Warning: Permanently added '[localhost]:37303' (ECDSA) to the list of known hosts. 2025/08/29 09:54:34 fuzzer started 2025/08/29 09:54:34 dialing manager at localhost:43077 syzkaller login: [ 55.922012] cgroup: Unknown subsys name 'net' [ 56.042168] cgroup: Unknown subsys name 'cpuset' [ 56.078858] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:54:45 syscalls: 2214 2025/08/29 09:54:45 code coverage: enabled 2025/08/29 09:54:45 comparison tracing: enabled 2025/08/29 09:54:45 extra coverage: enabled 2025/08/29 09:54:45 setuid sandbox: enabled 2025/08/29 09:54:45 namespace sandbox: enabled 2025/08/29 09:54:45 Android sandbox: enabled 2025/08/29 09:54:45 fault injection: enabled 2025/08/29 09:54:45 leak checking: enabled 2025/08/29 09:54:45 net packet injection: enabled 2025/08/29 09:54:45 net device setup: enabled 2025/08/29 09:54:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:54:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:54:45 USB emulation: enabled 2025/08/29 09:54:45 hci packet injection: enabled 2025/08/29 09:54:45 wifi device emulation: enabled 2025/08/29 09:54:45 802.15.4 emulation: enabled 2025/08/29 09:54:45 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:54:46 fetching corpus: 50, signal 18743/22300 (executing program) 2025/08/29 09:54:46 fetching corpus: 100, signal 31325/36190 (executing program) 2025/08/29 09:54:46 fetching corpus: 150, signal 42211/48166 (executing program) 2025/08/29 09:54:46 fetching corpus: 200, signal 48239/55303 (executing program) 2025/08/29 09:54:46 fetching corpus: 250, signal 53009/61132 (executing program) 2025/08/29 09:54:46 fetching corpus: 300, signal 56463/65676 (executing program) 2025/08/29 09:54:46 fetching corpus: 350, signal 59265/69573 (executing program) 2025/08/29 09:54:46 fetching corpus: 400, signal 62748/73951 (executing program) 2025/08/29 09:54:46 fetching corpus: 450, signal 65758/77882 (executing program) 2025/08/29 09:54:47 fetching corpus: 500, signal 70536/83295 (executing program) 2025/08/29 09:54:47 fetching corpus: 550, signal 72451/86106 (executing program) 2025/08/29 09:54:47 fetching corpus: 600, signal 75845/90125 (executing program) 2025/08/29 09:54:47 fetching corpus: 650, signal 78227/93233 (executing program) 2025/08/29 09:54:47 fetching corpus: 700, signal 82112/97544 (executing program) 2025/08/29 09:54:47 fetching corpus: 750, signal 85398/101261 (executing program) 2025/08/29 09:54:47 fetching corpus: 800, signal 87155/103637 (executing program) 2025/08/29 09:54:47 fetching corpus: 850, signal 89445/106473 (executing program) 2025/08/29 09:54:47 fetching corpus: 900, signal 91975/109461 (executing program) 2025/08/29 09:54:47 fetching corpus: 950, signal 93349/111399 (executing program) 2025/08/29 09:54:48 fetching corpus: 1000, signal 95697/113989 (executing program) 2025/08/29 09:54:48 fetching corpus: 1050, signal 97808/116470 (executing program) 2025/08/29 09:54:48 fetching corpus: 1100, signal 99497/118538 (executing program) 2025/08/29 09:54:48 fetching corpus: 1150, signal 100755/120248 (executing program) 2025/08/29 09:54:48 fetching corpus: 1200, signal 101921/121929 (executing program) 2025/08/29 09:54:48 fetching corpus: 1250, signal 102618/123205 (executing program) 2025/08/29 09:54:48 fetching corpus: 1300, signal 103738/124771 (executing program) 2025/08/29 09:54:48 fetching corpus: 1350, signal 105059/126421 (executing program) 2025/08/29 09:54:48 fetching corpus: 1400, signal 106890/128370 (executing program) 2025/08/29 09:54:49 fetching corpus: 1450, signal 109056/130514 (executing program) 2025/08/29 09:54:49 fetching corpus: 1500, signal 110581/132194 (executing program) 2025/08/29 09:54:49 fetching corpus: 1550, signal 113120/134452 (executing program) 2025/08/29 09:54:49 fetching corpus: 1600, signal 115107/136403 (executing program) 2025/08/29 09:54:49 fetching corpus: 1650, signal 115976/137583 (executing program) 2025/08/29 09:54:49 fetching corpus: 1700, signal 117519/139240 (executing program) 2025/08/29 09:54:49 fetching corpus: 1750, signal 118175/140231 (executing program) 2025/08/29 09:54:49 fetching corpus: 1800, signal 119610/141637 (executing program) 2025/08/29 09:54:49 fetching corpus: 1850, signal 120654/142838 (executing program) 2025/08/29 09:54:49 fetching corpus: 1900, signal 122350/144296 (executing program) 2025/08/29 09:54:50 fetching corpus: 1950, signal 123310/145392 (executing program) 2025/08/29 09:54:50 fetching corpus: 2000, signal 125242/146982 (executing