Warning: Permanently added '[localhost]:11019' (ECDSA) to the list of known hosts. 2025/09/01 11:26:19 fuzzer started 2025/09/01 11:26:19 dialing manager at localhost:35473 syzkaller login: [ 58.874008] cgroup: Unknown subsys name 'net' [ 58.920232] cgroup: Unknown subsys name 'cpuset' [ 58.932767] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:26:29 syscalls: 2214 2025/09/01 11:26:29 code coverage: enabled 2025/09/01 11:26:29 comparison tracing: enabled 2025/09/01 11:26:29 extra coverage: enabled 2025/09/01 11:26:29 setuid sandbox: enabled 2025/09/01 11:26:29 namespace sandbox: enabled 2025/09/01 11:26:29 Android sandbox: enabled 2025/09/01 11:26:29 fault injection: enabled 2025/09/01 11:26:29 leak checking: enabled 2025/09/01 11:26:29 net packet injection: enabled 2025/09/01 11:26:29 net device setup: enabled 2025/09/01 11:26:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:26:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:26:29 USB emulation: enabled 2025/09/01 11:26:29 hci packet injection: enabled 2025/09/01 11:26:29 wifi device emulation: enabled 2025/09/01 11:26:29 802.15.4 emulation: enabled 2025/09/01 11:26:29 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:26:29 fetching corpus: 50, signal 18852/22429 (executing program) 2025/09/01 11:26:30 fetching corpus: 100, signal 29636/34644 (executing program) 2025/09/01 11:26:30 fetching corpus: 150, signal 45339/51370 (executing program) 2025/09/01 11:26:30 fetching corpus: 200, signal 49194/56552 (executing program) 2025/09/01 11:26:30 fetching corpus: 250, signal 56831/65164 (executing program) 2025/09/01 11:26:30 fetching corpus: 300, signal 61844/71210 (executing program) 2025/09/01 11:26:30 fetching corpus: 350, signal 64761/75259 (executing program) 2025/09/01 11:26:30 fetching corpus: 400, signal 68382/79835 (executing program) 2025/09/01 11:26:30 fetching corpus: 450, signal 71817/84174 (executing program) 2025/09/01 11:26:30 fetching corpus: 500, signal 75897/88971 (executing program) 2025/09/01 11:26:30 fetching corpus: 550, signal 78698/92614 (executing program) 2025/09/01 11:26:30 fetching corpus: 600, signal 81074/95876 (executing program) 2025/09/01 11:26:31 fetching corpus: 650, signal 83360/98979 (executing program) 2025/09/01 11:26:31 fetching corpus: 700, signal 85834/102218 (executing program) 2025/09/01 11:26:31 fetching corpus: 750, signal 87440/104643 (executing program) 2025/09/01 11:26:31 fetching corpus: 800, signal 90099/107959 (executing program) 2025/09/01 11:26:31 fetching corpus: 850, signal 91924/110476 (executing program) 2025/09/01 11:26:31 fetching corpus: 900, signal 93755/112977 (executing program) 2025/09/01 11:26:31 fetching corpus: 950, signal 95726/115569 (executing program) 2025/09/01 11:26:31 fetching corpus: 1000, signal 97363/117863 (executing program) 2025/09/01 11:26:31 fetching corpus: 1050, signal 98762/119919 (executing program) 2025/09/01 11:26:31 fetching corpus: 1100, signal 99711/121600 (executing program) 2025/09/01 11:26:32 fetching corpus: 1150, signal 101535/123855 (executing program) 2025/09/01 11:26:32 fetching corpus: 1200, signal 103539/126259 (executing program) 2025/09/01 11:26:32 fetching corpus: 1250, signal 104767/128080 (executing program) 2025/09/01 11:26:32 fetching corpus: 1300, signal 105950/129864 (executing program) 2025/09/01 11:26:32 fetching corpus: 1350, signal 107048/131568 (executing program) 2025/09/01 11:26:32 fetching corpus: 1400, signal 107936/133029 (executing program) 2025/09/01 11:26:32 fetching corpus: 1450, signal 109014/134648 (executing program) 2025/09/01 11:26:32 fetching corpus: 1500, signal 110889/136756 (executing program) 2025/09/01 11:26:32 fetching corpus: 1550, signal 112147/138397 (executing program) 2025/09/01 11:26:32 fetching corpus: 1600, signal 113137/139841 (executing program) 2025/09/01 11:26:32 fetching corpus: 1650, signal 114186/141313 (executing program) 2025/09/01 11:26:33 fetching corpus: 1700, signal 115007/142602 (executing program) 2025/09/01 11:26:33 fetching corpus: 1750, signal 116447/144302 (executing program) 2025/09/01 11:26:33 fetching corpus: 1800, signal 117551/145735 (executing program) 2025/09/01 11:26:33 fetching corpus: 1850, signal 118280/146940 (executing program) 2025/09/01 11:26:33 fetching corpus: 1900, signal 118976/148113 (executing program) 2025/09/01 11:26:33 fetching corpus: 1950, signal 119996/149465 (executing program) 2025/09/01 11:26:33 fetching corpus: 2000, signal 120896/150695 (executing program) 2025/09/01 11:26:33 fetching corpus: 2050, signal 122257/152216 (executing program) 2025/09/01 11:26:33 fetching corpus: 2100, signal 123624/153730 (executing program) 2025/09/01 11:26:33 fetching corpus: 2150, signal 124215/154750 (executing program) 2025/09/01 11:26:33 fetching corpus: 2200, signal 125104/155860 (executing program) 2025/09/01 11:26:34 fetching corpus: 2250, signal 126067/157013 (executing program) 2025/09/01 11:26:34 fetching corpus: 2300, signal 126870/158100 (executing program) 2025/09/01 11:26:34 fetching corpus: 2350, signal 127991/159325 (executing program) 2025/09/01 11:26:34 fetching corpus: 2400, signal 128833/160409 (executing program) 2025/09/01 11:26:34 fetching corpus: 2450, signal 129753/161515 (executing program) 2025/09/01 11:26:34 fetching corpus: 2500, signal 130804/162675 (executing program) 2025/09/01 11:26:34 fetching corpus: 2550, signal 131544/163657 (executing program) 2025/09/01 11:26:34 fetching corpus: 2600, signal 132674/164815 (executing program) 2025/09/01 11:26:34 fetching corpus: 2650, signal 133558/165778 (executing program) 2025/09/01 11:26:34 fetching corpus: 2700, signal 134227/166638 (executing program) 2025/09/01 11:26:34 fetching corpus: 2750, signal 134947/167493 (executing program) 2025/09/01 11:26:35 fetching corpus: 2800, signal 135723/168404 (executing program) 2025/09/01 11:26:35 fetching corpus: 2850, signal 136806/169395 (executing program) 2025/09/01 11:26:35 fetching corpus: 2900, signal 137716/170372 (executing program) 2025/09/01 11:26:35 fetching corpus: 2950, signal 138427/171179 (executing program) 2025/09/01 11:26:35 fetching corpus: 3000, signal 138759/171880 (executing program) 2025/09/01 11:26:35 fetching corpus: 3050, signal 139600/172746 (executing program) 2025/09/01 11:26:35 fetching corpus: 3100, signal 140248/173502 (executing program) 2025/09/01 11:26:35 fetching corpus: 3150, signal 140902/174257 (executing program) 2025/09/01 11:26:35 