 161173/169278 (executing program) 2025/09/01 10:11:36 fetching corpus: 4995, signal 161695/169280 (executing program) 2025/09/01 10:11:36 fetching corpus: 5045, signal 162027/169291 (executing program) 2025/09/01 10:11:36 fetching corpus: 5095, signal 162619/169328 (executing program) 2025/09/01 10:11:36 fetching corpus: 5145, signal 163112/169351 (executing program) 2025/09/01 10:11:36 fetching corpus: 5195, signal 163370/169361 (executing program) 2025/09/01 10:11:36 fetching corpus: 5245, signal 163705/169368 (executing program) 2025/09/01 10:11:36 fetching corpus: 5295, signal 164097/169407 (executing program) 2025/09/01 10:11:37 fetching corpus: 5345, signal 164544/169423 (executing program) 2025/09/01 10:11:37 fetching corpus: 5395, signal 164973/169432 (executing program) 2025/09/01 10:11:37 fetching corpus: 5445, signal 165380/169448 (executing program) 2025/09/01 10:11:37 fetching corpus: 5495, signal 165636/169518 (executing program) 2025/09/01 10:11:37 fetching corpus: 5545, signal 166177/169526 (executing program) 2025/09/01 10:11:37 fetching corpus: 5595, signal 166469/169535 (executing program) 2025/09/01 10:11:37 fetching corpus: 5625, signal 166681/169535 (executing program) 2025/09/01 10:11:37 fetching corpus: 5625, signal 166681/169535 (executing program) 2025/09/01 10:11:39 starting 8 fuzzer processes 10:11:39 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 10:11:39 executing program 1: renameat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0xffffffffffffffff, 0x0) 10:11:39 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x44840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2) 10:11:39 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) rmdir(&(0x7f0000000040)='./file0\x00') [ 72.291461] audit: type=1400 audit(1756721499.409:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:11:39 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:11:39 executing program 4: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000600), 0x1, 0x0) 10:11:39 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x4, 0x0, 0x0) 10:11:39 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind(r0, &(0x7f0000003280)=@vsock={0x28, 0x0, 0x0, @local}, 0x80) [ 73.425824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.428863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.431243] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.435826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.440506] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.487008] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.492362] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.494187] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.496916] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.498878] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.553989] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.557293] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.558683] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.563086] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.564930] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.567037] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.568686] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.574596] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.581378] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.583528] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.635829] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.641558] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.661450] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.663074] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.665181] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.666275] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.669952] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.675631] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.677001] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.682923] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.684622] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.688619] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.695600] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.708303] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.711854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.763724] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.767266] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.771637] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.795294] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.802463] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.521776] Bluetooth: hci1: command tx timeout [ 75.522350] Bluetooth: hci0: command tx timeout [ 75.649217] Bluetooth: hci2: command tx timeout [ 75.649267] Bluetooth: hci3: command tx timeout [ 75.777658] Bluetooth: hci6: command tx timeout [ 75.777706] Bluetooth: hci4: command tx timeout [ 75.841207] Bluetooth: hci5: command tx timeout [ 75.905228] Bluetooth: hci7: command tx timeout [ 77.568191] Bluetooth: hci1: command tx timeout [ 77.570190] Bluetooth: hci0: command tx timeout [ 77.697811] Bluetooth: hci2: command tx timeout [ 77.697827] Bluetooth: hci3: command tx timeout [ 77.824184] Bluetooth: hci6: command tx timeout [ 77.824491] Bluetooth: hci4: command tx timeout [ 77.888167] Bluetooth: hci5: command tx timeout [ 77.952203] Bluetooth: hci7: command tx timeout [ 79.616237] Bluetooth: hci0: command tx timeout [ 79.616279] Bluetooth: hci1: command tx timeout [ 79.744334] Bluetooth: hci2: command tx timeout [ 79.745307] Bluetooth: hci3: command tx timeout [ 79.873154] Bluetooth: hci6: command tx timeout [ 79.873167] Bluetooth: hci4: command tx timeout [ 79.937174] Bluetooth: hci5: command tx timeout [ 80.001225] Bluetooth: hci7: command tx timeout [ 81.664235] Bluetooth: hci1: command tx timeout [ 81.667170] Bluetooth: hci0: command tx timeout [ 81.792259] Bluetooth: hci2: command tx timeout [ 81.793046] Bluetooth: hci3: command tx timeout [ 81.920244] Bluetooth: hci6: command tx timeout [ 81.921547] Bluetooth: hci4: command tx timeout [ 81.984333] Bluetooth: hci5: command tx timeout [ 82.049381] Bluetooth: hci7: command tx timeout [ 111.599669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.600465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.821842] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.822518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.125225] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.125849] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:12:19 executing program 1: renameat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0xffffffffffffffff, 0x0) [ 112.197930] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.198593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:12:19 executing program 1: renameat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0xffffffffffffffff, 0x0) [ 112.306513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.307561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:12:19 executing program 1: renameat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0xffffffffffffffff, 0x0) [ 112.398870] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.399616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:12:19 executing program 1: r0 = memfd_secret(0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) [ 112.450265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.450859] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:12:19 executing program 1: r0 = memfd_secret(0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 10:12:19 executing program 1: r0 = memfd_secret(0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 10:12:19 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) rmdir(&(0x7f0000000040)='./file0\x00') 10:12:19 executing program 1: r0 = memfd_secret(0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) [ 112.622785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.623496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.635010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.636065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.715081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.715729] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.759846] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.760550] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.808662] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.809429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.869657] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.870317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.932644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.933263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.993825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.994496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.027196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.027804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.170104] audit: type=1400 audit(1756721540.288:8): avc: denied { open } for pid=3906 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 113.175264] audit: type=1400 audit(1756721540.288:9): avc: denied { kernel } for pid=3906 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:12:20 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 10:12:20 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind(r0, &(0x7f0000003280)=@vsock={0x28, 0x0, 0x0, @local}, 0x80) 10:12:20 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) rmdir(&(0x7f0000000040)='./file0\x00') 10:12:20 executing program 1: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 10:12:20 executing program 4: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000600), 0x1, 0x0) 10:12:20 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:12:20 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x4, 0x0, 0x0) 10:12:20 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x44840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2) 10:12:20 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind(r0, &(0x7f0000003280)=@vsock={0x28, 0x0, 0x0, @local}, 0x80) 10:12:20 executing program 1: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 10:12:20 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) rmdir(&(0x7f0000000040)='./file0\x00') 10:12:20 executing program 4: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000600), 0x1, 0x0) 10:12:20 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:12:20 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x4, 0x0, 0x0) 10:12:20 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 10:12:20 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind(r0, &(0x7f0000003280)=@vsock={0x28, 0x0, 0x0, @local}, 0x80) 10:12:20 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:12:20 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:12:20 executing program 4: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000600), 0x1, 0x0) 10:12:20 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x44840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2) 10:12:20 executing program 1: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 10:12:20 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x4, 0x0, 0x0) 10:12:20 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x44840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2) 10:12:20 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:12:20 executing program 1: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 10:12:20 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00') recvmsg$unix(r0, 0x0, 0x0) 10:12:20 executing program 3: kexec_load(0x0, 0x1, &(0x7f00000013c0)=[{0x0, 0x0, 0x0, 0x3e0000000000}], 0x0) 10:12:20 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)) 10:12:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002500)=ANY=[@ANYBLOB="200000001300010000000000000000000700000002"], 