Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:15389' (ECDSA) to the list of known hosts. 2025/09/01 10:25:38 fuzzer started 2025/09/01 10:25:39 dialing manager at localhost:35473 syzkaller login: [ 43.558124] cgroup: Unknown subsys name 'net' [ 43.596659] cgroup: Unknown subsys name 'cpuset' [ 43.604729] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:25:48 syscalls: 2214 2025/09/01 10:25:48 code coverage: enabled 2025/09/01 10:25:48 comparison tracing: enabled 2025/09/01 10:25:48 extra coverage: enabled 2025/09/01 10:25:48 setuid sandbox: enabled 2025/09/01 10:25:48 namespace sandbox: enabled 2025/09/01 10:25:48 Android sandbox: enabled 2025/09/01 10:25:48 fault injection: enabled 2025/09/01 10:25:48 leak checking: enabled 2025/09/01 10:25:48 net packet injection: enabled 2025/09/01 10:25:48 net device setup: enabled 2025/09/01 10:25:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:25:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:25:48 USB emulation: enabled 2025/09/01 10:25:48 hci packet injection: enabled 2025/09/01 10:25:48 wifi device emulation: enabled 2025/09/01 10:25:48 802.15.4 emulation: enabled 2025/09/01 10:25:48 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:25:48 fetching corpus: 50, signal 21650/25142 (executing program) 2025/09/01 10:25:48 fetching corpus: 100, signal 33574/38435 (executing program) 2025/09/01 10:25:49 fetching corpus: 150, signal 42959/48992 (executing program) 2025/09/01 10:25:49 fetching corpus: 200, signal 48540/55728 (executing program) 2025/09/01 10:25:49 fetching corpus: 250, signal 56205/64266 (executing program) 2025/09/01 10:25:49 fetching corpus: 300, signal 61817/70723 (executing program) 2025/09/01 10:25:49 fetching corpus: 350, signal 64723/74649 (executing program) 2025/09/01 10:25:49 fetching corpus: 400, signal 69177/79905 (executing program) 2025/09/01 10:25:49 fetching corpus: 450, signal 71111/82831 (executing program) 2025/09/01 10:25:49 fetching corpus: 500, signal 73710/86274 (executing program) 2025/09/01 10:25:49 fetching corpus: 550, signal 76536/89870 (executing program) 2025/09/01 10:25:49 fetching corpus: 600, signal 78637/92765 (executing program) 2025/09/01 10:25:49 fetching corpus: 650, signal 81186/95989 (executing program) 2025/09/01 10:25:50 fetching corpus: 700, signal 82735/98372 (executing program) 2025/09/01 10:25:50 fetching corpus: 750, signal 84920/101187 (executing program) 2025/09/01 10:25:50 fetching corpus: 800, signal 87413/104227 (executing program) 2025/09/01 10:25:50 fetching corpus: 850, signal 88889/106376 (executing program) 2025/09/01 10:25:50 fetching corpus: 900, signal 91049/109055 (executing program) 2025/09/01 10:25:50 fetching corpus: 950, signal 92172/110862 (executing program) 2025/09/01 10:25:50 fetching corpus: 1000, signal 94291/113433 (executing program) 2025/09/01 10:25:50 fetching corpus: 1050, signal 95702/115452 (executing program) 2025/09/01 10:25:50 fetching corpus: 1100, signal 96661/117084 (executing program) 2025/09/01 10:25:50 fetching corpus: 1150, signal 98417/119257 (executing program) 2025/09/01 10:25:50 fetching corpus: 1200, signal 99789/121129 (executing program) 2025/09/01 10:25:50 fetching corpus: 1250, signal 101334/123060 (executing program) 2025/09/01 10:25:50 fetching corpus: 1300, signal 103187/125159 (executing program) 2025/09/01 10:25:51 fetching corpus: 1350, signal 104691/126984 (executing program) 2025/09/01 10:25:51 fetching corpus: 1400, signal 105920/128573 (executing program) 2025/09/01 10:25:51 fetching corpus: 1450, signal 107887/130628 (executing program) 2025/09/01 10:25:51 fetching corpus: 1500, signal 109303/132315 (executing program) 2025/09/01 10:25:51 fetching corpus: 1550, signal 111207/134325 (executing program) 2025/09/01 10:25:51 fetching corpus: 1600, signal 112218/135703 (executing program) 2025/09/01 10:25:51 fetching corpus: 1650, signal 114989/138141 (executing program) 2025/09/01 10:25:51 fetching corpus: 1700, signal 116778/139903 (executing program) 2025/09/01 10:25:51 fetching corpus: 1750, signal 117917/141228 (executing program) 2025/09/01 10:25:51 fetching corpus: 1800, signal 119118/142586 (executing program) 2025/09/01 10:25:52 fetching corpus: 1850, signal 120189/143836 (executing program) 2025/09/01 10:25:52 fetching corpus: 1900, signal 121159/144995 (executing program) 2025/09/01 10:25:52 