fetching corpus: 3200, signal 141437/174941 (executing program) 2025/09/01 11:26:35 fetching corpus: 3250, signal 142250/175672 (executing program) 2025/09/01 11:26:36 fetching corpus: 3300, signal 142701/176270 (executing program) 2025/09/01 11:26:36 fetching corpus: 3350, signal 143676/176992 (executing program) 2025/09/01 11:26:36 fetching corpus: 3400, signal 144385/177687 (executing program) 2025/09/01 11:26:36 fetching corpus: 3450, signal 144954/178322 (executing program) 2025/09/01 11:26:36 fetching corpus: 3500, signal 145407/178915 (executing program) 2025/09/01 11:26:36 fetching corpus: 3550, signal 146509/179634 (executing program) 2025/09/01 11:26:36 fetching corpus: 3600, signal 147095/180240 (executing program) 2025/09/01 11:26:36 fetching corpus: 3650, signal 147733/180850 (executing program) 2025/09/01 11:26:36 fetching corpus: 3700, signal 148570/181478 (executing program) 2025/09/01 11:26:36 fetching corpus: 3750, signal 148990/182011 (executing program) 2025/09/01 11:26:36 fetching corpus: 3800, signal 149528/182515 (executing program) 2025/09/01 11:26:36 fetching corpus: 3850, signal 150087/183052 (executing program) 2025/09/01 11:26:36 fetching corpus: 3900, signal 150520/183562 (executing program) 2025/09/01 11:26:37 fetching corpus: 3950, signal 151226/184098 (executing program) 2025/09/01 11:26:37 fetching corpus: 4000, signal 151586/184535 (executing program) 2025/09/01 11:26:37 fetching corpus: 4050, signal 152069/184996 (executing program) 2025/09/01 11:26:37 fetching corpus: 4100, signal 152802/185530 (executing program) 2025/09/01 11:26:37 fetching corpus: 4150, signal 153413/186017 (executing program) 2025/09/01 11:26:37 fetching corpus: 4200, signal 154129/186523 (executing program) 2025/09/01 11:26:37 fetching corpus: 4250, signal 154505/186977 (executing program) 2025/09/01 11:26:37 fetching corpus: 4300, signal 155146/187430 (executing program) 2025/09/01 11:26:37 fetching corpus: 4350, signal 155709/187955 (executing program) 2025/09/01 11:26:37 fetching corpus: 4400, signal 156219/188339 (executing program) 2025/09/01 11:26:37 fetching corpus: 4450, signal 156585/188727 (executing program) 2025/09/01 11:26:37 fetching corpus: 4500, signal 156914/189117 (executing program) 2025/09/01 11:26:38 fetching corpus: 4550, signal 157328/189503 (executing program) 2025/09/01 11:26:38 fetching corpus: 4600, signal 157757/189858 (executing program) 2025/09/01 11:26:38 fetching corpus: 4650, signal 158429/190065 (executing program) 2025/09/01 11:26:38 fetching corpus: 4700, signal 158737/190068 (executing program) 2025/09/01 11:26:38 fetching corpus: 4750, signal 159073/190077 (executing program) 2025/09/01 11:26:38 fetching corpus: 4800, signal 159564/190081 (executing program) 2025/09/01 11:26:38 fetching corpus: 4850, signal 160014/190090 (executing program) 2025/09/01 11:26:38 fetching corpus: 4900, signal 160428/190104 (executing program) 2025/09/01 11:26:38 fetching corpus: 4950, signal 160835/190106 (executing program) 2025/09/01 11:26:38 fetching corpus: 5000, signal 161258/190116 (executing program) 2025/09/01 11:26:38 fetching corpus: 5050, signal 161599/190116 (executing program) 2025/09/01 11:26:39 fetching corpus: 5100, signal 162104/190118 (executing program) 2025/09/01 11:26:39 fetching corpus: 5150, signal 162451/190127 (executing program) 2025/09/01 11:26:39 fetching corpus: 5200, signal 163049/190128 (executing program) 2025/09/01 11:26:39 fetching corpus: 5250, signal 163274/190132 (executing program) 2025/09/01 11:26:39 fetching corpus: 5300, signal 163628/190135 (executing program) 2025/09/01 11:26:39 fetching corpus: 5350, signal 163944/190143 (executing program) 2025/09/01 11:26:39 fetching corpus: 5400, signal 164385/190143 (executing program) 2025/09/01 11:26:39 fetching corpus: 5450, signal 165032/190156 (executing program) 2025/09/01 11:26:39 fetching corpus: 5500, signal 165883/190188 (executing program) 2025/09/01 11:26:39 fetching corpus: 5550, signal 166244/190223 (executing program) 2025/09/01 11:26:39 fetching corpus: 5600, signal 166582/190231 (executing program) 2025/09/01 11:26:39 fetching corpus: 5650, signal 166790/190241 (executing program) 2025/09/01 11:26:39 fetching corpus: 5700, signal 167019/190248 (executing program) 2025/09/01 11:26:39 fetching corpus: 5750, signal 167357/190251 (executing program) 2025/09/01 11:26:40 fetching corpus: 5800, signal 167717/190261 (executing program) 2025/09/01 11:26:40 fetching corpus: 5850, signal 168468/190262 (executing program) 2025/09/01 11:26:40 fetching corpus: 5900, signal 169003/190268 (executing program) 2025/09/01 11:26:40 fetching corpus: 5950, signal 169513/190321 (executing program) 2025/09/01 11:26:40 fetching corpus: 6000, signal 169948/190329 (executing program) 2025/09/01 11:26:40 fetching corpus: 6050, signal 170311/190335 (executing program) 2025/09/01 11:26:40 fetching corpus: 6100, signal 170787/190340 (executing program) 2025/09/01 11:26:40 fetching corpus: 6150, signal 171309/190468 (executing program) 2025/09/01 11:26:40 fetching corpus: 6200, signal 171755/190470 (executing program) 2025/09/01 11:26:40 fetching corpus: 6250, signal 172029/190478 (executing program) 2025/09/01 11:26:40 fetching corpus: 6300, signal 172554/190507 (executing program) 2025/09/01 11:26:41 fetching corpus: 6350, signal 172866/190512 (executing program) 2025/09/01 11:26:41 fetching corpus: 6400, signal 173186/190512 (executing program) 2025/09/01 11:26:41 fetching corpus: 6450, signal 173634/190529 (executing program) 2025/09/01 11:26:41 fetching corpus: 6500, signal 174021/190534 (executing program) 2025/09/01 11:26:41 fetching corpus: 6550, signal 174437/190546 (executing program) 2025/09/01 11:26:41 fetching corpus: 6600, signal 174816/190552 (executing program) 2025/09/01 11:26:41 fetching corpus: 6650, signal 175062/190568 (executing program) 2025/09/01 11:26:41 fetching corpus: 6700, signal 175333/190581 (executing program) 2025/09/01 11:26:41 fetching corpus: 6750, signal 175766/190583 (executing program) 2025/09/01 11:26:41 fetching corpus: 6800, signal 176113/190619 (executing program) 2025/09/01 11:26:41 fetching corpus: 6850, signal 176498/190621 (executing program) 2025/09/01 11:26:41 fetching corpus: 6900, signal 176768/190626 (executing program) 2025/09/01 11:26:42 fetching corpus: 6950, signal 177532/190634 (executing program) 2025/09/01 11:26:42 fetching corpus: 7000, signal 177773/190635 (executing program) 