Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:43403' (ECDSA) to the list of known hosts. 2025/09/01 10:38:34 fuzzer started 2025/09/01 10:38:34 dialing manager at localhost:35473 syzkaller login: [ 51.440580] cgroup: Unknown subsys name 'net' [ 51.483305] cgroup: Unknown subsys name 'cpuset' [ 51.492502] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:38:44 syscalls: 2214 2025/09/01 10:38:44 code coverage: enabled 2025/09/01 10:38:44 comparison tracing: enabled 2025/09/01 10:38:44 extra coverage: enabled 2025/09/01 10:38:44 setuid sandbox: enabled 2025/09/01 10:38:44 namespace sandbox: enabled 2025/09/01 10:38:44 Android sandbox: enabled 2025/09/01 10:38:44 fault injection: enabled 2025/09/01 10:38:44 leak checking: enabled 2025/09/01 10:38:44 net packet injection: enabled 2025/09/01 10:38:44 net device setup: enabled 2025/09/01 10:38:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:38:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:38:44 USB emulation: enabled 2025/09/01 10:38:44 hci packet injection: enabled 2025/09/01 10:38:44 wifi device emulation: enabled 2025/09/01 10:38:44 802.15.4 emulation: enabled 2025/09/01 10:38:44 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:38:44 fetching corpus: 50, signal 20822/24384 (executing program) 2025/09/01 10:38:44 fetching corpus: 100, signal 27121/32202 (executing program) 2025/09/01 10:38:45 fetching corpus: 150, signal 34702/41121 (executing program) 2025/09/01 10:38:45 fetching corpus: 200, signal 41207/48875 (executing program) 2025/09/01 10:38:45 fetching corpus: 250, signal 48630/57345 (executing program) 2025/09/01 10:38:45 fetching corpus: 300, signal 51942/61859 (executing program) 2025/09/01 10:38:45 fetching corpus: 350, signal 56503/67473 (executing program) 2025/09/01 10:38:45 fetching corpus: 400, signal 61097/72965 (executing program) 2025/09/01 10:38:45 fetching corpus: 450, signal 66390/78995 (executing program) 2025/09/01 10:38:45 fetching corpus: 500, signal 69902/83354 (executing program) 2025/09/01 10:38:45 fetching corpus: 550, signal 73336/87579 (executing program) 2025/09/01 10:38:46 fetching corpus: 600, signal 79588/94120 (executing program) 2025/09/01 10:38:46 fetching corpus: 650, signal 82862/97989 (executing program) 2025/09/01 10:38:46 fetching corpus: 700, signal 84840/100760 (executing program) 2025/09/01 10:38:46 fetching corpus: 750, signal 88637/104954 (executing program) 2025/09/01 10:38:46 fetching corpus: 800, signal 90328/107367 (executing program) 2025/09/01 10:38:46 fetching corpus: 850, signal 92552/110174 (executing program) 2025/09/01 10:38:46 fetching corpus: 900, signal 94661/112802 (executing program) 2025/09/01 10:38:46 fetching corpus: 950, signal 96819/115452 (executing program) 2025/09/01 10:38:47 fetching corpus: 1000, signal 99699/118630 (executing program) 2025/09/01 10:38:47 fetching corpus: 1050, signal 101570/120948 (executing program) 2025/09/01 10:38:47 fetching corpus: 1100, signal 104373/123930 (executing program) 2025/09/01 10:38:47 fetching corpus: 1150, signal 105466/125626 (executing program) 2025/09/01 10:38:47 fetching corpus: 1200, signal 107001/127592 (executing program) 2025/09/01 10:38:47 fetching corpus: 1250, signal 108671/129580 (executing program) 2025/09/01 10:38:47 fetching corpus: 1300, signal 110046/131361 (executing program) 2025/09/01 10:38:47 fetching corpus: 1350, signal 111030/132830 (executing program) 2025/09/01 10:38:47 fetching corpus: 1400, signal 112055/134249 (executing program) 2025/09/01 10:38:47 fetching corpus: 1449, signal 113114/135761 (executing program) 2025/09/01 10:38:48 fetching corpus: 1499, signal 114251/137254 (executing program) 2025/09/01 10:38:48 fetching corpus: 1549, signal 115213/138649 (executing program) 2025/09/01 10:38:48 fetching corpus: 1599, signal 116440/140158 (executing program) 2025/09/01 10:38:48 fetching corpus: 1649, signal 118302/142046 (executing program) 2025/09/01 10:38:48 fetching corpus: 1699, signal 119165/143319 (executing program) 2025/09/01 10:38:48 fetching corpus: 1749, signal 120345/144714 (executing program) 2025/09/01 10:38:48 fetching corpus: 1799, signal 121308/145955 (executing program) 2025/09/01 10:38:48 fetching corpus: 1849, signal 122162/147135 (executing program) 2025/09/01 10:38:48 fetching corpus: 1899, signal 123232/148438 (executing program) 2025/09/01 10:38:48 fetching corpus: 1949, signal 124098/149590 (executing program) 2025/09/01 10:38:48 fetching corpus: 1999, signal 124930/150700 (executing program) 2025/09/01 10:38:48 fetching corpus: 2049, signal 125863/151830 (executing program) 2025/09/01 10:38:49 fetching corpus: 2099, signal 126681/152887 (executing program) 2025/09/01 10:38:49 fetching corpus: 2149, signal 127471/153885 (executing program) 2025/09/01 10:38:49 fetching corpus: 2199, signal 128290/154912 (executing program) 2025/09/01 10:38:49 fetching corpus: 2249, signal 128974/155821 (executing program) 2025/09/01 10:38:49 fetching corpus: 2299, signal 129996/156870 (executing program) 2025/09/01 10:38:49 fetching corpus: 2349, signal 130494/157656 (executing program) 2025/09/01 10:38:49 fetching corpus: 2399, signal 131278/158567 (executing program) 2025/09/01 10:38:49 fetching corpus: 2449, signal 132033/159498 (executing program) 2025/09/01 10:38:49 fetching corpus: 2499, signal 132994/160496 (executing program) 2025/09/01 10:38:49 fetching corpus: 2549, signal 133694/161320 (executing program) 2025/09/01 10:38:49 fetching corpus: 2599, signal 134445/162176 (executing program) 2025/09/01 10:38:49 fetching corpus: 2649, signal 135332/163076 (executing program) 2025/09/01 10:38:50 fetching corpus: 2699, signal 135871/163836 (executing program) 2025/09/01 10:38:50 fetching corpus: 