program) 2025/08/29 09:54:50 fetching corpus: 2050, signal 127155/148447 (executing program) 2025/08/29 09:54:50 fetching corpus: 2100, signal 128234/149427 (executing program) 2025/08/29 09:54:50 fetching corpus: 2150, signal 129004/150255 (executing program) 2025/08/29 09:54:50 fetching corpus: 2200, signal 129677/151013 (executing program) 2025/08/29 09:54:50 fetching corpus: 2250, signal 130318/151838 (executing program) 2025/08/29 09:54:50 fetching corpus: 2300, signal 131613/152880 (executing program) 2025/08/29 09:54:50 fetching corpus: 2350, signal 132316/153623 (executing program) 2025/08/29 09:54:50 fetching corpus: 2400, signal 133254/154459 (executing program) 2025/08/29 09:54:50 fetching corpus: 2450, signal 133875/155156 (executing program) 2025/08/29 09:54:50 fetching corpus: 2500, signal 134448/155813 (executing program) 2025/08/29 09:54:51 fetching corpus: 2550, signal 135324/156603 (executing program) 2025/08/29 09:54:51 fetching corpus: 2600, signal 136163/157502 (executing program) 2025/08/29 09:54:51 fetching corpus: 2650, signal 136955/158229 (executing program) 2025/08/29 09:54:51 fetching corpus: 2700, signal 137520/158796 (executing program) 2025/08/29 09:54:51 fetching corpus: 2750, signal 138284/159401 (executing program) 2025/08/29 09:54:51 fetching corpus: 2800, signal 139318/160134 (executing program) 2025/08/29 09:54:51 fetching corpus: 2850, signal 139952/160718 (executing program) 2025/08/29 09:54:51 fetching corpus: 2900, signal 140682/161304 (executing program) 2025/08/29 09:54:51 fetching corpus: 2950, signal 141668/161934 (executing program) 2025/08/29 09:54:51 fetching corpus: 3000, signal 142491/162494 (executing program) 2025/08/29 09:54:51 fetching corpus: 3050, signal 143061/162953 (executing program) 2025/08/29 09:54:52 fetching corpus: 3100, signal 143733/163405 (executing program) 2025/08/29 09:54:52 fetching corpus: 3150, signal 144421/163848 (executing program) 2025/08/29 09:54:52 fetching corpus: 3200, signal 144959/164268 (executing program) 2025/08/29 09:54:52 fetching corpus: 3250, signal 145627/164710 (executing program) 2025/08/29 09:54:52 fetching corpus: 3300, signal 146345/165223 (executing program) 2025/08/29 09:54:52 fetching corpus: 3350, signal 147011/165650 (executing program) 2025/08/29 09:54:52 fetching corpus: 3400, signal 147688/166048 (executing program) 2025/08/29 09:54:52 fetching corpus: 3450, signal 148410/166439 (executing program) 2025/08/29 09:54:52 fetching corpus: 3500, signal 149162/166818 (executing program) 2025/08/29 09:54:53 fetching corpus: 3550, signal 149656/167142 (executing program) 2025/08/29 09:54:53 fetching corpus: 3600, signal 150079/167454 (executing program) 2025/08/29 09:54:53 fetching corpus: 3650, signal 150658/167770 (executing program) 2025/08/29 09:54:53 fetching corpus: 3700, signal 150971/168018 (executing program) 2025/08/29 09:54:53 fetching corpus: 3750, signal 151552/168305 (executing program) 2025/08/29 09:54:53 fetching corpus: 3800, signal 151941/168564 (executing program) 2025/08/29 09:54:53 fetching corpus: 3850, signal 152405/168801 (executing program) 2025/08/29 09:54:53 fetching corpus: 3900, signal 152787/169007 (executing program) 2025/08/29 09:54:53 fetching corpus: 3950, signal 153317/169232 (executing program) 2025/08/29 09:54:53 fetching corpus: 4000, signal 153999/169438 (executing program) 2025/08/29 09:54:53 fetching corpus: 4050, signal 154372/169679 (executing program) 2025/08/29 09:54:54 fetching corpus: 4100, signal 154724/169772 (executing program) 2025/08/29 09:54:54 fetching corpus: 4150, signal 155208/169807 (executing program) 2025/08/29 09:54:54 fetching corpus: 4200, signal 155858/169856 (executing program) 2025/08/29 09:54:54 fetching corpus: 4250, signal 156115/169857 (executing program) 2025/08/29 09:54:54 fetching corpus: 4300, signal 156592/169858 (executing program) 2025/08/29 09:54:54 fetching corpus: 4350, signal 156943/169870 (executing program) 2025/08/29 09:54:54 fetching corpus: 4400, signal 157345/169886 (executing program) 2025/08/29 09:54:54 fetching corpus: 4450, signal 157980/169928 (executing program) 2025/08/29 09:54:54 fetching corpus: 4500, signal 158244/169935 (executing program) 2025/08/29 09:54:55 fetching corpus: 4550, signal 158655/169945 (executing program) 2025/08/29 09:54:55 fetching corpus: 4600, signal 159058/169956 (executing program) 2025/08/29 09:54:55 fetching corpus: 4650, signal 159344/169956 (executing program) 2025/08/29 09:54:55 fetching