2025/09/01 11:26:42 fetching corpus: 7050, signal 178055/190639 (executing program) 2025/09/01 11:26:42 fetching corpus: 7100, signal 178340/190644 (executing program) 2025/09/01 11:26:42 fetching corpus: 7150, signal 178690/190649 (executing program) 2025/09/01 11:26:42 fetching corpus: 7200, signal 178940/190649 (executing program) 2025/09/01 11:26:42 fetching corpus: 7250, signal 179241/190651 (executing program) 2025/09/01 11:26:42 fetching corpus: 7300, signal 179484/190652 (executing program) 2025/09/01 11:26:42 fetching corpus: 7350, signal 179736/190668 (executing program) 2025/09/01 11:26:42 fetching corpus: 7400, signal 179946/190681 (executing program) 2025/09/01 11:26:42 fetching corpus: 7450, signal 180210/190687 (executing program) 2025/09/01 11:26:43 fetching corpus: 7500, signal 180659/190699 (executing program) 2025/09/01 11:26:43 fetching corpus: 7550, signal 180996/190703 (executing program) 2025/09/01 11:26:43 fetching corpus: 7600, signal 181330/190710 (executing program) 2025/09/01 11:26:43 fetching corpus: 7650, signal 181689/190719 (executing program) 2025/09/01 11:26:43 fetching corpus: 7700, signal 181967/190727 (executing program) 2025/09/01 11:26:43 fetching corpus: 7750, signal 182376/190730 (executing program) 2025/09/01 11:26:43 fetching corpus: 7800, signal 182681/190735 (executing program) 2025/09/01 11:26:43 fetching corpus: 7850, signal 182965/190740 (executing program) 2025/09/01 11:26:43 fetching corpus: 7900, signal 183289/190748 (executing program) 2025/09/01 11:26:43 fetching corpus: 7950, signal 184882/190749 (executing program) 2025/09/01 11:26:43 fetching corpus: 8000, signal 185230/190751 (executing program) 2025/09/01 11:26:43 fetching corpus: 8050, signal 185508/190763 (executing program) 2025/09/01 11:26:43 fetching corpus: 8100, signal 185939/190790 (executing program) 2025/09/01 11:26:44 fetching corpus: 8150, signal 186346/190793 (executing program) 2025/09/01 11:26:44 fetching corpus: 8200, signal 186559/190794 (executing program) 2025/09/01 11:26:44 fetching corpus: 8250, signal 186770/190797 (executing program) 2025/09/01 11:26:44 fetching corpus: 8300, signal 186983/190799 (executing program) 2025/09/01 11:26:44 fetching corpus: 8350, signal 187205/190804 (executing program) 2025/09/01 11:26:44 fetching corpus: 8400, signal 187386/190814 (executing program) 2025/09/01 11:26:44 fetching corpus: 8450, signal 187628/190831 (executing program) 2025/09/01 11:26:44 fetching corpus: 8500, signal 187919/190861 (executing program) 2025/09/01 11:26:44 fetching corpus: 8522, signal 188028/190861 (executing program) 2025/09/01 11:26:44 fetching corpus: 8522, signal 188028/190861 (executing program) 2025/09/01 11:26:46 starting 8 fuzzer processes 11:26:46 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) inotify_rm_watch(r0, r1) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 11:26:46 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0) 11:26:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000040)=0x6, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x40, &(0x7f0000000000)=0x9b, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 11:26:46 executing program 2: add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r0 = request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000940)={'syz', 0x2}, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r1, &(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, r0) 11:26:46 executing program 6: openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sysvipc/shm\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240), &(0x7f0000000280)={0x1f}, 0x0, 0x0, 0x0) 11:26:46 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)={0x28, 0x21, 0x1, 0x0, 0x0, "", [@nested={0x2, 0x0, 0x0, 0x1, [@typed={0x14, 0x300, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}]}, 0x28}], 0x1}, 0x0) [ 85.887883] audit: type=1400 audit(1756726006.663:7): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:26:46 executing program 4: fsmount(0xffffffffffffffff, 0x0, 0x932677769043fb63) 11:26:46 executing program 5: r0 = epoll_create(0x6) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x4}) epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0xa9aaaa0a) [ 87.071949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.077058] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.087995] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.095011] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.099082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.131143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.135733] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.139886] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.142568] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.146208] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.148331] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.156103] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.165931] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.175900] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.190589] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.205060] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.207567] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.209189] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.212910] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.222393] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.234966] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.238884] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.241206] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.245775] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.251923] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.257920] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.275975] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.303922] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.307082] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.318894] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.321509] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.322918] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.326375] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.330372] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.340838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.342044] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.348957] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.349709] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.386013] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.392430] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 