2749, signal 136393/164543 (executing program) 2025/09/01 10:38:50 fetching corpus: 2799, signal 137002/165275 (executing program) 2025/09/01 10:38:50 fetching corpus: 2849, signal 137524/165948 (executing program) 2025/09/01 10:38:50 fetching corpus: 2899, signal 138209/166702 (executing program) 2025/09/01 10:38:50 fetching corpus: 2949, signal 138895/167391 (executing program) 2025/09/01 10:38:50 fetching corpus: 2999, signal 139349/168067 (executing program) 2025/09/01 10:38:50 fetching corpus: 3049, signal 139773/168677 (executing program) 2025/09/01 10:38:50 fetching corpus: 3099, signal 140399/169341 (executing program) 2025/09/01 10:38:50 fetching corpus: 3149, signal 141218/170027 (executing program) 2025/09/01 10:38:50 fetching corpus: 3199, signal 141863/170641 (executing program) 2025/09/01 10:38:50 fetching corpus: 3249, signal 142983/171397 (executing program) 2025/09/01 10:38:51 fetching corpus: 3299, signal 143774/172020 (executing program) 2025/09/01 10:38:51 fetching corpus: 3349, signal 144735/172713 (executing program) 2025/09/01 10:38:51 fetching corpus: 3399, signal 145297/173268 (executing program) 2025/09/01 10:38:51 fetching corpus: 3449, signal 145739/173766 (executing program) 2025/09/01 10:38:51 fetching corpus: 3499, signal 146123/174266 (executing program) 2025/09/01 10:38:51 fetching corpus: 3549, signal 146952/174852 (executing program) 2025/09/01 10:38:51 fetching corpus: 3599, signal 147682/175379 (executing program) 2025/09/01 10:38:51 fetching corpus: 3649, signal 148158/175920 (executing program) 2025/09/01 10:38:51 fetching corpus: 3699, signal 148633/176390 (executing program) 2025/09/01 10:38:51 fetching corpus: 3749, signal 149136/176865 (executing program) 2025/09/01 10:38:51 fetching corpus: 3799, signal 149949/177322 (executing program) 2025/09/01 10:38:52 fetching corpus: 3849, signal 150612/177841 (executing program) 2025/09/01 10:38:52 fetching corpus: 3899, signal 151351/178280 (executing program) 2025/09/01 10:38:52 fetching corpus: 3949, signal 151878/178688 (executing program) 2025/09/01 10:38:52 fetching corpus: 3999, signal 152527/179075 (executing program) 2025/09/01 10:38:52 fetching corpus: 4049, signal 153134/179466 (executing program) 2025/09/01 10:38:52 fetching corpus: 4099, signal 153769/179857 (executing program) 2025/09/01 10:38:52 fetching corpus: 4149, signal 154217/180213 (executing program) 2025/09/01 10:38:52 fetching corpus: 4199, signal 154785/180561 (executing program) 2025/09/01 10:38:52 fetching corpus: 4249, signal 155188/180861 (executing program) 2025/09/01 10:38:52 fetching corpus: 4299, signal 155559/181201 (executing program) 2025/09/01 10:38:52 fetching corpus: 4349, signal 155926/181531 (executing program) 2025/09/01 10:38:53 fetching corpus: 4399, signal 156306/181834 (executing program) 2025/09/01 10:38:53 fetching corpus: 4449, signal 156609/182027 (executing program) 2025/09/01 10:38:53 fetching corpus: 4499, signal 157024/182027 (executing program) 2025/09/01 10:38:53 fetching corpus: 4549, signal 157325/182032 (executing program) 2025/09/01 10:38:53 fetching corpus: 4599, signal 157750/182048 (executing program) 2025/09/01 10:38:53 fetching corpus: 4649, signal 158768/182053 (executing program) 2025/09/01 10:38:53 fetching corpus: 4699, signal 159483/182064 (executing program) 2025/09/01 10:38:53 fetching corpus: 4749, signal 159940/182067 (executing program) 2025/09/01 10:38:53 fetching corpus: 4799, signal 160511/182081 (executing program) 2025/09/01 10:38:53 fetching corpus: 4849, signal 161084/182084 (executing program) 2025/09/01 10:38:53 fetching corpus: 4899, signal 161580/182087 (executing program) 2025/09/01 10:38:53 fetching corpus: 4949, signal 161960/182099 (executing program) 2025/09/01 10:38:54 fetching corpus: 4999, signal 162365/182114 (executing program) 2025/09/01 10:38:54 fetching corpus: 5049, signal 162705/182120 (executing program) 2025/09/01 10:38:54 fetching corpus: 5099, signal 163142/182145 (executing program) 2025/09/01 10:38:54 fetching corpus: 5149, signal 163539/182156 (executing program) 2025/09/01 10:38:54 fetching corpus: 5199, signal 164036/182156 (executing program) 2025/09/01 10:38:54 fetching corpus: 5249, signal 164373/182175 (executing program) 2025/09/01 10:38:54 fetching corpus: 5299, signal 164762/182176 (executing program) 2025/09/01 10:38:54 fetching corpus: 5349, signal 165024/182188 (executing program) 2025/09/01 10:38:54 fetching corpus: 5399, signal 165378/182196 (executing program) 2025/09/01 10:38:54 fetching corpus: 5449, signal 165730/182200 (executing program) 2025/09/01 10:38:54 fetching corpus: 5499, signal 166081/182205 (executing program) 2025/09/01 10:38:54 fetching corpus: 5549, signal 166385/182216 (executing program) 2025/09/01 10:38:55 fetching corpus: 5599, signal 167016/182219 (executing program) 2025/09/01 10:38:55 fetching corpus: 5649, signal 167438/182229 (executing program) 2025/09/01 10:38:55 fetching corpus: 5699, signal 167893/182234 (executing program) 2025/09/01 10:38:55 fetching corpus: 5749, signal 168219/182242 (executing program) 2025/09/01 10:38:55 fetching corpus: 5799, signal 168692/182278 (executing program) 2025/09/01 10:38:55 fetching corpus: 5849, signal 168903/182290 (executing program) 2025/09/01 10:38:55 fetching corpus: 5899, signal 169195/182293 (executing program) 2025/09/01 10:38:55 fetching corpus: 5949, signal 169704/182296 (executing program) 2025/09/01 10:38:55 fetching corpus: 5999, signal 169933/182300 (executing program) 2025/09/01 10:38:55 fetching corpus: 6049, signal 170254/182308 (executing program) 2025/09/01 10:38:55 fetching corpus: 6099, signal 170480/182324 (executing program) 2025/09/01 10:38:56 fetching corpus: 6149, signal 