corpus: 4700, signal 160181/169960 (executing program) 2025/08/29 09:54:55 fetching corpus: 4750, signal 160846/169981 (executing program) 2025/08/29 09:54:55 fetching corpus: 4800, signal 161308/169990 (executing program) 2025/08/29 09:54:55 fetching corpus: 4850, signal 161800/169990 (executing program) 2025/08/29 09:54:55 fetching corpus: 4900, signal 162361/170019 (executing program) 2025/08/29 09:54:55 fetching corpus: 4950, signal 163012/170022 (executing program) 2025/08/29 09:54:55 fetching corpus: 5000, signal 163523/170027 (executing program) 2025/08/29 09:54:56 fetching corpus: 5050, signal 163988/170031 (executing program) 2025/08/29 09:54:56 fetching corpus: 5100, signal 164352/170037 (executing program) 2025/08/29 09:54:56 fetching corpus: 5150, signal 164575/170045 (executing program) 2025/08/29 09:54:56 fetching corpus: 5200, signal 165037/170050 (executing program) 2025/08/29 09:54:56 fetching corpus: 5250, signal 165352/170050 (executing program) 2025/08/29 09:54:56 fetching corpus: 5300, signal 165983/170057 (executing program) 2025/08/29 09:54:56 fetching corpus: 5350, signal 166426/170080 (executing program) 2025/08/29 09:54:56 fetching corpus: 5400, signal 166755/170086 (executing program) 2025/08/29 09:54:56 fetching corpus: 5450, signal 166996/170098 (executing program) 2025/08/29 09:54:56 fetching corpus: 5500, signal 167279/170100 (executing program) 2025/08/29 09:54:57 fetching corpus: 5550, signal 167620/170112 (executing program) 2025/08/29 09:54:57 fetching corpus: 5583, signal 167772/170125 (executing program) 2025/08/29 09:54:57 fetching corpus: 5583, signal 167772/170125 (executing program) 2025/08/29 09:54:59 starting 8 fuzzer processes 09:54:59 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000080)=""/162, 0xa2) 09:54:59 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@subsystem='net_prio'}, {@name={'name', 0x3d, '\x00\x00\x00'}}]}) 09:54:59 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 09:54:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:54:59 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 09:54:59 executing program 5: syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x12, &(0x7f0000000000)=@conn_svc_rsp={0x0, 0x0, 0xa, "9ded38c7", {0x3, 0x0, 0x0, 0x7, 0x20, 0x0, 0xb4}}) kexec_load(0x2, 0x1, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x1000000}], 0x0) [ 80.248482] audit: type=1400 audit(1756461299.491:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:54:59 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0/file1\x00', 0x0) syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000002000)='./file0\x00', 0x0, 0x0, 0x0, 0x81029, &(0x7f0000002300)) 09:54:59 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x3}, 0x6) [ 81.360590] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.363200] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.365410] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.373821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.376435] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.417984] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.420710] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.425838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.435679] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.440753] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.620017] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.633582] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.635640] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.638934] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.645264] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.653412] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.659228] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.664197] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.683625] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.688874] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.693691] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.698767] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.705931] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.707848] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.709981] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.711497] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.718526] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.725391] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.730677] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.734035] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.741216] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.741595] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.745921] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.753641] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.759653] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.761531] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.765596] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.772071] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.803400] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.821581] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.453772] Bluetooth: hci0: command tx timeout [ 83.518478] Bluetooth: hci1: command tx timeout [ 83.709700] Bluetooth: hci3: command tx timeout [ 83.775468] Bluetooth: hci2: command tx timeout [ 83.837771] Bluetooth: hci5: command tx timeout [ 83.838470] Bluetooth: hci4: command tx timeout [ 83.838917] Bluetooth: hci6: command tx timeout [ 83.901518] Bluetooth: hci7: command tx timeout [ 85.501425] Bluetooth: hci0: command tx timeout [ 85.565439] Bluetooth: hci1: command tx timeout [ 85.757469] Bluetooth: hci3: command tx timeout [ 85.823367] Bluetooth: hci2: command tx timeout [ 85.885375] Bluetooth: hci6: command tx timeout [ 85.887328] Bluetooth: hci4: command tx timeout [ 85.887387] Bluetooth: hci5: command tx timeout [ 85.949443] Bluetooth: hci7: command tx timeout [ 87.549408] Bluetooth: hci0: command tx timeout [ 87.613379] Bluetooth: hci1: command tx timeout [ 87.805479] Bluetooth: hci3: command tx timeout [ 87.871325] Bluetooth: hci2: command tx timeout [ 87.933344] Bluetooth: hci5: command tx timeout [ 87.933386] Bluetooth: hci4: command tx timeout [ 87.933739] Bluetooth: hci6: command tx timeout [ 87.999405] Bluetooth: hci7: command tx timeout [ 89.598449] Bluetooth: hci0: command tx timeout [ 89.662371] Bluetooth: hci1: command tx timeout [ 89.853339] Bluetooth: hci3: command tx timeout [ 89.917346] Bluetooth: hci2: command tx timeout [ 89.983326] Bluetooth: hci4: command tx timeout [ 89.983366] Bluetooth: hci5: command tx timeout [ 89.983717] Bluetooth: hci6: command tx timeout [ 90.045410] Bluetooth: hci7: command tx timeout [ 118.623397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.624072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.792683] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.794130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.230251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.231575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.321469] audit: type=1400 audit(1756461338.566:8): avc: denied { open } for pid=3801 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.323692] audit: type=1400 audit(1756461338.566:9): avc: denied { kernel } for pid=3801 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.352595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.353199] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:55:38 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x3}, 0x6) 09:55:38 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x3}, 0x6) [ 119.675553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.677083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.746718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 09:55:38 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x3}, 0x6) [ 119.747396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.869201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.869867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:55:39 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001a80)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000200)="8a918fa171f2207bbe774e1841237201d86669d99203f6baf170857d7d95dfd6a8db2db27d89f939347ce541ddcd8396c04cf394ef48190ae1d08f81274b5e6d5e3abe3ce71cd86fc013374b66fa5e00c40c211c64b9fcf1f4ca5410ec2dd7bff608d2b242646f5de0183d764eee8a7ce9c3e51b6503913d025377f64b2b3ae7", 0x80}]) [ 119.969518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.971132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.034442] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.035069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:55:39 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001a80)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000200)="8a918fa171f2207bbe774e1841237201d86669d99203f6baf170857d7d95dfd6a8db2db27d89f939347ce541ddcd8396c04cf394ef48190ae1d08f81274b5e6d5e3abe3ce71cd86fc013374b66fa5e00c40c211c64b9fcf1f4ca5410ec2dd7bff608d2b242646f5de0183d764eee8a7ce9c3e51b6503913d025377f64b2b3ae7", 