89.165348] Bluetooth: hci0: command tx timeout [ 89.228712] Bluetooth: hci1: command tx timeout [ 89.228817] Bluetooth: hci2: command tx timeout [ 89.293045] Bluetooth: hci3: command tx timeout [ 89.357043] Bluetooth: hci4: command tx timeout [ 89.421531] Bluetooth: hci6: command tx timeout [ 89.421759] Bluetooth: hci5: command tx timeout [ 89.484835] Bluetooth: hci7: command tx timeout [ 91.212815] Bluetooth: hci0: command tx timeout [ 91.276706] Bluetooth: hci1: command tx timeout [ 91.276733] Bluetooth: hci2: command tx timeout [ 91.340763] Bluetooth: hci3: command tx timeout [ 91.405066] Bluetooth: hci4: command tx timeout [ 91.468749] Bluetooth: hci5: command tx timeout [ 91.469206] Bluetooth: hci6: command tx timeout [ 91.532763] Bluetooth: hci7: command tx timeout [ 93.260692] Bluetooth: hci0: command tx timeout [ 93.325666] Bluetooth: hci1: command tx timeout [ 93.325827] Bluetooth: hci2: command tx timeout [ 93.389802] Bluetooth: hci3: command tx timeout [ 93.452793] Bluetooth: hci4: command tx timeout [ 93.516773] Bluetooth: hci6: command tx timeout [ 93.516794] Bluetooth: hci5: command tx timeout [ 93.581722] Bluetooth: hci7: command tx timeout [ 95.308763] Bluetooth: hci0: command tx timeout [ 95.372843] Bluetooth: hci2: command tx timeout [ 95.372934] Bluetooth: hci1: command tx timeout [ 95.437704] Bluetooth: hci3: command tx timeout [ 95.501736] Bluetooth: hci4: command tx timeout [ 95.564759] Bluetooth: hci5: command tx timeout [ 95.566739] Bluetooth: hci6: command tx timeout [ 95.628687] Bluetooth: hci7: command tx timeout [ 125.283111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.284312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.525438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.526158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.725784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.726453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.833244] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.834256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:27:26 executing program 5: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) [ 125.971227] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.972132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.025994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.026925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.119676] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.120334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:27:26 executing program 5: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) [ 126.270251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.270897] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:27:27 executing program 4: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) [ 126.359549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.360200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:27:27 executing program 5: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) [ 126.421984] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.422783] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.493918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.494554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:27:27 executing program 6: syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @source_quench={0x5, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x29, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xd, "9fb8dedc4ea32f0be3c415"}]}]}}}}}}}, 0x0) 11:27:27 executing program 4: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) 11:27:27 executing program 5: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) 11:27:27 executing program 6: syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @source_quench={0x5, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x29, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xd, "9fb8dedc4ea32f0be3c415"}]}]}}}}}}}, 0x0) [ 126.592516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.593224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.619574] kmemleak: Found object by alias at 0x607f1a62f694 [ 126.619591] CPU: 1 UID: 0 PID: 3902 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.619610] Tainted: [W]=WARN [ 126.619614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.619626] Call Trace: [ 126.619631] [ 126.619636] dump_stack_lvl+0xca/0x120 [ 126.619670] __lookup_object+0x94/0xb0 [ 126.619689] delete_object_full+0x27/0x70 [ 126.619706] free_percpu+0x30/0x1160 [ 126.619723] ? arch_uprobe_clear_state+0x16/0x140 [ 126.619744] futex_hash_free+0x38/0xc0 [ 126.619760] mmput+0x2d3/0x390 [ 126.619780] do_exit+0x79d/0x2970 [ 126.619794] ? lock_release+0xc8/0x290 [ 126.619812] ? __pfx_do_exit+0x10/0x10 [ 126.619827] ? find_held_lock+0x2b/0x80 [ 126.619845] ? get_signal+0x835/0x2340 [ 126.619866] do_group_exit+0xd3/0x2a0 [ 126.619882] get_signal+0x2315/0x2340 [ 126.619905] ? __pfx_get_signal+0x10/0x10 [ 126.619922] ? do_futex+0x135/0x370 [ 126.619936] ? __pfx_do_futex+0x10/0x10 [ 126.619952] arch_do_signal_or_restart+0x80/0x790 [ 126.619971] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 126.619988] ? __x64_sys_futex+0x1c9/0x4d0 [ 126.620001] ? __x64_sys_futex+0x1d2/0x4d0 [ 126.620016] ? __pfx___x64_sys_futex+0x10/0x10 [ 126.620035] exit_to_user_mode_loop+0x8b/0x110 [ 126.620049] do_syscall_64+0x2f7/0x360 [ 126.620063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.620076] RIP: 0033:0x7f4999ff1b19 [ 126.620086] Code: Unable to access opcode bytes at 0x7f4999ff1aef. [ 126.620092] RSP: 002b:00007f4997567218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.620103] RAX: fffffffffffffe00 RBX: 00007f499a104f68 RCX: 00007f4999ff1b19 [ 126.620112] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f499a104f68 [ 126.620119] RBP: 00007f499a104f60 R08: 0000000000000000 R09: 0000000000000000 [ 126.620126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f499a104f6c [ 126.620134] R13: 00007fff178d071f R14: 00007f4997567300 R15: 0000000000022000 [ 126.620150] [ 126.620154] kmemleak: Object (percpu) 0x607f1a62f690 (size 8): [ 126.620161] kmemleak: comm "syz-executor.0", pid 289, jiffies 4294793483 [ 126.620168] kmemleak: min_count = 1 [ 126.620172] kmemleak: count = 0 [ 