fetching corpus: 1950, signal 122517/146317 (executing program) 2025/09/01 10:25:52 fetching corpus: 2000, signal 123311/147373 (executing program) 2025/09/01 10:25:52 fetching corpus: 2050, signal 124315/148518 (executing program) 2025/09/01 10:25:52 fetching corpus: 2100, signal 125236/149593 (executing program) 2025/09/01 10:25:52 fetching corpus: 2150, signal 125853/150441 (executing program) 2025/09/01 10:25:52 fetching corpus: 2200, signal 126756/151448 (executing program) 2025/09/01 10:25:52 fetching corpus: 2250, signal 127856/152558 (executing program) 2025/09/01 10:25:52 fetching corpus: 2300, signal 128584/153403 (executing program) 2025/09/01 10:25:52 fetching corpus: 2350, signal 129443/154335 (executing program) 2025/09/01 10:25:53 fetching corpus: 2400, signal 130314/155235 (executing program) 2025/09/01 10:25:53 fetching corpus: 2450, signal 130943/156046 (executing program) 2025/09/01 10:25:53 fetching corpus: 2500, signal 131458/156808 (executing program) 2025/09/01 10:25:53 fetching corpus: 2550, signal 131964/157562 (executing program) 2025/09/01 10:25:53 fetching corpus: 2600, signal 132641/158271 (executing program) 2025/09/01 10:25:53 fetching corpus: 2650, signal 133243/158995 (executing program) 2025/09/01 10:25:53 fetching corpus: 2700, signal 134041/159770 (executing program) 2025/09/01 10:25:53 fetching corpus: 2750, signal 134555/160433 (executing program) 2025/09/01 10:25:53 fetching corpus: 2800, signal 135368/161193 (executing program) 2025/09/01 10:25:53 fetching corpus: 2850, signal 136276/161986 (executing program) 2025/09/01 10:25:54 fetching corpus: 2900, signal 136934/162622 (executing program) 2025/09/01 10:25:54 fetching corpus: 2950, signal 137755/163345 (executing program) 2025/09/01 10:25:54 fetching corpus: 3000, signal 138121/163871 (executing program) 2025/09/01 10:25:54 fetching corpus: 3050, signal 138974/164522 (executing program) 2025/09/01 10:25:54 fetching corpus: 3100, signal 139644/165095 (executing program) 2025/09/01 10:25:54 fetching corpus: 3150, signal 140426/165705 (executing program) 2025/09/01 10:25:54 fetching corpus: 3200, signal 140809/166222 (executing program) 2025/09/01 10:25:54 fetching corpus: 3250, signal 141327/166758 (executing program) 2025/09/01 10:25:54 fetching corpus: 3300, signal 142210/167330 (executing program) 2025/09/01 10:25:54 fetching corpus: 3350, signal 143106/167896 (executing program) 2025/09/01 10:25:54 fetching corpus: 3400, signal 143649/168383 (executing program) 2025/09/01 10:25:54 fetching corpus: 3450, signal 144246/168877 (executing program) 2025/09/01 10:25:55 fetching corpus: 3500, signal 145303/169453 (executing program) 2025/09/01 10:25:55 fetching corpus: 3550, signal 145964/169931 (executing program) 2025/09/01 10:25:55 fetching corpus: 3600, signal 146609/170382 (executing program) 2025/09/01 10:25:55 fetching corpus: 3650, signal 147154/170803 (executing program) 2025/09/01 10:25:55 fetching corpus: 3700, signal 147608/171217 (executing program) 2025/09/01 10:25:55 fetching corpus: 3750, signal 148049/171616 (executing program) 2025/09/01 10:25:55 fetching corpus: 3800, signal 148667/172002 (executing program) 2025/09/01 10:25:55 fetching corpus: 3850, signal 149671/172445 (executing program) 2025/09/01 10:25:55 fetching corpus: 3900, signal 150168/172837 (executing program) 2025/09/01 10:25:55 fetching corpus: 3950, signal 150698/173235 (executing program) 2025/09/01 10:25:56 fetching corpus: 4000, signal 151282/173539 (executing program) 2025/09/01 10:25:56 fetching corpus: 4050, signal 151781/173847 (executing program) 2025/09/01 10:25:56 fetching corpus: 4100, signal 152331/174159 (executing program) 2025/09/01 10:25:56 fetching corpus: 4150, signal 152774/174468 (executing program) 2025/09/01 10:25:56 fetching corpus: 4200, signal 153301/174742 (executing program) 2025/09/01 10:25:56 fetching corpus: 4250, signal 153785/174991 (executing program) 2025/09/01 10:25:56 fetching corpus: 4300, signal 154386/175005 (executing program) 2025/09/01 10:25:56 fetching corpus: 4350, signal 154993/175008 (executing program) 2025/09/01 10:25:56 fetching corpus: 4400, signal 155357/175020 (executing program) 2025/09/01 10:25:56 fetching corpus: 4450, signal 155790/175050 (executing program) 2025/09/01 10:25:56 fetching corpus: 4500, signal 156200/175091 (executing program) 2025/09/01 10:25:57 