0x80}]) [ 120.166123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.167411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.241402] audit: type=1400 audit(1756461339.484:10): avc: denied { write } for pid=3853 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:55:39 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 09:55:39 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001a80)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000200)="8a918fa171f2207bbe774e1841237201d86669d99203f6baf170857d7d95dfd6a8db2db27d89f939347ce541ddcd8396c04cf394ef48190ae1d08f81274b5e6d5e3abe3ce71cd86fc013374b66fa5e00c40c211c64b9fcf1f4ca5410ec2dd7bff608d2b242646f5de0183d764eee8a7ce9c3e51b6503913d025377f64b2b3ae7", 0x80}]) [ 120.429618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.430977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:55:39 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) [ 120.655249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.656580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.688665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.689980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.715800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.059307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.067826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.068428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.143701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.151723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.152350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.405570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.406882] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.517351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.517981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.613371] cgroup: Bad value for 'name' 09:55:41 executing program 5: syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x12, &(0x7f0000000000)=@conn_svc_rsp={0x0, 0x0, 0xa, "9ded38c7", {0x3, 0x0, 0x0, 0x7, 0x20, 0x0, 0xb4}}) kexec_load(0x2, 0x1, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x1000000}], 0x0) 09:55:41 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001a80)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000200)="8a918fa171f2207bbe774e1841237201d86669d99203f6baf170857d7d95dfd6a8db2db27d89f939347ce541ddcd8396c04cf394ef48190ae1d08f81274b5e6d5e3abe3ce71cd86fc013374b66fa5e00c40c211c64b9fcf1f4ca5410ec2dd7bff608d2b242646f5de0183d764eee8a7ce9c3e51b6503913d025377f64b2b3ae7", 0x80}]) 09:55:41 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000080)=""/162, 0xa2) 09:55:41 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0/file1\x00', 0x0) syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000002000)='./file0\x00', 0x0, 0x0, 0x0, 0x81029, &(0x7f0000002300)) 09:55:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:55:41 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 09:55:41 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 09:55:41 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@subsystem='net_prio'}, {@name={'name', 0x3d, '\x00\x00\x00'}}]}) [ 122.118580] cgroup: Bad value for 'name' 09:55:41 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0/file1\x00', 0x0) syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000002000)='./file0\x00', 0x0, 0x0, 0x0, 0x81029, &(0x7f0000002300)) 09:55:41 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@subsystem='net_prio'}, {@name={'name', 0x3d, '\x00\x00\x00'}}]}) [ 122.183043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.221521] cgroup: Bad value for 'name' 09:55:41 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 09:55:41 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0/file1\x00', 0x0) syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000002000)='./file0\x00', 0x0, 0x0, 0x0, 0x81029, &(0x7f0000002300)) [ 122.267176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:55:41 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:55:41 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 09:55:41 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@subsystem='net_prio'}, {@name={'name', 0x3d, '\x00\x00\x00'}}]}) [ 122.337986] kmemleak: Found object by alias at 0x607f1a638f14 [ 122.338006] CPU: 1 UID: 0 PID: 3933 