170775/182328 (executing program) 2025/09/01 10:38:56 fetching corpus: 6199, signal 171219/182354 (executing program) 2025/09/01 10:38:56 fetching corpus: 6249, signal 171609/182361 (executing program) 2025/09/01 10:38:56 fetching corpus: 6299, signal 171970/182368 (executing program) 2025/09/01 10:38:56 fetching corpus: 6349, signal 172238/182374 (executing program) 2025/09/01 10:38:56 fetching corpus: 6399, signal 172525/182375 (executing program) 2025/09/01 10:38:56 fetching corpus: 6449, signal 172892/182380 (executing program) 2025/09/01 10:38:56 fetching corpus: 6499, signal 173305/182406 (executing program) 2025/09/01 10:38:56 fetching corpus: 6549, signal 173722/182409 (executing program) 2025/09/01 10:38:56 fetching corpus: 6599, signal 174040/182415 (executing program) 2025/09/01 10:38:56 fetching corpus: 6649, signal 174282/182418 (executing program) 2025/09/01 10:38:56 fetching corpus: 6699, signal 174558/182420 (executing program) 2025/09/01 10:38:57 fetching corpus: 6749, signal 174849/182475 (executing program) 2025/09/01 10:38:57 fetching corpus: 6799, signal 175307/182496 (executing program) 2025/09/01 10:38:57 fetching corpus: 6849, signal 175636/182498 (executing program) 2025/09/01 10:38:57 fetching corpus: 6899, signal 175988/182506 (executing program) 2025/09/01 10:38:57 fetching corpus: 6949, signal 176388/182530 (executing program) 2025/09/01 10:38:57 fetching corpus: 6999, signal 176784/182530 (executing program) 2025/09/01 10:38:57 fetching corpus: 7049, signal 177051/182547 (executing program) 2025/09/01 10:38:57 fetching corpus: 7099, signal 177271/182559 (executing program) 2025/09/01 10:38:57 fetching corpus: 7149, signal 177631/182561 (executing program) 2025/09/01 10:38:57 fetching corpus: 7199, signal 177869/182564 (executing program) 2025/09/01 10:38:57 fetching corpus: 7249, signal 178415/182674 (executing program) 2025/09/01 10:38:57 fetching corpus: 7299, signal 178705/182717 (executing program) 2025/09/01 10:38:58 fetching corpus: 7349, signal 179068/182734 (executing program) 2025/09/01 10:38:58 fetching corpus: 7399, signal 179424/182735 (executing program) 2025/09/01 10:38:58 fetching corpus: 7449, signal 179753/182766 (executing program) 2025/09/01 10:38:58 fetching corpus: 7497, signal 180040/182776 (executing program) 2025/09/01 10:38:58 fetching corpus: 7497, signal 180040/182776 (executing program) 2025/09/01 10:39:00 starting 8 fuzzer processes 10:39:00 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x15, 0x0, 0x0) 10:39:00 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r0) 10:39:00 executing program 5: sysinfo(&(0x7f00000000c0)=""/211) 10:39:00 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) io_setup(0x9b7f, &(0x7f0000000080)) 10:39:00 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894) 10:39:00 executing program 7: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) shutdown(r0, 0x0) 10:39:00 executing program 6: r0 = timerfd_create(0x8, 0x0) timerfd_gettime(r0, &(0x7f00000006c0)) 10:39:00 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000000040), 0x4) [ 77.113531] audit: type=1400 audit(1756723140.375:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 78.369998] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.376181] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.379335] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.381925] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.384148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.387937] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.391342] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.392938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.395040] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.397871] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.398870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.401583] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.403139] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.406561] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.410299] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.410473] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.414717] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.422212] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.449529] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.454397] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.459545] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.461447] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.467273] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.479394] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.480292] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.482328] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.483802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.487995] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.492436] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.494749] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.553275] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.558707] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.570574] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.571813] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.586616] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.587808] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.616730] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.618149] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.664581] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.674297] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.455290] Bluetooth: hci1: command tx timeout [ 80.455319] Bluetooth: hci2: command tx timeout [ 