fetching corpus: 4550, signal 156527/175108 (executing program) 2025/09/01 10:25:57 fetching corpus: 4600, signal 156954/175109 (executing program) 2025/09/01 10:25:57 fetching corpus: 4650, signal 157398/175116 (executing program) 2025/09/01 10:25:57 fetching corpus: 4700, signal 158008/175122 (executing program) 2025/09/01 10:25:57 fetching corpus: 4750, signal 158494/175149 (executing program) 2025/09/01 10:25:57 fetching corpus: 4800, signal 159078/175181 (executing program) 2025/09/01 10:25:57 fetching corpus: 4850, signal 159422/175198 (executing program) 2025/09/01 10:25:57 fetching corpus: 4900, signal 159763/175206 (executing program) 2025/09/01 10:25:57 fetching corpus: 4950, signal 160218/175296 (executing program) 2025/09/01 10:25:57 fetching corpus: 5000, signal 160512/175306 (executing program) 2025/09/01 10:25:57 fetching corpus: 5050, signal 161029/175356 (executing program) 2025/09/01 10:25:58 fetching corpus: 5100, signal 161514/175365 (executing program) 2025/09/01 10:25:58 fetching corpus: 5150, signal 161953/175368 (executing program) 2025/09/01 10:25:58 fetching corpus: 5200, signal 162319/175371 (executing program) 2025/09/01 10:25:58 fetching corpus: 5250, signal 162647/175385 (executing program) 2025/09/01 10:25:58 fetching corpus: 5300, signal 163727/175408 (executing program) 2025/09/01 10:25:58 fetching corpus: 5350, signal 164081/175408 (executing program) 2025/09/01 10:25:58 fetching corpus: 5400, signal 164502/175416 (executing program) 2025/09/01 10:25:58 fetching corpus: 5450, signal 164905/175436 (executing program) 2025/09/01 10:25:58 fetching corpus: 5500, signal 165429/175463 (executing program) 2025/09/01 10:25:58 fetching corpus: 5550, signal 165973/175473 (executing program) 2025/09/01 10:25:58 fetching corpus: 5600, signal 166344/175473 (executing program) 2025/09/01 10:25:59 fetching corpus: 5650, signal 166733/175473 (executing program) 2025/09/01 10:25:59 fetching corpus: 5700, signal 167073/175478 (executing program) 2025/09/01 10:25:59 fetching corpus: 5750, signal 167723/175489 (executing program) 2025/09/01 10:25:59 fetching corpus: 5800, signal 168147/175491 (executing program) 2025/09/01 10:25:59 fetching corpus: 5850, signal 168598/175532 (executing program) 2025/09/01 10:25:59 fetching corpus: 5900, signal 169070/175620 (executing program) 2025/09/01 10:25:59 fetching corpus: 5950, signal 169511/175626 (executing program) 2025/09/01 10:25:59 fetching corpus: 6000, signal 169770/175634 (executing program) 2025/09/01 10:25:59 fetching corpus: 6050, signal 170234/175653 (executing program) 2025/09/01 10:25:59 fetching corpus: 6100, signal 170666/175662 (executing program) 2025/09/01 10:25:59 fetching corpus: 6150, signal 171067/175676 (executing program) 2025/09/01 10:26:00 fetching corpus: 6200, signal 171279/175677 (executing program) 2025/09/01 10:26:00 fetching corpus: 6250, signal 171545/175692 (executing program) 2025/09/01 10:26:00 fetching corpus: 6300, signal 171989/175697 (executing program) 2025/09/01 10:26:00 fetching corpus: 6350, signal 172437/175710 (executing program) 2025/09/01 10:26:00 fetching corpus: 6400, signal 172796/175721 (executing program) 2025/09/01 10:26:00 fetching corpus: 6402, signal 172801/175721 (executing program) 2025/09/01 10:26:00 fetching corpus: 6402, signal 172801/175721 (executing program) 2025/09/01 10:26:02 starting 8 fuzzer processes 10:26:02 executing program 0: timer_create(0x0, 0x0, &(0x7f0000000040)) 10:26:02 executing program 1: r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') symlinkat(&(0x7f0000000000)='./file0/file0\x00', r0, &(0x7f00000001c0)='./file0/file0\x00') 10:26:02 executing program 2: removexattr(0x0, &(0x7f0000000100)=@known='trusted.overlay.origin\x00') 10:26:02 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) [ 66.693536] audit: type=1400 audit(1756722362.311:7): avc: denied { execmem } for pid=270 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:26:02 executing program 6: syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4040) 10:26:02 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6adba0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000000180)="06000000000000000000000000000000000058", 0x13, 0x540}, {0x0, 0x0, 0x4400}], 0x0, &(0x7f0000000040)=ANY=[]) 10:26:02 executing program 4: iopl(0x3) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000000)) 