126.620176] kmemleak: flags = 0x21 [ 126.620180] kmemleak: checksum = 0 [ 126.620184] kmemleak: backtrace: [ 126.620188] pcpu_alloc_noprof+0x87a/0x1170 [ 126.620204] percpu_ref_init+0x37/0x400 [ 126.620215] cgroup_mkdir+0x28a/0x1110 [ 126.620229] kernfs_iop_mkdir+0x111/0x190 [ 126.620246] vfs_mkdir+0x59a/0x8d0 [ 126.620263] do_mkdirat+0x19f/0x3d0 [ 126.620274] __x64_sys_mkdir+0xf3/0x140 [ 126.620286] do_syscall_64+0xbf/0x360 [ 126.620295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.678507] kmemleak: Cannot insert 0x607f1a62f694 into the object search tree (overlaps existing) [ 126.678524] CPU: 1 UID: 0 PID: 289 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.678543] Tainted: [W]=WARN [ 126.678547] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.678554] Call Trace: [ 126.678558] [ 126.678563] dump_stack_lvl+0xca/0x120 [ 126.678592] __link_object+0x190/0x210 [ 126.678610] __create_object+0x48/0x80 [ 126.678634] pcpu_alloc_noprof+0x87a/0x1170 [ 126.678660] __percpu_counter_init_many+0x44/0x360 [ 126.678679] fprop_local_init_percpu+0x2b/0xb0 [ 126.678699] wb_init+0x583/0x740 [ 126.678711] wb_get_create+0x225/0x1120 [ 126.678725] ? __inode_attach_wb+0x2c8/0xc70 [ 126.678741] ? lock_release+0xc8/0x290 [ 126.678758] __inode_attach_wb+0x2e2/0xc70 [ 126.678777] __mark_inode_dirty+0xae3/0xd00 [ 126.678793] ext4_mb_new_blocks+0x5f5/0x45b0 [ 126.678812] ? kasan_save_track+0x14/0x30 [ 126.678829] ? __kasan_kmalloc+0x7f/0x90 [ 126.678843] ? trace_kmalloc+0x1f/0xb0 [ 126.678858] ? __kmalloc_noprof+0x29d/0x6e0 [ 126.678876] ? ext4_find_extent+0x7f5/0xa00 [ 126.678893] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 126.678907] ? ext4_ext_search_right+0x2e8/0xbd0 [ 126.678922] ? ext4_inode_to_goal_block+0x323/0x430 [ 126.678940] ext4_ext_map_blocks+0x1c4b/0x5f70 [ 126.678962] ? lock_acquire+0x15e/0x2f0 [ 126.678975] ? fs_reclaim_acquire+0xae/0x150 [ 126.678991] ? lock_is_held_type+0x9e/0x120 [ 126.679013] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 126.679033] ? look_up_lock_class+0x56/0x150 [ 126.679052] ? lock_acquire+0x15e/0x2f0 [ 126.679065] ? ext4_map_blocks+0x55b/0x14a0 [ 126.679085] ? __pfx_down_write+0x10/0x10 [ 126.679096] ? ext4_es_lookup_extent+0xc8/0xb30 [ 126.679120] ext4_map_blocks+0x624/0x14a0 [ 126.679134] ? __up_read+0x197/0x750 [ 126.679150] ? __pfx_ext4_map_blocks+0x10/0x10 [ 126.679161] ? __pfx___up_read+0x10/0x10 [ 126.679177] ? lock_release+0xc8/0x290 [ 126.679193] ? ext4_map_blocks+0x1e0/0x14a0 [ 126.679209] ext4_getblk+0x682/0x8e0 [ 126.679222] ? __pfx_ext4_getblk+0x10/0x10 [ 126.679232] ? __pfx_security_inode_init_security+0x10/0x10 [ 126.679251] ? crc32c+0x1ae/0x350 [ 126.679267] ext4_bread+0x2e/0x1a0 [ 126.679280] ext4_append+0x224/0x530 [ 126.679296] ? __pfx_ext4_append+0x10/0x10 [ 126.679311] ? __pfx___ext4_new_inode+0x10/0x10 [ 126.679330] ext4_init_new_dir+0x13c/0x240 [ 126.679346] ? __pfx_ext4_init_new_dir+0x10/0x10 [ 126.679368] ext4_mkdir+0x3c5/0xb30 [ 126.679388] ? __pfx_ext4_mkdir+0x10/0x10 [ 126.679404] ? security_inode_permission+0x72/0xe0 [ 126.679426] vfs_mkdir+0x59a/0x8d0 [ 126.679447] do_mkdirat+0x19f/0x3d0 [ 126.679462] ? __pfx_do_mkdirat+0x10/0x10 [ 126.679480] __x64_sys_mkdir+0xf3/0x140 [ 126.679494] do_syscall_64+0xbf/0x360 [ 126.679508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.679521] RIP: 0033:0x7f930b7acc27 [ 126.679530] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.679542] RSP: 002b:00007ffe1ac3d1e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 126.679554] RAX: ffffffffffffffda RBX: 00007ffe1ac3d270 RCX: 00007f930b7acc27 [ 126.679562] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffe1ac3d270 [ 126.679569] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000003 [ 126.679576] R10: 00007ffe1ac3cf87 R11: 0000000000000206 R12: 0000000000000003 [ 126.679583] R13: 00007f930b88d140 R14: 00007f930b88de48 R15: 00007ffe1ac3d2b0 [ 126.679600] [ 126.679962] kmemleak: Kernel memory leak detector disabled [ 126.679966] kmemleak: Object (percpu) 0x607f1a62f690 (size 8): [ 126.679974] kmemleak: comm "syz-executor.0", pid 289, jiffies 4294793483 [ 126.679980] kmemleak: min_count = 1 [ 126.679985] kmemleak: count = 0 [ 126.679988] kmemleak: flags = 0x21 [ 126.679992] kmemleak: checksum = 0 [ 126.679996] kmemleak: backtrace: [ 126.680000] pcpu_alloc_noprof+0x87a/0x1170 [ 126.680016] percpu_ref_init+0x37/0x400 [ 126.680026] cgroup_mkdir+0x28a/0x1110 [ 126.680041] kernfs_iop_mkdir+0x111/0x190 [ 126.680057] vfs_mkdir+0x59a/0x8d0 [ 126.680072] do_mkdirat+0x19f/0x3d0 [ 126.680083] __x64_sys_mkdir+0xf3/0x140 [ 126.680094] do_syscall_64+0xbf/0x360 [ 126.680104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.685047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.686448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.705712] audit: type=1400 audit(1756726047.479:8): avc: denied { open } for pid=3909 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.727695] audit: type=1400 audit(1756726047.479:9): avc: denied { kernel } for pid=3909 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.741682] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.742264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.746659] audit: type=1400 audit(1756726047.516:10): avc: denied { watch_reads } for pid=3909 comm="syz-executor.0" path="/syzkaller-testdir667152701/syzkaller.DBo0NC/0" dev="sda" ino=15972 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 [ 126.839800] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. [ 126.855680] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.856301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.869863] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.871088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.993449] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:27:27 executing program 1: add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r0 = request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000940)={'syz', 0x2}, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r1, &(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, r0) 11:27:27 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0) 11:27:27 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0) 11:27:27 executing program 6: syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @source_quench={0x5, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x29, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xd, "9fb8dedc4ea32f0be3c415"}]}]}}}}}}}, 