80.455595] Bluetooth: hci0: command tx timeout [ 80.518149] Bluetooth: hci4: command tx timeout [ 80.518226] Bluetooth: hci5: command tx timeout [ 80.582092] Bluetooth: hci3: command tx timeout [ 80.774245] Bluetooth: hci7: command tx timeout [ 80.838120] Bluetooth: hci6: command tx timeout [ 82.503020] Bluetooth: hci0: command tx timeout [ 82.503093] Bluetooth: hci1: command tx timeout [ 82.503492] Bluetooth: hci2: command tx timeout [ 82.566182] Bluetooth: hci5: command tx timeout [ 82.566762] Bluetooth: hci4: command tx timeout [ 82.630012] Bluetooth: hci3: command tx timeout [ 82.822082] Bluetooth: hci7: command tx timeout [ 82.887567] Bluetooth: hci6: command tx timeout [ 84.550071] Bluetooth: hci2: command tx timeout [ 84.550539] Bluetooth: hci1: command tx timeout [ 84.551130] Bluetooth: hci0: command tx timeout [ 84.614098] Bluetooth: hci4: command tx timeout [ 84.614505] Bluetooth: hci5: command tx timeout [ 84.678085] Bluetooth: hci3: command tx timeout [ 84.870045] Bluetooth: hci7: command tx timeout [ 84.936088] Bluetooth: hci6: command tx timeout [ 86.598369] Bluetooth: hci1: command tx timeout [ 86.598834] Bluetooth: hci2: command tx timeout [ 86.599483] Bluetooth: hci0: command tx timeout [ 86.663135] Bluetooth: hci5: command tx timeout [ 86.663608] Bluetooth: hci4: command tx timeout [ 86.727092] Bluetooth: hci3: command tx timeout [ 86.919172] Bluetooth: hci7: command tx timeout [ 86.982032] Bluetooth: hci6: command tx timeout [ 115.947680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.948379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.066319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.066931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.171196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.171809] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.319644] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.320614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.395318] audit: type=1400 audit(1756723179.655:8): avc: denied { open } for pid=3849 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.398765] audit: type=1400 audit(1756723179.656:9): avc: denied { kernel } for pid=3849 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.421446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.422057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.487904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.488496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:39:39 executing program 2: unlinkat$binderfs_device(0xffffffffffffff9c, 0x0) [ 116.611319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.611924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:39:39 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{0xb}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 10:39:39 executing program 6: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x19, 0x0, 0x0) [ 116.678595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.679187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:39:40 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0xff, 0x4) 10:39:40 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0xff, 0x4) [ 116.827623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.828249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.853022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.853593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.894433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.895078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:39:40 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r0) 10:39:40 executing program 2: keyctl$set_reqkey_keyring(0xe, 0x1) request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0) 10:39:40 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0xff, 0x4) [ 116.998586] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.000058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.035298] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.035859] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.066680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.067260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.097320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.097917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.171865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.172566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:39:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="02000000030000000400000030000f000300040000000000000000000f008ec4", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040008", 0x1d, 0x4200}], 0x0, &(0x7f0000013a00)) statfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000000600)=""/4096) 10:39:41 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0xff, 0x4) 10:39:41 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r0) 10:39:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x15, &(0x7f00000000c0), 0x4) 10:39:41 executing program 5: getegid() 10:39:41 executing program 7: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$KDSETLED(r0, 0x541b, 0x2f0ff1f00000000) 10:39:41 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000000040), 0x4) 10:39:41 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x5413, &(0x7f0000000280)) [ 118.072279] loop0: detected capacity change from 0 to 512 10:39:41 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r0) 10:39:41 executing program 7: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$KDSETLED(r0, 0x541b, 0x2f0ff1f00000000) 10:39:41 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2) 10:39:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x15, &(0x7f00000000c0), 0x4) [ 118.136577] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. 