10:26:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x14, 0x62, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) [ 67.890483] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.892914] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.895068] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.901863] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.903706] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.906234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.908899] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.913064] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.929587] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.938908] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.051209] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.088063] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.091809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.102057] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.108453] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.110180] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.113925] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.118485] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.132404] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.142142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.154105] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.160663] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.163611] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.163986] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.165062] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.168898] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.170170] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.172005] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.172700] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.175185] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.176574] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.186716] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.189123] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.203198] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.205646] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.208671] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.211564] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.223779] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.230468] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.233623] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.980904] Bluetooth: hci0: command tx timeout [ 69.981488] Bluetooth: hci1: command tx timeout [ 70.236380] Bluetooth: hci2: command tx timeout [ 70.237404] Bluetooth: hci3: command tx timeout [ 70.237842] Bluetooth: hci5: command tx timeout [ 70.300351] Bluetooth: hci7: command tx timeout [ 70.300830] Bluetooth: hci4: command tx timeout [ 70.301303] Bluetooth: hci6: command tx timeout [ 72.029117] Bluetooth: hci0: command tx timeout [ 72.029751] Bluetooth: hci1: command tx timeout [ 72.284552] Bluetooth: hci5: command tx timeout [ 72.285034] Bluetooth: hci3: command tx timeout [ 72.285639] Bluetooth: hci2: command tx timeout [ 72.348317] Bluetooth: hci6: command tx timeout [ 72.348768] Bluetooth: hci4: command tx timeout [ 72.349203] Bluetooth: hci7: command tx timeout [ 74.076393] Bluetooth: hci1: command tx timeout [ 74.076825] Bluetooth: hci0: command tx timeout [ 74.333308] Bluetooth: hci3: command tx timeout [ 74.333776] Bluetooth: hci2: command tx timeout [ 74.334211] Bluetooth: hci5: command tx timeout [ 74.396490] Bluetooth: hci7: command tx timeout [ 74.396946] Bluetooth: hci4: command tx timeout [ 74.398312] Bluetooth: hci6: command tx timeout [ 76.126394] Bluetooth: hci0: command tx timeout [ 76.126910] Bluetooth: hci1: command tx timeout [ 76.380349] Bluetooth: hci5: command tx timeout [ 76.380864] Bluetooth: hci2: command tx timeout [ 76.381362] Bluetooth: hci3: command tx timeout [ 76.444340] Bluetooth: hci7: command tx timeout [ 76.444844] Bluetooth: hci4: command tx timeout [ 76.445885] Bluetooth: hci6: command tx timeout [ 105.385377] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.386020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.568639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.569231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.018296] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=98 