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.338024] Tainted: [W]=WARN [ 122.338028] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.338035] Call Trace: [ 122.338039] [ 122.338044] dump_stack_lvl+0xca/0x120 [ 122.338069] __lookup_object+0x94/0xb0 [ 122.338086] delete_object_full+0x27/0x70 [ 122.338101] free_percpu+0x30/0x1160 [ 122.338118] ? arch_uprobe_clear_state+0x16/0x140 [ 122.338138] futex_hash_free+0x38/0xc0 [ 122.338152] mmput+0x2d3/0x390 [ 122.338170] do_exit+0x79d/0x2970 [ 122.338184] ? signal_wake_up_state+0x85/0x120 [ 122.338200] ? zap_other_threads+0x2b9/0x3a0 [ 122.338215] ? __pfx_do_exit+0x10/0x10 [ 122.338228] ? do_group_exit+0x1c3/0x2a0 [ 122.338241] ? lock_release+0xc8/0x290 [ 122.338258] do_group_exit+0xd3/0x2a0 [ 122.338272] __x64_sys_exit_group+0x3e/0x50 [ 122.338290] x64_sys_call+0x18c5/0x18d0 [ 122.338305] do_syscall_64+0xbf/0x360 [ 122.338317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.338328] RIP: 0033:0x7f9365f18b19 [ 122.338337] Code: Unable to access opcode bytes at 0x7f9365f18aef. [ 122.338342] RSP: 002b:00007ffd78b65358 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.338354] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f9365f18b19 [ 122.338361] RDX: 00007f9365ecb72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.338368] RBP: 0000000000000000 R08: 0000001b2d32b7b8 R09: 0000000000000000 [ 122.338375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.338382] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd78b65440 [ 122.338397] [ 122.338401] kmemleak: Object (percpu) 0x607f1a638f10 (size 8): [ 122.338408] kmemleak: comm "syz-executor.7", pid 3936, jiffies 4294789142 [ 122.338414] kmemleak: min_count = 1 [ 122.338418] kmemleak: count = 0 [ 122.338422] kmemleak: flags = 0x21 [ 122.338425] kmemleak: checksum = 0 [ 122.338429] kmemleak: backtrace: [ 122.338433] pcpu_alloc_noprof+0x87a/0x1170 [ 122.338447] alloc_vfsmnt+0x135/0x6e0 [ 122.338461] vfs_create_mount.part.0+0x40/0x440 [ 122.338475] path_mount+0x1637/0x1dd0 [ 122.338487] __x64_sys_mount+0x27b/0x300 [ 122.338497] do_syscall_64+0xbf/0x360 [ 122.338505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.340327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.364079] cgroup: Bad value for 'name' 09:55:41 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 122.412513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.471653] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.524556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:55:42 executing program 5: syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x12, &(0x7f0000000000)=@conn_svc_rsp={0x0, 0x0, 0xa, "9ded38c7", {0x3, 0x0, 0x0, 0x7, 0x20, 0x0, 0xb4}}) kexec_load(0x2, 0x1, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x1000000}], 0x0) 09:55:42 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x88, 0x41, 0x0, 0x0) 09:55:42 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:55:42 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 09:55:42 executing program 1: clone3(&(0x7f00000007c0)={0x101000, &(0x7f0000000580), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 09:55:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:55:42 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000080)=""/162, 0xa2) 09:55:42 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) [ 123.122879] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.124297] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.125288] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.128740] Tainted: [W]=WARN [ 123.129532] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.132542] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.133751] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.138154] RSP: 0018:ffff8880475d7780 EFLAGS: 00010012 [ 123.138834] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.139735] RDX: ffff88800a5f9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.140639] RBP: ffff8880475d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15f10 [ 123.141558] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.142470] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.143382] FS: 000055555cd6b400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.144412] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.145171] CR2: 000055558cbd1c18 CR3: 0000000047393000 CR4: 0000000000350ef0 [ 123.146091] Call Trace: [ 123.146430] [ 123.146733] ? __pfx_perf_tp_event+0x10/0x10 [ 123.147315] ? arch_scale_cpu_capacity+0x17/0xa0 [ 