10:39:41 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f00000000c0), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) accept(0xffffffffffffffff, 0x0, 0x0) statfs(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000017c0), 0x0, 0x0, &(0x7f00000018c0)) 10:39:41 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000000040), 0x4) 10:39:41 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x5413, &(0x7f0000000280)) 10:39:41 executing program 1: r0 = msgget$private(0x0, 0x102) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, 0x0}, &(0x7f0000008600)=0xc) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@gid={'gid', 0x3d, r2}}]}) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@gid}]}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0xee01, 0xffffffffffffffff, 0x124, 0x100}, 0x0, 0x0, 0x9, 0x8, 0x3, 0x7ff, 0x8, 0x2, 0xa8e6, 0x5, 0x0, 0xffffffffffffffff}) sync() [ 118.271855] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.299073] tmpfs: Invalid gid '0x00000000ffffffff' [ 118.453377] tmpfs: Invalid gid '0x00000000ffffffff' 10:39:41 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000000040), 0x4) 10:39:41 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x33, 0x82002) write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:ldconfig_exec_t:s0\x00', 0x324) 10:39:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x15, &(0x7f00000000c0), 0x4) 10:39:41 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f00000000c0), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) accept(0xffffffffffffffff, 0x0, 0x0) statfs(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000017c0), 0x0, 0x0, &(0x7f00000018c0)) 10:39:41 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x5413, &(0x7f0000000280)) 10:39:41 executing program 7: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$KDSETLED(r0, 0x541b, 0x2f0ff1f00000000) 10:39:41 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="02000000030000000400000030000f000300040000000000000000000f008ec4", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040008", 0x1d, 0x4200}], 0x0, &(0x7f0000013a00)) statfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000000600)=""/4096) 10:39:41 executing program 1: r0 = msgget$private(0x0, 0x102) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, 0x0}, &(0x7f0000008600)=0xc) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@gid={'gid', 0x3d, r2}}]}) syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@gid}]}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0xee01, 0xffffffffffffffff, 0x124, 0x100}, 0x0, 0x0, 0x9, 0x8, 0x3, 0x7ff, 0x8, 0x2, 0xa8e6, 0x5, 0x0, 0xffffffffffffffff}) sync() [ 118.543530] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 118.544551] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 118.545297] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.547108] Tainted: [W]=WARN [ 118.547776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.548935] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.549658] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.552084] RSP: 0018:ffff8880449b7800 EFLAGS: 00010212 [ 118.552863] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 118.553862] RDX: ffff888015ab9b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 118.555252] RBP: ffff8880449b7a70 R08: ffff88806cf31340 R09: ffffe8ffffd10728 [ 118.556238] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.557246] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.558253] FS: 000055557a830400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 118.559393] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.560237] CR2: 00007fa71d084541 CR3: 0000000016e30000 CR4: 0000000000350ef0 [ 118.561596] Call Trace: [ 118.561820] [ 118.562018] ? perf_trace_lock+0xb5/0x5d0 [ 118.562377] ? __pfx_perf_tp_event+0x10/0x10 [ 118.562760] ? lock_acquire+0x15e/0x2f0 [ 118.563102] ? __is_insn_slot_addr+0x2e/0x290 [ 118.563491] ? find_held_lock+0x2b/0x80 [ 118.563838] ? __is_insn_slot_addr+0x136/0x290 [ 118.564233] ? lock_release+0xc8/0x290 [ 118.564568] ? __is_insn_slot_addr+0x140/0x290 [ 118.564966] ? kernel_text_address+0x5b/0xc0 [ 118.565341] ? __kernel_text_address+0xd/0x40 [ 118.565734] ? unwind_get_return_address+0x59/0xa0 [ 118.566152] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.566603] ? arch_stack_walk+0x9c/0xf0 [ 118.566956] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.567380] perf_trace_run_bpf_submit+0xef/0x180 [ 118.567795] perf_trace_lock+0x337/0x5d0 [ 118.568148] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.568539] ? lock_acquire+0x15e/0x2f0 [ 118.568879] ? futex_ref_get+0x48/0x300 [ 118.569221] ? futex_ref_get+0x114/0x300 [ 118.569569] ? futex_hash+0x15c/0x390 [ 118.569900] lock_release+0x1ab/0x290 [ 118.570232] ? futex_hash+0x15c/0x390 [ 118.570559] futex_ref_get+0x119/0x300 [ 118.570892] ? futex_hash+0x15c/0x390 [ 118.571214] futex_hash+0x70/0x390 [ 118.571523] futex_wake+0x143/0x540 [ 118.571845] ? lock_release+0xc8/0x290 [ 118.572177] ? __pfx_futex_wake+0x10/0x10 [ 118.572537] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.572980] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 118.573437] do_futex+0x26d/0x370 [ 118.573747] ? __pfx_do_futex+0x10/0x10 [ 118.574088] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.574482] __x64_sys_futex+0x1c9/0x4d0 [ 118.574835] ? __pfx___x64_sys_futex+0x10/0x10 [ 118.575221] ? lock_release+0xc8/0x290 [ 118.575556] ? do_raw_spin_unlock+0x53/0x220 [ 118.575945] ? _raw_spin_unlock+0x1e/0x40 [ 118.576303] ? file_close_fd+0x63/0x80 [ 118.576641] do_syscall_64+0xbf/0x360 [ 118.576972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.577401] RIP: 0033:0x7ff0660d3b19 [ 