0x20}], 0x1}, 0x0) 10:12:20 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'lo\x00', &(0x7f00000001c0)=@ethtool_gstrings={0x1b, 0x8}}) 10:12:20 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'lo\x00', &(0x7f00000001c0)=@ethtool_gstrings={0x1b, 0x8}}) 10:12:20 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fchown(r0, 0xffffffffffffffff, 0xffffffffffffffff) 10:12:20 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/35) 10:12:20 executing program 1: syz_emit_ethernet(0x136, &(0x7f00000001c0)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x100, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0x1d, "2a94000004ffbdaabb8cd5309bf220d0a49af1af9a2608a5f54f1971cf3d3ba94abd965ad3c687deca3eba10b52318114216a0dad2e5a23b2dd4153b6e8e60cf660a0201d21fa36a6aff628305dcc7bf2218c99d8813dd069b6bd7b1bbeaf381c6965646e78418be54db5eedf4c7e781ba79b112c040913a2088aff1c33cc139fc8708c9b09949c719e69fe6ad9f6c8faadf1048875ebcfca8cb62aa9bd062e32e551a70bd9176b560d98ea580a6ea18892dc6b50d5a20fc413ea5948a909387f73e28288cd1e4e12cdc744b48d1e2cdab6c6974408e73e66a0f446cd1a093d67fb1dd35f4f27a010b1c"}, {0x0, 0x0, "eb50"}]}}}}}}, 0x0) 10:12:20 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={[0x10000]}, 0x8) 10:12:20 executing program 3: kexec_load(0x0, 0x1, &(0x7f00000013c0)=[{0x0, 0x0, 0x0, 0x3e0000000000}], 0x0) 10:12:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002500)=ANY=[@ANYBLOB="200000001300010000000000000000000700000002"], 0x20}], 0x1}, 0x0) 10:12:20 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'lo\x00', &(0x7f00000001c0)=@ethtool_gstrings={0x1b, 0x8}}) [ 113.750821] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 113.751777] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 113.752392] CPU: 0 UID: 0 PID: 3977 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.754747] Tainted: [W]=WARN [ 113.755436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.757221] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.758723] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.762581] RSP: 0018:ffff8880477d7780 EFLAGS: 00010012 [ 113.763015] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000521a000 [ 113.763586] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 113.764160] RBP: ffff8880477d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16298 [ 113.764731] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.765303] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.765879] FS: 00007f09a8ba0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.766540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.767005] CR2: 00007f09a8b9fd58 CR3: 000000001f81f000 CR4: 0000000000350ef0 [ 113.767585] Call Trace: [ 113.767800] [ 113.767987] ? __pfx_perf_tp_event+0x10/0x10 [ 113.768356] ? lock_acquire+0x15e/0x2f0 [ 113.768682] ? __is_insn_slot_addr+0x2e/0x290 [ 113.769059] ? find_held_lock+0x2b/0x80 [ 113.769390] ? __is_insn_slot_addr+0x136/0x290 [ 113.769767] ? lock_release+0xc8/0x290 [ 113.770094] ? __is_insn_slot_addr+0x140/0x290 [ 113.770480] ? kernel_text_address+0x5b/0xc0 [ 113.770842] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 113.771293] ? __kernel_text_address+0xd/0x40 [ 113.771659] ? unwind_get_return_address+0x59/0xa0 [ 113.772068] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 113.772506] ? arch_stack_walk+0x9c/0xf0 [ 113.772838] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.773247] perf_trace_run_bpf_submit+0xef/0x180 [ 113.773650] perf_trace_preemptirq_template+0x259/0x430 [ 113.774082] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.774571] ? _raw_spin_lock_irqsave+0x53/0x60 [ 113.774955] trace_irq_disable.constprop.0+0xa6/0x100 [ 113.775368] _raw_spin_lock_irqsave+0x53/0x60 [ 113.775740] try_to_wake_up+0xa0/0x11d0 [ 113.776067] ? __pfx_try_to_wake_up+0x10/0x10 [ 113.776433] ? plist_del+0x122/0x270 [ 113.776739] ? find_held_lock+0x2b/0x80 [ 113.777064] ? futex_wake+0x474/0x540 [ 113.777379] wake_up_q+0xa1/0x130 [ 113.777667] futex_wake+0x47e/0x540 [ 113.777977] ? __pfx_futex_wake+0x10/0x10 [ 113.778332] ? kmem_cache_free+0x2a1/0x540 [ 113.778676] ? fd_install+0x1d8/0x660 [ 113.778987] ? putname.part.0+0x11b/0x160 [ 113.779330] do_futex+0x26d/0x370 [ 113.779617] ? __pfx_do_futex+0x10/0x10 [ 113.779944] __x64_sys_futex+0x1c9/0x4d0 [ 113.780278] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.780747] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.781133] do_syscall_64+0xbf/0x360 [ 113.781444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.781860] RIP: 0033:0x7f09ab62ab19 [ 113.782168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.783622] RSP: 002b:00007f09a8ba0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.784238] RAX: ffffffffffffffda RBX: 00007f09ab73df68 RCX: 00007f09ab62ab19 [ 113.784806] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f09ab73df6c [ 113.785384] RBP: 00007f09ab73df60 R08: 000000000000000e R09: 0000000000000000 [ 113.785953] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f09ab73df6c [ 113.786531] R13: 00007ffd593c574f R14: 00007f09a8ba0300 R15: 0000000000022000 [ 113.787109] [ 113.787301] Modules linked in: [ 113.787565] ---[ end trace 0000000000000000 ]--- [ 113.787939] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.788329] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.789777] RSP: 0018:ffff8880477d7780 EFLAGS: 00010012 [ 113.790207] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000521a000 [ 113.790780] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 113.791353] RBP: ffff8880477d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16298 [ 113.791918] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.792488] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.793059] FS: 00007f09a8ba0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.793701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.794165] CR2: 00007f09a8b9fd58 CR3: 000000001f81f000 CR4: 0000000000350ef0 [ 113.794748] note: syz-executor.2[3977] exited with irqs disabled [ 113.795301] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 113.796191] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 113.796800] CPU: 0 UID: 0 PID: 3977 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.797759] Tainted: [D]=DIE, [W]=WARN [ 113.798067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.798736] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.799124] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.800570] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010012 [ 113.800999] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 113.801572] RDX: ffff888013dad280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 113.802142] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc16298 [ 113.802721] R10: 0000000000000000 R11: ffff88801edf6498 R12: dffffc0000000000 [ 113.803289] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 113.803859] FS: 00007f09a8ba0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.804503] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.804971] CR2: 00007f09a8b9fd58 CR3: 000000001f81f000 CR4: 0000000000350ef0 [ 113.805541] Call Trace: [ 113.805755] [ 113.805940] ? __pfx_perf_tp_event+0x10/0x10 [ 113.806311] ? trace_pelt_se_tp+0xdf/0x130 [ 113.806656] ? __update_load_avg_cfs_rq+0x636/0x950 [ 113.807074] ? update_load_avg+0x17d/0x1ef0 [ 113.807425] ? check_preempt_wakeup_fair+0x6e/0x950 [ 113.807833] ? lock_release+0x1c7/0x290 [ 113.808155] ? lock_release+0x1c7/0x290 [ 113.808480] ? do_raw_spin_unlock+0x53/0x220 [ 113.808843] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 113.809258] ? try_to_wake_up+0x8ae/0x11d0 [ 113.809607] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.810016] ? lock_release+0x1c7/0x290 [ 113.810349] perf_trace_run_bpf_submit+0xef/0x180 [ 113.810748] perf_trace_preemptirq_template+0x259/0x430 [ 113.811180] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.811654] ? read_tsc+0x9/0x20 [ 113.811942] ? ktime_get+0x16d/0x270 [ 113.812254] ? __pfx_lapic_next_deadline+0x10/0x10 [ 113.812660] ? clockevents_program_event+0x135/0x360 [ 113.813078] ? _raw_spin_lock_irq+0x42/0x50 [ 113.813433] trace_irq_disable.constprop.0+0xa6/0x100 [ 113.813849] _raw_spin_lock_irq+0x42/0x50 [ 113.814191] run_timer_softirq+0x10f/0x210 [ 113.814548] handle_softirqs+0x1b1/0x770 [ 113.814891] __irq_exit_rcu+0xc4/0x100 [ 113.815214] irq_exit_rcu+0x9/0x20 [ 113.815505] sysvec_apic_timer_interrupt+0x70/0x80 [ 113.815909] [ 113.816095] [ 113.816282] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.816706] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 113.817088] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 113.818556] RSP: 0018:ffff8880477d7f28 EFLAGS: 00000246 [ 113.818983] RAX: 0000000000000001 RBX: ffff888013dad280 RCX: ffffffff817c3ab6 [ 113.819554] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 113.820128] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 113.820699] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888013dad280 [ 113.821270] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 113.821842] ? trace_irq_enable.constprop.0+0x26/0x100 [ 113.822276] ? make_task_dead+0x214/0x3b0 [ 113.822621] ? make_task_dead+0x214/0x3b0 [ 113.822958] ? do_syscall_64+0xbf/0x360 [ 113.823292] rewind_stack_and_make_dead+0x16/0x20 [ 113.823691] RIP: 0033:0x7f09ab62ab19 [ 113.823993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.825442] RSP: 002b:00007f09a8ba0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.826055] RAX: ffffffffffffffda RBX: 00007f09ab73df68 RCX: 00007f09ab62ab19 [ 113.826639] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f09ab73df6c [ 113.827208] RBP: 00007f09ab73df60 R08: 000000000000000e R09: 0000000000000000 [ 113.827779] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f09ab73df6c [ 113.828349] R13: 00007ffd593c574f R14: 00007f09a8ba0300 R15: 0000000000022000 [ 113.828923] [ 113.829115] Modules linked in: [ 113.829377] ---[ end trace 0000000000000000 ]--- [ 113.829754] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.830144] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.831593] RSP: 0018:ffff8880477d7780 EFLAGS: 00010012 [ 113.832024] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000521a000 [ 113.832594] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 113.833167] RBP: ffff8880477d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16298 [ 113.833739] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.834312] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.834885] FS: 00007f09a8ba0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.835539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.836005] CR2: 00007f09a8b9fd58 CR3: 000000001f81f000 CR4: 0000000000350ef0 [ 113.836582] Kernel panic - not syncing: Fatal exception in interrupt [ 113.837279] Kernel Offset: disabled [ 113.837576] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:12:21 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880477d7080 R8 =0000000000000000 R9 =ffffed1001ced046 R10=00000000000fe503 R11=30376578302f4952 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f09a8ba0700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f09a8b9fd58 CR3=000000001f81f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=23232323232323232323232323232323 XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=ffffffffffffffffffffffffffffffff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff819cef3f RDX=ffff888015c1b700 RSI=0000000000000001 RDI=0000000000000000 RBP=1ffff11002c2fec5 RSP=ffff88801617f620 R8 =0000000000000000 R9 =fffff94000214030 R10=8000000042807007 R11=0000000000000000 R12=8000000042807007 R13=ffff88800dc10140 R14=00007f784972d000 R15=0000000000000000 RIP=ffffffff8173f218 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555577ab3400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555588576708 CR3=00000000455a0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000