sclass=netlink_route_socket pid=3774 comm=syz-executor.5 [ 106.041572] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.042189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:26:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x14, 0x62, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) [ 106.138760] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=98 sclass=netlink_route_socket pid=3788 comm=syz-executor.5 10:26:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x14, 0x62, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) [ 106.196983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.197590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.229236] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=98 sclass=netlink_route_socket pid=3797 comm=syz-executor.5 10:26:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x14, 0x62, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) [ 106.324596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=98 sclass=netlink_route_socket pid=3804 comm=syz-executor.5 10:26:41 executing program 5: r0 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) [ 106.391471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.392050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:26:42 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000000c0)={0x5000000, 0xfffffffffffffffb}) [ 106.512661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.513236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.518392] audit: type=1400 audit(1756722402.134:8): avc: denied { open } for pid=3820 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 106.527595] audit: type=1400 audit(1756722402.135:9): avc: denied { kernel } for pid=3820 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:26:42 executing program 4: iopl(0x3) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000000)) 10:26:42 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000000c0)={0x5000000, 0xfffffffffffffffb}) 10:26:42 executing program 4: iopl(0x3) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000000)) [ 106.936005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.936663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.022065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.023248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.245834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.246470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.364036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.364700] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.551871] tmpfs: Unknown parameter './file0/file0' [ 107.668702] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.669992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.747090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.748171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.784051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.785164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.820118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.820877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.866616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.867845] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.890851] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.891647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.030319] loop7: detected capacity change from 0 to 68 [ 108.039075] EXT4-fs (loop7): filesystem too large to mount safely on this system 10:26:43 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) 10:26:43 executing program 2: removexattr(0x0, &(0x7f0000000100)=@known='trusted.overlay.origin\x00') 10:26:43 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) 10:26:43 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6adba0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000000180)="06000000000000000000000000000000000058", 0x13, 0x540}, {0x0, 0x0, 0x4400}], 0x0, &(0x7f0000000040)=ANY=[]) 10:26:43 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000000c0)={0x5000000, 0xfffffffffffffffb}) 10:26:43 executing program 6: iopl(0x3) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000000)) 10:26:43 executing program 1: mlockall(0x7) mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) 10:26:43 executing program 4: iopl(0x3) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000000)) [ 108.155202] loop7: detected capacity change from 0 to 68 10:26:43 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) [ 108.203781] EXT4-fs (loop7): filesystem too large to mount safely on this system 10:26:43 executing program 2: removexattr(0x0, &(0x7f0000000100)=@known='trusted.overlay.origin\x00') 10:26:43 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000000c0)={0x5000000, 0xfffffffffffffffb}) 10:26:43 executing program 6: iopl(0x3) syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000000)) 10:26:43 executing program 1: mlockall(0x7) mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) 10:26:43 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) 10:26:43 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6adba0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000000180)="06000000000000000000000000000000000058", 0x13, 0x540}, {0x0, 0x0, 0x4400}], 0x0, &(0x7f0000000040)=ANY=[]) 10:26:43 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) 10:26:43 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0) close(r1) sendmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x2, 0x0) [ 108.373830] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 108.374735] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 108.375435] CPU: 0 UID: 0 PID: 3935 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.377106] Tainted: [W]=WARN [ 108.377868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.379591] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.380415] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.384966] RSP: 0018:ffff8880453a7800 EFLAGS: 00010212 [ 108.386109] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 108.386660] RDX: ffff888044ae0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 108.387211] RBP: ffff8880453a7a70 R08: ffff88806ce31340 R09: ffffe8ffffc15168 [ 108.387763] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 108.388316] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 108.388877] FS: 000055556d002400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.389498] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.389947] CR2: 000055556d003c18 CR3: 000000000c58d000 CR4: 0000000000350ef0 [ 108.390500] Call Trace: [ 108.390705] [ 108.390889] ? arch_scale_cpu_capacity+0x17/0xa0 [ 108.391273] ? __pfx_perf_tp_event+0x10/0x10 [ 108.391622] ? __asan_memset+0x24/0x50 [ 108.391945] ? perf_trace_lock+0xb5/0x5d0 [ 108.392282] ? kvm_sched_clock_read+0x16/0x30 [ 108.392647] ? sched_clock+0x37/0x60 [ 108.392954] ? perf_trace_run_bpf_submit+0xef/0x180 [ 108.393347] perf_trace_run_bpf_submit+0xef/0x180 [ 108.393732] perf_trace_lock+0x337/0x5d0 [ 108.394055] ? __pfx_perf_trace_lock+0x10/0x10 [ 108.394418] ? lock_acquire+0x15e/0x2f0 [ 108.394734] ? futex_ref_get+0x48/0x300 [ 108.395048] ? futex_ref_get+0x114/0x300 [ 108.395365] ? futex_hash+0x15c/0x390 [ 108.395666] lock_release+0x1ab/0x290 [ 108.395971] ? futex_hash+0x15c/0x390 [ 108.396271] futex_ref_get+0x119/0x300 [ 108.396584] ? futex_hash+0x15c/0x390 [ 108.396882] futex_hash+0x70/0x390 [ 108.397168] futex_wake+0x143/0x540 [ 108.397461] ? put_pid+0x1f/0x30 [ 108.397732] ? kernel_clone+0x204/0x7f0 [ 108.398044] ? __pfx_futex_wake+0x10/0x10 [ 108.398373] ? __pfx_kernel_clone+0x10/0x10 [ 108.398711] ? perf_trace_lock+0xb5/0x5d0 [ 108.399039] do_futex+0x26d/0x370 [ 108.399318] ? __pfx_do_futex+0x10/0x10 [ 108.399631] ? __pfx___do_sys_clone+0x10/0x10 [ 108.399984] ? find_held_lock+0x2b/0x80 [ 108.400304] __x64_sys_futex+0x1c9/0x4d0 [ 108.400631] ? __pfx___x64_sys_futex+0x10/0x10 [ 108.400994] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 108.401405] do_syscall_64+0xbf/0x360 [ 108.401706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.402107] RIP: 0033:0x7f7ad8288b19 [ 108.402399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.403789] RSP: 002b:00007ffe4ef4a8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 108.404376] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7ad8288b19 [ 108.404929] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7ad839bf68 [ 108.405478] RBP: 00007f7ad839bf60 R08: 00007f7ad57fe700 R09: 0000000000000000 [ 108.406025] R10: 00007f7ad57fe700 R11: 0000000000000246 R12: 00007f7ad83a0a68 [ 108.406576] R13: 00007ffe4ef4a9b0 R14: 00007f7ad839bf60 R15: 000000000001a6ea [ 108.407132] [ 108.407318] Modules linked in: [ 108.407601] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 108.408452] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 108.409191] CPU: 0 UID: 0 PID: 3935 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.410108] Tainted: [D]=DIE, [W]=WARN [ 108.410407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.411042] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.411412] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.412821] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 108.413233] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 108.413782] RDX: ffff888044ae0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 108.414330] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15168 [ 108.414881] R10: 0000000000000000 R11: 0000000000155cc0 R12: dffffc0000000000 [ 108.415431] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 108.415979] FS: 000055556d002400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.416607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.417057] CR2: 000055556d003c18 CR3: 000000000c58d000 CR4: 0000000000350ef0 [ 108.417606] Call Trace: [ 108.417810] [ 108.417989] ? __pfx_perf_tp_event+0x10/0x10 [ 108.418344] ? stack_depot_save_flags+0x2c/0xa20 [ 108.418719] ? kasan_save_stack+0x34/0x50 [ 108.419053] ? kasan_save_stack+0x24/0x50 [ 108.419379] ? kasan_save_track+0x14/0x30 [ 108.419704] ? __kasan_save_free_info+0x3a/0x60 [ 108.420070] ? __kasan_slab_free+0x3f/0x50 [ 108.420404] ? kmem_cache_free+0x2a1/0x540 [ 108.420742] ? rcu_core+0x7c8/0x1800 [ 108.421043] ? handle_softirqs+0x1b1/0x770 [ 108.421383] ? __irq_exit_rcu+0xc4/0x100 [ 108.421706] ? irq_exit_rcu+0x9/0x20 [ 108.421997] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 108.422395] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 108.422817] ? __rcu_read_unlock+0x105/0x4b0 [ 108.423163] ? unwind_next_frame+0x3bc/0x2540 [ 108.423524] ? arch_stack_walk+0x86/0xf0 [ 108.423843] ? stack_trace_save+0x8e/0xc0 [ 108.424171] ? set_track_prepare+0x35/0x70 [ 108.424506] ? __alloc_object+0xf0/0x2c0 [ 108.424840] ? __create_object+0x1d/0x80 [ 108.425162] ? kmem_cache_alloc_noprof+0x414/0x690 [ 108.425547] ? mas_alloc_nodes+0x432/0x8f0 [ 108.425888] ? kvm_sched_clock_read+0x16/0x30 [ 108.426245] ? sched_clock+0x37/0x60 [ 108.426542] ? sched_clock_cpu+0x6c/0x4e0 [ 108.426872] ? perf_trace_run_bpf_submit+0xef/0x180 [ 108.427272] perf_trace_run_bpf_submit+0xef/0x180 [ 108.427657] perf_trace_lock+0x337/0x5d0 [ 108.427979] ? update_cfs_group+0x11d/0x260 [ 108.428320] ? kvm_sched_clock_read+0x16/0x30 [ 108.428684] ? __pfx_perf_trace_lock+0x10/0x10 [ 108.429045] ? check_preempt_wakeup_fair+0x6e/0x950 [ 108.429440] ? sched_ttwu_pending+0x2e0/0x4a0 [ 108.429799] lock_release+0x1ab/0x290 [ 108.430098] ? ttwu_do_activate+0x1a4/0x8a0 [ 108.430441] _raw_spin_unlock+0x16/0x40 [ 108.430756] sched_ttwu_pending+0x2e0/0x4a0 [ 108.431100] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 108.431482] ? flush_tlb_func+0x3eb/0x560 [ 108.431810] __flush_smp_call_function_queue+0x434/0x740 [ 108.432239] __sysvec_call_function_single+0x6d/0x370 [ 108.432656] sysvec_call_function_single+0xa1/0xc0 [ 108.433046] [ 108.433227] [ 108.433406] asm_sysvec_call_function_single+0x1a/0x20 [ 108.433816] RIP: 0010:oops_exit+0x0/0x50 [ 108.434137] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 108.435532] RSP: 0018:ffff8880453a7690 EFLAGS: 00000202 [ 108.435946] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 108.436495] RDX: ffff888044ae0000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 108.437050] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 108.437600] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880453a7758 [ 108.438150] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 108.438701] ? add_taint+0x5f/0xd0 [ 108.438984] ? oops_end+0x4a/0xe0 [ 108.439271] oops_end+0x65/0xe0 [ 108.439542] exc_general_protection+0x1a2/0x330 [ 108.439913] asm_exc_general_protection+0x26/0x30 [ 108.440291] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.440664] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.442063] RSP: 0018:ffff8880453a7800 EFLAGS: 00010212 [ 108.442477] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 108.443028] RDX: ffff888044ae0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 108.443581] RBP: ffff8880453a7a70 