118.577724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.579203] RSP: 002b:00007ffddc230748 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.579817] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff0660d3b19 [ 118.580418] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff0661e6f68 [ 118.581006] RBP: 00007ff0661e6f60 R08: 0000000000000007 R09: 0000000000000000 [ 118.581599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0661eb090 [ 118.582189] R13: 00007ffddc230850 R14: 00007ff0661e6f60 R15: 000000000001ce8c [ 118.582790] [ 118.582991] Modules linked in: [ 118.583271] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 118.584332] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 118.585145] CPU: 0 UID: 0 PID: 67 Comm: kworker/u8:1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.586228] Tainted: [D]=DIE, [W]=WARN [ 118.586590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.587355] Workqueue: ipv6_addrconf addrconf_dad_work [ 118.587863] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.588309] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.589998] RSP: 0018:ffff88806ce08340 EFLAGS: 00010212 [ 118.590497] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 118.591163] RDX: ffff88800f291b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 118.591827] RBP: ffff88806ce085b0 R08: ffff88806ce313e8 R09: ffffe8ffffc10728 [ 118.592488] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 118.593141] R13: 000000000000002c R14: ffff88806ce313e8 R15: dffffc0000000000 [ 118.593807] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 118.594547] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.595087] CR2: 0000001b2da24000 CR3: 000000004389b000 CR4: 0000000000350ef0 [ 118.595755] Call Trace: [ 118.596001] [ 118.596207] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.596644] ? __pfx_perf_tp_event+0x10/0x10 [ 118.597066] ? unwind_next_frame+0x3b2/0x2540 [ 118.597507] ? lock_release+0x1c7/0x290 [ 118.597893] ? unwind_next_frame+0x3bc/0x2540 [ 118.598319] ? handle_softirqs+0x1b1/0x770 [ 118.598727] ? do_softirq+0x48/0x80 [ 118.599069] ? kernel_text_address+0x11/0xc0 [ 118.599487] ? ip6_finish_output2+0xf61/0x1780 [ 118.599925] ? __kernel_text_address+0xd/0x40 [ 118.600347] ? unwind_get_return_address+0x59/0xa0 [ 118.600818] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.601325] ? arch_stack_walk+0x76/0xf0 [ 118.601715] ? __dev_queue_xmit+0xe19/0x3cc0 [ 118.602137] ? do_softirq+0x48/0x80 [ 118.602484] ? perf_trace_lock+0xb5/0x5d0 [ 118.602868] ? stack_trace_save+0x8e/0xc0 [ 118.603271] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.603743] ? do_raw_spin_lock+0x123/0x260 [ 118.604146] perf_trace_run_bpf_submit+0xef/0x180 [ 118.604607] perf_trace_lock+0x337/0x5d0 [ 118.604993] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.605419] ? kmem_cache_alloc_noprof+0x264/0x690 [ 118.605889] ? ip6_pol_route+0x9cd/0x11a0 [ 118.606275] lock_release+0x1ab/0x290 [ 118.606642] ? dst_alloc+0x44f/0x620 [ 118.606997] ip6_pol_route+0x9d2/0x11a0 [ 118.607369] ? __pfx_ip6_pol_route+0x10/0x10 [ 118.607770] ? eth_type_trans+0x2d1/0x600 [ 118.608163] ? ieee80211_rx_handlers+0xccc/0x9620 [ 118.608607] ? __pfx_ip6_pol_route_input+0x10/0x10 [ 118.609060] fib6_rule_lookup+0x20d/0x300 [ 118.609452] ip6_route_input+0x606/0xb30 [ 118.609841] ? __pfx_ip6_route_input+0x10/0x10 [ 118.610276] ? perf_trace_lock+0xb5/0x5d0 [ 118.610670] ip6_rcv_finish_core.constprop.0+0x1a4/0x5e0 [ 118.611172] ip6_list_rcv_finish.constprop.0+0x15f/0x9a0 [ 118.611674] ? __pfx_ip6_list_rcv_finish.constprop.0+0x10/0x10 [ 118.612215] ? ip6_rcv_core+0xc07/0x1bb0 [ 118.612599] ipv6_list_rcv+0x2c7/0x3f0 [ 118.612962] ? __pfx_ipv6_list_rcv+0x10/0x10 [ 118.613375] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.613806] ? __pfx_ipv6_list_rcv+0x10/0x10 [ 118.614215] __netif_receive_skb_list_core+0x4c1/0x8d0 [ 118.614702] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 118.615233] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.615715] ? kcov_remote_stop+0x25e/0x490 [ 118.616116] ? lock_acquire+0x18c/0x2f0 [ 118.616492] netif_receive_skb_list_internal+0x6c1/0xc90 [ 118.616991] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 118.617543] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.617964] ? perf_trace_lock+0xb5/0x5d0 [ 118.618351] ? ieee80211_rx_napi+0x106/0x3c0 [ 118.618764] netif_receive_skb_list+0x4f/0x410 [ 118.619196] ieee80211_rx_napi+0x356/0x3c0 [ 118.619586] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 118.620036] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 118.620509] ieee80211_handle_queued_frames+0xd9/0x130 [ 118.621004] tasklet_action_common+0x235/0x3b0 [ 118.621423] ? workqueue_softirq_action+0x1a/0x170 [ 118.621893] handle_softirqs+0x1b1/0x770 [ 118.622272] ? __dev_queue_xmit+0xe19/0x3cc0 [ 118.622680] do_softirq+0x48/0x80 [ 118.623005] [ 118.623214] [ 118.623420] __local_bh_enable_ip+0xf1/0x110 [ 118.623827] ? __dev_queue_xmit+0xe19/0x3cc0 [ 118.624238] __dev_queue_xmit+0xe2e/0x3cc0 [ 118.624631] ? selinux_ip_postroute+0x629/0xcd0 [ 118.625064] ? __pfx_selinux_ip_postroute+0x10/0x10 [ 118.625541] ? __pfx___dev_queue_xmit+0x10/0x10 [ 118.625971] ? kasan_save_stack+0x24/0x50 [ 118.626353] ? kasan_save_track+0x14/0x30 [ 118.626736] ? __kasan_kmalloc+0x7f/0x90 [ 118.627113] ? perf_trace_lock+0xb5/0x5d0 [ 118.627494] ? perf_trace_lock+0xb5/0x5d0 [ 118.627875] ? addrconf_dad_completed+0xa8b/0xe70 [ 118.628320] ? addrconf_dad_work+0x762/0x11a0 [ 118.628732] ? process_one_work+0x8e1/0x19c0 [ 118.629139] ? perf_trace_lock+0xb5/0x5d0 [ 118.629525] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.629941] ? perf_trace_lock+0xb5/0x5d0 [ 118.630320] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.630736] ? ipv6_chk_mcast_addr+0x2ab/0x990 [ 118.631154] ? lock_release+0x1c7/0x290 [ 118.631517] ? __ip6_finish_output+0x5d5/0xd10 [ 118.631935] ? lock_release+0x1c7/0x290 [ 118.632298] ip6_finish_output2+0xf61/0x1780 [ 118.632710] __ip6_finish_output+0x5d5/0xd10 [ 118.633109] ip6_output+0x24d/0x700 [ 118.633439] mld_sendpack+0x95f/0x11b0 [ 118.633801] ? __pfx_mld_sendpack+0x10/0x10 [ 118.634199] ? lock_acquire+0x15e/0x2f0 [ 118.634558] ? addrconf_dad_completed+0x17c/0xe70 [ 118.635001] mld_send_initial_cr+0x21b/0x320 [ 118.635408] ipv6_mc_dad_complete+0xa5/0x1c0 [ 118.635811] addrconf_dad_completed+0xa8b/0xe70 [ 118.636239] ? __pfx_addrconf_dad_completed+0x10/0x10 [ 118.636709] ? mark_held_locks+0x49/0x80 [ 118.637081] addrconf_dad_work+0x762/0x11a0 [ 118.637486] ? __pfx_addrconf_dad_work+0x10/0x10 [ 118.637922] ? lock_release+0xc8/0x290 [ 118.638281] process_one_work+0x8e1/0x19c0 [ 118.638671] ? __pfx_process_one_work+0x10/0x10 [ 118.639092] ? move_linked_works+0x172/0x270 [ 118.639507] ? assign_work+0x196/0x240 [ 118.639865] worker_thread+0x67e/0xe90 [ 118.640220] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.640698] ? __pfx_worker_thread+0x10/0x10 [ 118.641103] kthread+0x3c8/0x740 [ 118.641418] ? __pfx_kthread+0x10/0x10 [ 118.641779] ? ret_from_fork+0x23/0x430 [ 118.642149] ? lock_release+0xc8/0x290 [ 118.642507] ? __pfx_kthread+0x10/0x10 [ 118.642862] ret_from_fork+0x34b/0x430 [ 118.643220] ? __pfx_kthread+0x10/0x10 [ 118.643574] ret_from_fork_asm+0x1a/0x30 [ 118.643957] [ 118.644173] Modules linked in: [ 118.644469] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 118.645288] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 118.645922] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.646788] Tainted: [D]=DIE, [W]=WARN [ 118.647071] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.647668] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.648020] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.649339] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 118.649735] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 118.650255] RDX: ffff888015ab9b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 118.650775] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd10728 [ 118.651294] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 118.651813] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 118.652339] FS: 000055557a830400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 118.652928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.653355] CR2: 00007fa71d084541 CR3: 0000000016e30000 CR4: 0000000000350ef0 [ 118.653882] Call Trace: [ 118.654076] [ 118.654241] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.654642] ? arch_stack_walk+0x9c/0xf0 [ 118.654947] ? __pfx_perf_tp_event+0x10/0x10 [ 118.655282] ? stack_trace_save+0x8e/0xc0 [ 118.655593] ? stack_depot_save_flags+0x2c/0xa20 [ 118.655948] ? __kasan_slab_free+0x3f/0x50 [ 118.656267] ? kfree+0x281/0x550 [ 118.656530] ? slab_free_after_rcu_debug+0x6f/0x290 [ 118.656904] ? rcu_core+0x7c8/0x1800 [ 118.657187] ? kasan_save_stack+0x34/0x50 [ 118.657505] ? kasan_save_stack+0x24/0x50 [ 118.657815] ? kasan_save_track+0x14/0x30 [ 118.658125] ? __kasan_save_free_info+0x3a/0x60 [ 118.658474] ? __kasan_slab_free+0x3f/0x50 [ 118.658793] ? slab_free_after_rcu_debug+0xd6/0x290 [ 118.659172] ? rcu_core+0x7c8/0x1800 [ 118.659456] ? handle_softirqs+0x1b1/0x770 [ 118.659778] ? __irq_exit_rcu+0xc4/0x100 [ 118.660085] ? irq_exit_rcu+0x9/0x20 [ 118.660362] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 118.660741] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 118.661139] ? lock_acquire+0x5b/0x2f0 [ 118.661430] ? unwind_next_frame+0xcd/0x2540 [ 118.661768] ? arch_stack_walk+0x86/0xf0 [ 118.662074] ? stack_trace_save+0x8e/0xc0 [ 118.662384] ? kasan_save_stack+0x24/0x50 [ 118.662696] ? kvm_sched_clock_read+0x16/0x30 [ 118.663034] ? sched_clock+0x37/0x60 [ 118.663322] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.663695] perf_trace_run_bpf_submit+0xef/0x180 [ 118.664060] perf_trace_lock+0x337/0x5d0 [ 118.664366] ? place_entity+0x1c/0x410 [ 118.664661] ? kvm_sched_clock_read+0x16/0x30 [ 118.665002] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.665345] ? check_preempt_wakeup_fair+0x6e/0x950 [ 118.665728] ? sched_ttwu_pending+0x2e0/0x4a0 [ 118.666070] lock_release+0x1ab/0x290 [ 118.666356] ? ttwu_do_activate+0x1a4/0x8a0 [ 118.666681] _raw_spin_unlock+0x16/0x40 [ 118.666981] sched_ttwu_pending+0x2e0/0x4a0 [ 118.667307] ? __pfx_try_to_wake_up+0x10/0x10 [ 118.667647] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 118.668009] ? mark_held_locks+0x49/0x80 [ 118.668317] __flush_smp_call_function_queue+0x434/0x740 [ 118.668725] __sysvec_call_function_single+0x6d/0x370 [ 118.669115] sysvec_call_function_single+0xa1/0xc0 [ 118.669489] [ 118.669660] [ 118.669833] asm_sysvec_call_function_single+0x1a/0x20 [ 118.670222] RIP: 0010:oops_exit+0x0/0x50 [ 118.670529] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 118.671845] RSP: 0018:ffff8880449b7690 EFLAGS: 00000202 [ 118.672235] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 118.672752] RDX: ffff888015ab9b80 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 118.673271] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 118.673794] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880449b7758 [ 118.674313] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 118.674834] ? add_taint+0x5f/0xd0 [ 118.675105] ? oops_end+0x4a/0xe0 [ 118.675375] oops_end+0x65/0xe0 [ 118.675633] exc_general_protection+0x1a2/0x330 [ 118.675986] asm_exc_general_protection+0x26/0x30 [ 118.676344] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.676693] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.678013] RSP: 