0x0) 11:27:27 executing program 2: add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r0 = request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000940)={'syz', 0x2}, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r1, &(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, r0) 11:27:27 executing program 5: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x82702, 0x0) 11:27:27 executing program 4: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) geteuid() syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) io_setup(0x401, &(0x7f0000000bc0)=0x0) io_cancel(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000c40)}, &(0x7f0000000cc0)) 11:27:27 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) inotify_rm_watch(r0, r1) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 11:27:27 executing program 6: syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @source_quench={0x5, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x29, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xd, "9fb8dedc4ea32f0be3c415"}]}]}}}}}}}, 0x0) 11:27:27 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0) 11:27:27 executing program 1: add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r0 = request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000940)={'syz', 0x2}, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r1, &(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, r0) 11:27:27 executing program 2: add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r0 = request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000940)={'syz', 0x2}, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r1, &(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, r0) 11:27:27 executing program 5: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x82702, 0x0) 11:27:27 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0) 11:27:27 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0) 11:27:27 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) inotify_rm_watch(r0, r1) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 11:27:28 executing program 4: setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0) clone3(&(0x7f0000000240)={0x61020100, &(0x7f00000056c0), 0x0, 0x0, {}, &(0x7f00000001c0)=""/96, 0x54, 0x0, &(0x7f0000000000), 0x3}, 0x58) 11:27:28 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sync() [ 127.285471] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 127.287468] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.289626] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.293293] Tainted: [W]=WARN [ 127.294766] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.297176] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.298750] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.301278] RSP: 0018:ffff888045da7800 EFLAGS: 00010212 [ 127.302046] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.303046] RDX: ffff888013b50000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.304048] RBP: ffff888045da7a70 R08: ffff88806ce31340 R09: ffffe8ffffc07690 [ 127.305044] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.306045] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.307045] FS: 00005555671a0400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 127.308183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.309001] CR2: 0000001b2d822000 CR3: 000000000d1f2000 CR4: 0000000000350ef0 [ 127.310008] Call Trace: [ 127.310387] [ 127.310724] ? arch_scale_cpu_capacity+0x17/0xa0 [ 127.311420] ? __pfx_perf_tp_event+0x10/0x10 [ 127.312058] ? __asan_memset+0x24/0x50 [ 127.312649] ? perf_trace_lock+0xb5/0x5d0 [ 127.313255] ? kvm_sched_clock_read+0x16/0x30 [ 127.313917] ? sched_clock+0x37/0x60 [ 127.314463] ? sched_clock_cpu+0x6c/0x4e0 [ 127.315063] ? lock_is_held_type+0x9e/0x120 [ 127.315697] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.316410] perf_trace_run_bpf_submit+0xef/0x180 [ 127.317113] perf_trace_lock+0x337/0x5d0 [ 127.317714] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.318381] ? lock_acquire+0x15e/0x2f0 [ 127.318961] ? futex_ref_get+0x48/0x300 [ 127.319534] ? futex_ref_get+0x114/0x300 [ 127.320110] ? futex_hash+0x15c/0x390 [ 127.320663] lock_release+0x1ab/0x290 [ 127.321228] ? futex_hash+0x15c/0x390 [ 127.321805] futex_ref_get+0x119/0x300 [ 127.322397] ? futex_hash+0x15c/0x390 [ 127.322961] futex_hash+0x70/0x390 [ 127.323498] futex_wake+0x143/0x540 [ 127.324030] ? put_pid+0x1f/0x30 [ 127.324519] ? kernel_clone+0x204/0x7f0 [ 127.325095] ? __pfx_futex_wake+0x10/0x10 [ 127.325709] ? __pfx_kernel_clone+0x10/0x10 [ 127.326329] ? __lock_acquire+0x694/0x1b70 [ 127.326945] do_futex+0x26d/0x370 [ 127.327460] ? __pfx_do_futex+0x10/0x10 [ 127.328046] ? __pfx___do_sys_clone+0x10/0x10 [ 127.328703] ? find_held_lock+0x2b/0x80 [ 127.329296] __x64_sys_futex+0x1c9/0x4d0 [ 127.329896] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.330752] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.331420] ? xfd_validate_state+0x55/0x180 [ 127.332085] do_syscall_64+0xbf/0x360 [ 127.332639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.333382] RIP: 0033:0x7f4999ff1b19 [ 127.333930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.336554] RSP: 002b:00007fff178d0798 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.337653] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4999ff1b19 [ 127.338806] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f499a104f68 [ 127.339837] RBP: 00007f499a104f60 R08: 00007f4997567700 R09: 0000000000000000 [ 127.340855] R10: 00007f4997567700 R11: 0000000000000246 R12: 00007f499a1090b8 [ 127.341920] R13: 00007fff178d08a0 R14: 00007f499a104f60 R15: 000000000001f0cb [ 127.342970] [ 127.343317] Modules linked in: [ 127.343801] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 127.344762] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 127.345397] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.346384] Tainted: [D]=DIE, [W]=WARN [ 127.346703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.347365] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.347757] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.349251] RSP: 0018:ffff8880172d7780 EFLAGS: 00010012 [ 127.349700] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000605d000 [ 127.350289] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 127.350873] RBP: ffff8880172d79f0 R08: ffff88806cf31340 R09: ffffe8ffffd166b0 [ 