123.147942] ? cpu_util.constprop.0+0x17d/0x340 [ 123.148563] ? __asan_memset+0x24/0x50 [ 123.149075] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 123.149793] ? lock_release+0xc8/0x290 [ 123.150310] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 123.151039] ? __lock_acquire+0x694/0x1b70 [ 123.151598] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.152256] ? sched_clock+0x37/0x60 [ 123.152756] ? lock_is_held_type+0x9e/0x120 [ 123.153334] perf_trace_run_bpf_submit+0xef/0x180 [ 123.153980] perf_trace_preemptirq_template+0x259/0x430 [ 123.154683] ? lock_is_held_type+0x9e/0x120 [ 123.155260] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.156038] ? _raw_spin_lock_irqsave+0x53/0x60 [ 123.156649] trace_irq_disable.constprop.0+0xa6/0x100 [ 123.157354] _raw_spin_lock_irqsave+0x53/0x60 [ 123.157952] try_to_wake_up+0xa0/0x11d0 [ 123.158491] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.159094] ? plist_del+0x122/0x270 [ 123.159602] ? find_held_lock+0x2b/0x80 [ 123.160136] ? futex_wake+0x474/0x540 [ 123.160649] wake_up_q+0xa1/0x130 [ 123.161121] futex_wake+0x47e/0x540 [ 123.161623] ? __pfx_futex_wake+0x10/0x10 [ 123.162179] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.162872] ? finish_task_switch.isra.0+0x206/0x840 [ 123.163554] do_futex+0x26d/0x370 [ 123.164025] ? __pfx_do_futex+0x10/0x10 [ 123.164558] ? __pfx___schedule+0x10/0x10 [ 123.165111] __x64_sys_futex+0x1c9/0x4d0 [ 123.165670] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.166460] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.167073] ? xfd_validate_state+0x55/0x180 [ 123.167677] do_syscall_64+0xbf/0x360 [ 123.168195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.168880] RIP: 0033:0x7f3118977b19 [ 123.169383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.171762] RSP: 002b:00007ffe93517d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.172764] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3118977b19 [ 123.173716] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3118a8af68 [ 123.174666] RBP: 00007f3118a8af60 R08: 00007f3115eed700 R09: 0000000000000000 [ 123.175616] R10: 00007f3115eed700 R11: 0000000000000246 R12: 00007f3118a8fa68 [ 123.176559] R13: 00007ffe93517e90 R14: 00007f3118a8af60 R15: 000000000001e07c [ 123.177525] [ 123.177844] Modules linked in: [ 123.178283] ---[ end trace 0000000000000000 ]--- [ 123.178910] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.179483] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.181479] RSP: 0018:ffff8880475d7780 EFLAGS: 00010012 [ 123.182068] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.182852] RDX: ffff88800a5f9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.183628] RBP: ffff8880475d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15f10 [ 123.184405] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.185188] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.185974] FS: 000055555cd6b400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.186848] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.187481] CR2: 000055558cbd1c18 CR3: 0000000047393000 CR4: 0000000000350ef0 [ 123.188255] note: syz-executor.4[3950] exited with irqs disabled [ 123.188980] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 123.190211] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.191039] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.192328] Tainted: [D]=DIE, [W]=WARN [ 123.192749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.193651] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.194171] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.196149] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010012 [ 123.196730] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.197512] RDX: ffff88800a5f9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.198281] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc15f10 [ 123.199066] R10: 0000000000000000 R11: ffff88801aa04c98 R12: dffffc0000000000 [ 123.199850] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 123.200628] FS: 000055555cd6b400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.201499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.202125] CR2: 000055558cbd1c18 CR3: 0000000047393000 CR4: 0000000000350ef0 [ 123.202890] Call Trace: [ 123.203171] [ 123.203421] ? __pfx_perf_tp_event+0x10/0x10 [ 123.203908] ? update_load_avg+0x17d/0x1ef0 [ 123.204377] ? update_cfs_group+0x11d/0x260 [ 123.204848] ? kvm_sched_clock_read+0x16/0x30 [ 123.205357] ? enqueue_task_fair+0xded/0x1e00 [ 123.205849] ? check_preempt_wakeup_fair+0x6e/0x950 [ 123.206396] ? wakeup_preempt+0x140/0x2a0 [ 123.206850] ? lock_release+0x1c7/0x290 [ 123.207287] ? lock_release+0x1c7/0x290 [ 123.207724] ? do_raw_spin_unlock+0x53/0x220 [ 123.208211] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 123.208763] ? try_to_wake_up+0x8ae/0x11d0 [ 123.209245] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.209793] ? lock_release+0x1c7/0x290 [ 123.210233] perf_trace_run_bpf_submit+0xef/0x180 [ 123.210767] perf_trace_preemptirq_template+0x259/0x430 [ 123.211354] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.211995] ? read_tsc+0x9/0x20 [ 123.212371] ? ktime_get+0x16d/0x270 [ 123.212782] ? __pfx_lapic_next_deadline+0x10/0x10 [ 123.213325] ? clockevents_program_event+0x135/0x360 [ 123.213881] ? _raw_spin_lock_irq+0x42/0x50 [ 123.214354] trace_irq_disable.constprop.0+0xa6/0x100 [ 123.214906] _raw_spin_lock_irq+0x42/0x50 [ 123.215355] run_timer_softirq+0x10f/0x210 [ 123.215815] handle_softirqs+0x1b1/0x770 [ 123.216265] __irq_exit_rcu+0xc4/0x100 [ 123.216694] irq_exit_rcu+0x9/0x20 [ 123.217077] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.217621] [ 123.217868] [ 123.218119] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.218689] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.219191] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 123.221100] RSP: 0018:ffff8880475d7f28 EFLAGS: 00000246 [ 123.221679] RAX: 0000000000000001 RBX: ffff88800a5f9b80 RCX: ffffffff817c2b86 [ 123.222430] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.223181] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 123.223936] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800a5f9b80 [ 123.224693] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 123.225464] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.226024] ? make_task_dead+0x214/0x3b0 [ 123.226476] ? make_task_dead+0x214/0x3b0 [ 123.226930] ? do_syscall_64+0xbf/0x360 [ 123.227364] rewind_stack_and_make_dead+0x16/0x20 [ 123.227887] RIP: 0033:0x7f3118977b19 [ 123.228287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.230196] RSP: 002b:00007ffe93517d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.230997] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3118977b19 [ 123.231753] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3118a8af68 [ 123.232508] RBP: 00007f3118a8af60 R08: 00007f3115eed700 R09: 0000000000000000 [ 123.233268] R10: 00007f3115eed700 R11: 0000000000000246 R12: 00007f3118a8fa68 [ 123.234026] R13: 00007ffe93517e90 R14: 00007f3118a8af60 R15: 000000000001e07c [ 123.234795] [ 123.235047] Modules linked in: [ 123.235399] ---[ end trace 0000000000000000 ]--- [ 123.235899] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.236401] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.238323] RSP: 0018:ffff8880475d7780 EFLAGS: 00010012 [ 123.238894] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.239656] RDX: ffff88800a5f9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.240409] RBP: ffff8880475d79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15f10 [ 123.241170] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.241936] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.242688] FS: 000055555cd6b400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.243536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.244149] CR2: 000055558cbd1c18 CR3: 0000000047393000 CR4: 0000000000350ef0 [ 123.244899] Kernel panic - not syncing: Fatal exception in interrupt [ 123.245787] Kernel Offset: disabled [ 123.246172] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:55:42 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880475d7118 R8 =0000000000000000 R9 =ffffed10014ea046 R10=0000000000000030 R11=6572617764726148 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555cd6b400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055558cbd1c18 CR3=0000000047393000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f3118a5e7c000007f3118a5e7c8 XMM02=00007f3118a5e7e000007f3118a5e7c0 XMM03=00007f3118a5e7c800007f3118a5e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff88801a96b700 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888015f076f0 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff8173e788 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558f1b3400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555d427708 CR3=000000003c9db000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000