0018:ffff8880449b7800 EFLAGS: 00010212 [ 118.678402] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 118.678920] RDX: ffff888015ab9b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 118.679440] RBP: ffff8880449b7a70 R08: ffff88806cf31340 R09: ffffe8ffffd10728 [ 118.679959] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.680477] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.681000] ? perf_tp_event+0x167/0xe70 [ 118.681312] ? perf_trace_lock+0xb5/0x5d0 [ 118.681632] ? __pfx_perf_tp_event+0x10/0x10 [ 118.681968] ? lock_acquire+0x15e/0x2f0 [ 118.682267] ? __is_insn_slot_addr+0x2e/0x290 [ 118.682607] ? find_held_lock+0x2b/0x80 [ 118.682910] ? __is_insn_slot_addr+0x136/0x290 [ 118.683257] ? lock_release+0xc8/0x290 [ 118.683552] ? __is_insn_slot_addr+0x140/0x290 [ 118.683899] ? kernel_text_address+0x5b/0xc0 [ 118.684231] ? __kernel_text_address+0xd/0x40 [ 118.684571] ? unwind_get_return_address+0x59/0xa0 [ 118.684940] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.685341] ? arch_stack_walk+0x9c/0xf0 [ 118.685659] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.686034] perf_trace_run_bpf_submit+0xef/0x180 [ 118.686402] perf_trace_lock+0x337/0x5d0 [ 118.686715] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.687061] ? lock_acquire+0x15e/0x2f0 [ 118.687359] ? futex_ref_get+0x48/0x300 [ 118.687656] ? futex_ref_get+0x114/0x300 [ 118.687961] ? futex_hash+0x15c/0x390 [ 118.688247] lock_release+0x1ab/0x290 [ 118.688535] ? futex_hash+0x15c/0x390 [ 118.688823] futex_ref_get+0x119/0x300 [ 118.689115] ? futex_hash+0x15c/0x390 [ 118.689402] futex_hash+0x70/0x390 [ 118.689679] futex_wake+0x143/0x540 [ 118.689957] ? lock_release+0xc8/0x290 [ 118.690254] ? __pfx_futex_wake+0x10/0x10 [ 118.690570] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.690961] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 118.691364] do_futex+0x26d/0x370 [ 118.691630] ? __pfx_do_futex+0x10/0x10 [ 118.691932] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.692278] __x64_sys_futex+0x1c9/0x4d0 [ 118.692586] ? __pfx___x64_sys_futex+0x10/0x10 [ 118.692930] ? lock_release+0xc8/0x290 [ 118.693224] ? do_raw_spin_unlock+0x53/0x220 [ 118.693564] ? _raw_spin_unlock+0x1e/0x40 [ 118.693876] ? file_close_fd+0x63/0x80 [ 118.694170] do_syscall_64+0xbf/0x360 [ 118.694457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.694837] RIP: 0033:0x7ff0660d3b19 [ 118.695113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.696428] RSP: 002b:00007ffddc230748 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.696983] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff0660d3b19 [ 118.697510] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff0661e6f68 [ 118.698031] RBP: 00007ff0661e6f60 R08: 0000000000000007 R09: 0000000000000000 [ 118.698551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0661eb090 [ 118.699072] R13: 00007ffddc230850 R14: 00007ff0661e6f60 R15: 000000000001ce8c [ 118.699601] [ 118.699782] Modules linked in: [ 118.700024] ---[ end trace 0000000000000000 ]--- [ 118.700025] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 118.700374] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.701342] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 118.701690] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.702449] CPU: 0 UID: 0 PID: 67 Comm: kworker/u8:1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 118.703755] RSP: 0018:ffff8880449b7800 EFLAGS: 00010212 [ 118.704763] Tainted: [D]=DIE, [W]=WARN [ 118.705148] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 118.705490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.706005] RDX: ffff888015ab9b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 118.706726] Workqueue: ipv6_addrconf addrconf_dad_work [ 118.707241] RBP: ffff8880449b7a70 R08: ffff88806cf31340 R09: ffffe8ffffd10728 [ 118.707251] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.707699] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.708214] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.708833] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.709182] FS: 000055557a830400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 118.709809] RSP: 0018:ffff88806ce07b80 EFLAGS: 00010012 [ 118.711123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.711810] [ 118.712193] CR2: 00007fa71d084541 CR3: 0000000016e30000 CR4: 0000000000350ef0 [ 118.712695] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 118.712828] Kernel panic - not syncing: Fatal exception in interrupt [ 119.754257] Shutting down cpus with NMI [ 119.755772] Kernel Offset: disabled [ 119.756043] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:39:41 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff88806ce080f0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff1100d9c101f R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88806ce08128 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2da24000 CR3=000000004389b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000ffffffff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007efe5ca977c800007efe5ca977c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880449b7170 R8 =0000000000000000 R9 =ffffed10016e6046 R10=0000000000000066 R11=3030303030302043 R12=0000000000000066 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557a830400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa71d084541 CR3=0000000016e30000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ff00000000000000000000000000 XMM01=0000010000ff00000000000000000000 XMM02=6172665f7463656a6e695f3131323038 XMM03=000000000000006a6e695f3131323038 XMM04=253d7367726100656d6172665f746365 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000