127.351462] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 127.352052] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.352643] FS: 00007f145683f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 127.353323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.353814] CR2: 00007f14593dd018 CR3: 00000000139f9000 CR4: 0000000000350ef0 [ 127.354403] Call Trace: [ 127.354616] [ 127.354807] ? __is_insn_slot_addr+0x140/0x290 [ 127.355201] ? __pfx_perf_tp_event+0x10/0x10 [ 127.355573] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 127.356083] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 127.356614] ? lock_is_held_type+0x9e/0x120 [ 127.356985] ? lock_is_held_type+0x9e/0x120 [ 127.357355] ? perf_trace_lock+0xb5/0x5d0 [ 127.357710] ? perf_trace_lock+0xb5/0x5d0 [ 127.358057] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.358441] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.358830] ? find_held_lock+0x2b/0x80 [ 127.359172] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.359597] ? lock_release+0xc8/0x290 [ 127.359924] perf_trace_run_bpf_submit+0xef/0x180 [ 127.360331] perf_trace_preemptirq_template+0x259/0x430 [ 127.360773] ? mark_held_locks+0x49/0x80 [ 127.361118] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.361617] ? perf_trace_lock+0xb5/0x5d0 [ 127.361963] ? __lock_acquire+0xc65/0x1b70 [ 127.362320] ? perf_trace_lock+0xb5/0x5d0 [ 127.362677] ? _raw_spin_lock_irqsave+0x53/0x60 [ 127.363072] trace_irq_disable.constprop.0+0xa6/0x100 [ 127.363501] _raw_spin_lock_irqsave+0x53/0x60 [ 127.363881] try_to_wake_up+0xa0/0x11d0 [ 127.364222] ? futex_ref_get+0x114/0x300 [ 127.364562] ? futex_hash+0x15c/0x390 [ 127.364885] ? __pfx_try_to_wake_up+0x10/0x10 [ 127.365264] ? plist_del+0x122/0x270 [ 127.365588] ? futex_wake+0x474/0x540 [ 127.365917] wake_up_q+0xa1/0x130 [ 127.366219] futex_wake+0x47e/0x540 [ 127.366555] ? __pfx_futex_wake+0x10/0x10 [ 127.366944] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 127.367416] ? lock_release+0xc8/0x290 [ 127.367778] do_futex+0x26d/0x370 [ 127.368105] ? __pfx_do_futex+0x10/0x10 [ 127.368488] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 127.368945] ? find_held_lock+0x2b/0x80 [ 127.369270] __x64_sys_futex+0x1c9/0x4d0 [ 127.369620] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.370088] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.370458] do_syscall_64+0xbf/0x360 [ 127.370763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.371180] RIP: 0033:0x7f14592c9b19 [ 127.371480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.372928] RSP: 002b:00007f145683f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.373532] RAX: ffffffffffffffda RBX: 00007f14593dcf68 RCX: 00007f14592c9b19 [ 127.374111] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f14593dcf6c [ 127.374677] RBP: 00007f14593dcf60 R08: 000000000000000e R09: 0000000000000000 [ 127.375239] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f14593dcf6c [ 127.375805] R13: 00007ffeb120840f R14: 00007f145683f300 R15: 0000000000022000 [ 127.376375] [ 127.376565] Modules linked in: [ 127.376832] ---[ end trace 0000000000000000 ]--- [ 127.376833] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 127.377207] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.378779] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.379146] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.380362] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.381784] RSP: 0018:ffff888045da7800 EFLAGS: 00010212 [ 127.383449] Tainted: [D]=DIE, [W]=WARN [ 127.383862] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.384409] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.384966] RDX: ffff888013b50000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.386160] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.386719] RBP: ffff888045da7a70 R08: ffff88806ce31340 R09: ffffe8ffffc07690 [ 127.387373] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.387927] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.390498] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 127.391054] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.391059] [ 127.391067] FS: 00007f145683f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 127.391809] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.392434] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.392678] RDX: ffff888013b50000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.393374] CR2: 00007f14593dd018 CR3: 00000000139f9000 CR4: 0000000000350ef0 [ 127.394392] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc07690 [ 127.394847] note: syz-executor.6[3965] exited with irqs disabled [ 127.395842] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 127.399325] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 127.400348] FS: 00005555671a0400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 127.401503] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.402387] CR2: 0000001b2d822000 CR3: 000000000d1f2000 CR4: 0000000000350ef0 [ 127.403456] Call Trace: [ 127.403852] [ 127.404197] ? __pfx_perf_tp_event+0x10/0x10 [ 127.404859] ? trace_pelt_se_tp+0xdf/0x130 [ 127.405475] ? __update_load_avg_se+0x428/0xa40 [ 127.406171] ? lock_is_held_type+0x9e/0x120 [ 127.406807] ? perf_trace_lock+0xb5/0x5d0 [ 127.407412] ? perf_trace_lock+0xb5/0x5d0 [ 127.408019] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.408684] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.409349] ? check_preempt_wakeup_fair+0x406/0x950 [ 127.410110] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.410837] perf_trace_run_bpf_submit+0xef/0x180 [ 127.411546] perf_trace_lock+0x337/0x5d0 [ 127.412147] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.412819] ? find_held_lock+0x2b/0x80 [ 127.413408] ? hrtimer_interrupt+0x114/0x830 [ 127.414064] lock_release+0x1ab/0x290 [ 127.414628] ktime_get_update_offsets_now+0xab/0x3c0 [ 127.415367] ? hrtimer_interrupt+0x114/0x830 [ 127.416007] ? __pfx_lapic_next_deadline+0x10/0x10 [ 127.416725] hrtimer_interrupt+0x114/0x830 [ 127.417343] ? __pfx_do_sync_core+0x10/0x10 [ 127.417976] ? trace_csd_function_exit+0x134/0x190 [ 127.418696] ? __flush_smp_call_function_queue+0x28c/0x740 [ 127.419511] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 127.420249] sysvec_apic_timer_interrupt+0x6b/0x80 [ 127.420954] [ 127.421282] [ 127.421615] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 127.422355] RIP: 0010:oops_exit+0x0/0x50 [ 