R08: ffff88806ce31340 R09: ffffe8ffffc15168 [ 108.444128] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 108.444691] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 108.445247] ? perf_tp_event+0x167/0xe70 [ 108.445575] ? arch_scale_cpu_capacity+0x17/0xa0 [ 108.445953] ? __pfx_perf_tp_event+0x10/0x10 [ 108.446303] ? __asan_memset+0x24/0x50 [ 108.446622] ? perf_trace_lock+0xb5/0x5d0 [ 108.446950] ? kvm_sched_clock_read+0x16/0x30 [ 108.447308] ? sched_clock+0x37/0x60 [ 108.447611] ? perf_trace_run_bpf_submit+0xef/0x180 [ 108.448006] perf_trace_run_bpf_submit+0xef/0x180 [ 108.448391] perf_trace_lock+0x337/0x5d0 [ 108.448721] ? __pfx_perf_trace_lock+0x10/0x10 [ 108.449085] ? lock_acquire+0x15e/0x2f0 [ 108.449399] ? futex_ref_get+0x48/0x300 [ 108.449711] ? futex_ref_get+0x114/0x300 [ 108.450028] ? futex_hash+0x15c/0x390 [ 108.450331] lock_release+0x1ab/0x290 [ 108.450634] ? futex_hash+0x15c/0x390 [ 108.450934] futex_ref_get+0x119/0x300 [ 108.451242] ? futex_hash+0x15c/0x390 [ 108.451542] futex_hash+0x70/0x390 [ 108.451827] futex_wake+0x143/0x540 [ 108.452118] ? put_pid+0x1f/0x30 [ 108.452386] ? kernel_clone+0x204/0x7f0 [ 108.452710] ? __pfx_futex_wake+0x10/0x10 [ 108.453041] ? __pfx_kernel_clone+0x10/0x10 [ 108.453382] ? perf_trace_lock+0xb5/0x5d0 [ 108.453712] do_futex+0x26d/0x370 [ 108.453990] ? __pfx_do_futex+0x10/0x10 [ 108.454305] ? __pfx___do_sys_clone+0x10/0x10 [ 108.454656] ? find_held_lock+0x2b/0x80 [ 108.454975] __x64_sys_futex+0x1c9/0x4d0 [ 108.455297] ? __pfx___x64_sys_futex+0x10/0x10 [ 108.455664] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 108.456077] do_syscall_64+0xbf/0x360 [ 108.456378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.456782] RIP: 0033:0x7f7ad8288b19 [ 108.457073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.458468] RSP: 002b:00007ffe4ef4a8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 108.459055] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7ad8288b19 [ 108.459608] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7ad839bf68 [ 108.460159] RBP: 00007f7ad839bf60 R08: 00007f7ad57fe700 R09: 0000000000000000 [ 108.460717] R10: 00007f7ad57fe700 R11: 0000000000000246 R12: 00007f7ad83a0a68 [ 108.461268] R13: 00007ffe4ef4a9b0 R14: 00007f7ad839bf60 R15: 000000000001a6ea [ 108.461826] [ 108.462014] Modules linked in: [ 108.462272] ---[ end trace 0000000000000000 ]--- [ 108.462637] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.463006] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.464404] RSP: 0018:ffff8880453a7800 EFLAGS: 00010212 [ 108.464828] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 108.465378] RDX: ffff888044ae0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 108.465925] RBP: ffff8880453a7a70 R08: ffff88806ce31340 R09: ffffe8ffffc15168 [ 108.466477] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 108.467026] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 108.467577] FS: 000055556d002400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.468198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.468656] CR2: 000055556d003c18 CR3: 000000000c58d000 CR4: 0000000000350ef0 [ 108.469211] Kernel panic - not syncing: Fatal exception in interrupt [ 109.513624] Shutting down cpus with NMI [ 109.514203] Kernel Offset: disabled [ 109.514496] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:26:44 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880453a70f0 R8 =0000000000000000 R9 =ffffed10013f5046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556d002400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055556d003c18 CR3=000000000c58d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7ad836f7c000007f7ad836f7c8 XMM02=00007f7ad836f7e000007f7ad836f7c0 XMM03=00007f7ad836f7c800007f7ad836f7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000001687 RBX=ffff88806ce3de20 RCX=ffffc9000088e000 RDX=0000000000040000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880171678d8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7ad57fe700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe0b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7ad839c018 CR3=000000000c58d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7ad836f7c000007f7ad836f7c8 XMM02=00007f7ad836f7e000007f7ad836f7c0 XMM03=00007f7ad836f7c800007f7ad836f7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000