127.422947] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 127.425468] RSP: 0018:ffff888045da7690 EFLAGS: 00000202 [ 127.426225] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 127.427220] RDX: ffff888013b50000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 127.428215] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 127.429207] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888045da7758 [ 127.430202] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 127.431200] ? add_taint+0x5f/0xd0 [ 127.431716] ? oops_end+0x4a/0xe0 [ 127.432240] oops_end+0x65/0xe0 [ 127.432729] exc_general_protection+0x1a2/0x330 [ 127.433411] asm_exc_general_protection+0x26/0x30 [ 127.434113] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.434784] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.437376] RSP: 0018:ffff888045da7800 EFLAGS: 00010212 [ 127.438136] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.439129] RDX: ffff888013b50000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.440143] RBP: ffff888045da7a70 R08: ffff88806ce31340 R09: ffffe8ffffc07690 [ 127.441161] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.442191] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.443223] ? perf_tp_event+0x167/0xe70 [ 127.443820] ? arch_scale_cpu_capacity+0x17/0xa0 [ 127.444509] ? __pfx_perf_tp_event+0x10/0x10 [ 127.445151] ? __asan_memset+0x24/0x50 [ 127.445737] ? perf_trace_lock+0xb5/0x5d0 [ 127.446335] ? kvm_sched_clock_read+0x16/0x30 [ 127.446988] ? sched_clock+0x37/0x60 [ 127.447537] ? sched_clock_cpu+0x6c/0x4e0 [ 127.448147] ? lock_is_held_type+0x9e/0x120 [ 127.448781] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.449518] perf_trace_run_bpf_submit+0xef/0x180 [ 127.450258] perf_trace_lock+0x337/0x5d0 [ 127.450865] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.451534] ? lock_acquire+0x15e/0x2f0 [ 127.452111] ? futex_ref_get+0x48/0x300 [ 127.452699] ? futex_ref_get+0x114/0x300 [ 127.453284] ? futex_hash+0x15c/0x390 [ 127.453839] lock_release+0x1ab/0x290 [ 127.454399] ? futex_hash+0x15c/0x390 [ 127.454941] futex_ref_get+0x119/0x300 [ 127.455500] ? futex_hash+0x15c/0x390 [ 127.456053] futex_hash+0x70/0x390 [ 127.456571] futex_wake+0x143/0x540 [ 127.457121] ? put_pid+0x1f/0x30 [ 127.457632] ? kernel_clone+0x204/0x7f0 [ 127.458229] ? __pfx_futex_wake+0x10/0x10 [ 127.458865] ? __pfx_kernel_clone+0x10/0x10 [ 127.459502] ? __lock_acquire+0x694/0x1b70 [ 127.460131] do_futex+0x26d/0x370 [ 127.460636] ? __pfx_do_futex+0x10/0x10 [ 127.461219] ? __pfx___do_sys_clone+0x10/0x10 [ 127.461865] ? find_held_lock+0x2b/0x80 [ 127.462447] __x64_sys_futex+0x1c9/0x4d0 [ 127.463039] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.463871] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.464528] ? xfd_validate_state+0x55/0x180 [ 127.465179] do_syscall_64+0xbf/0x360 [ 127.465732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.466464] RIP: 0033:0x7f4999ff1b19 [ 127.467005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.469629] RSP: 002b:00007fff178d0798 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.470765] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4999ff1b19 [ 127.471825] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f499a104f68 [ 127.472884] RBP: 00007f499a104f60 R08: 00007f4997567700 R09: 0000000000000000 [ 127.473955] R10: 00007f4997567700 R11: 0000000000000246 R12: 00007f499a1090b8 [ 127.475019] R13: 00007fff178d08a0 R14: 00007f499a104f60 R15: 000000000001f0cb [ 127.476093] [ 127.476454] Modules linked in: [ 127.476948] ---[ end trace 0000000000000000 ]--- [ 127.476949] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 127.477668] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.478647] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 127.479321] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.479963] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.482554] RSP: 0018:ffff888045da7800 EFLAGS: 00010212 [ 127.483502] Tainted: [D]=DIE, [W]=WARN [ 127.483511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.484252] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.484559] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.485723] RDX: ffff888013b50000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.486297] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.486949] RBP: ffff888045da7a70 R08: ffff88806ce31340 R09: ffffe8ffffc07690 [ 127.487516] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010012 [ 127.490085] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.490657] [ 127.491399] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.491971] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 127.492224] FS: 00005555671a0400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 127.492788] RDX: ffff88801722b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 127.493803] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.494436] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd166b0 [ 127.495446] CR2: 0000001b2d822000 CR3: 000000000d1f2000 CR4: 0000000000350ef0 [ 127.495907] R10: 0000000000000000 R11: ffff88801b6ddc98 R12: dffffc0000000000 [ 127.496911] Kernel panic - not syncing: Fatal exception in interrupt [ 128.599768] Shutting down cpus with NMI [ 128.602139] Kernel Offset: disabled [ 128.602585] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:27:28 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045da7140 R8 =0000000000000000 R9 =ffffed10013e4046 R10=00000000000fe503 R11=3a6465746e696154 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e52a2 R15=dffffc0000000000 RIP=ffffffff828e50c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555671a0400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d822000 CR3=000000000d1f2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f499a0d87c000007f499a0d87c8 XMM02=00007f499a0d87e000007f499a0d87c0 XMM03=00007f499a0d87c800007f499a0d87c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff8880172d7530 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff11002e5aea7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff8880172d7568 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f145683f700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f14593dd018 CR3=00000000139f9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f14593b07c000007f14593b07c8 XMM02=00007f14593b07e000007f14593b07c0 XMM03=00007f14593b07c800007f14593b07c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000