Warning: Permanently added '[localhost]:60659' (ECDSA) to the list of known hosts. 2025/08/29 09:56:15 fuzzer started 2025/08/29 09:56:15 dialing manager at localhost:43077 syzkaller login: [ 59.583971] cgroup: Unknown subsys name 'net' [ 59.688530] cgroup: Unknown subsys name 'cpuset' [ 59.757503] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:56:27 syscalls: 2214 2025/08/29 09:56:27 code coverage: enabled 2025/08/29 09:56:27 comparison tracing: enabled 2025/08/29 09:56:27 extra coverage: enabled 2025/08/29 09:56:27 setuid sandbox: enabled 2025/08/29 09:56:27 namespace sandbox: enabled 2025/08/29 09:56:27 Android sandbox: enabled 2025/08/29 09:56:27 fault injection: enabled 2025/08/29 09:56:27 leak checking: enabled 2025/08/29 09:56:27 net packet injection: enabled 2025/08/29 09:56:27 net device setup: enabled 2025/08/29 09:56:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:56:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:56:27 USB emulation: enabled 2025/08/29 09:56:27 hci packet injection: enabled 2025/08/29 09:56:27 wifi device emulation: enabled 2025/08/29 09:56:27 802.15.4 emulation: enabled 2025/08/29 09:56:27 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:56:27 fetching corpus: 49, signal 26286/29689 (executing program) 2025/08/29 09:56:27 fetching corpus: 99, signal 36178/40913 (executing program) 2025/08/29 09:56:27 fetching corpus: 149, signal 44582/50511 (executing program) 2025/08/29 09:56:27 fetching corpus: 199, signal 51482/58465 (executing program) 2025/08/29 09:56:27 fetching corpus: 249, signal 57089/65044 (executing program) 2025/08/29 09:56:27 fetching corpus: 299, signal 60719/69778 (executing program) 2025/08/29 09:56:27 fetching corpus: 349, signal 65889/75718 (executing program) 2025/08/29 09:56:27 fetching corpus: 399, signal 68930/79659 (executing program) 2025/08/29 09:56:27 fetching corpus: 449, signal 72318/83803 (executing program) 2025/08/29 09:56:28 fetching corpus: 499, signal 74191/86596 (executing program) 2025/08/29 09:56:28 fetching corpus: 549, signal 80823/93369 (executing program) 2025/08/29 09:56:28 fetching corpus: 599, signal 82388/95716 (executing program) 2025/08/29 09:56:28 fetching corpus: 649, signal 83825/97896 (executing program) 2025/08/29 09:56:28 fetching corpus: 699, signal 86054/100741 (executing program) 2025/08/29 09:56:28 fetching corpus: 749, signal 88213/103463 (executing program) 2025/08/29 09:56:28 fetching corpus: 799, signal 90711/106419 (executing program) 2025/08/29 09:56:28 fetching corpus: 849, signal 92875/109079 (executing program) 2025/08/29 09:56:28 fetching corpus: 899, signal 94175/111060 (executing program) 2025/08/29 09:56:28 fetching corpus: 949, signal 95757/113135 (executing program) 2025/08/29 09:56:28 fetching corpus: 999, signal 97647/115385 (executing program) 2025/08/29 09:56:29 fetching corpus: 1049, signal 99061/117302 (executing program) 2025/08/29 09:56:29 fetching corpus: 1099, signal 100615/119281 (executing program) 2025/08/29 09:56:29 fetching corpus: 1149, signal 102042/121142 (executing program) 2025/08/29 09:56:29 fetching corpus: 1199, signal 103317/122855 (executing program) 2025/08/29 09:56:29 fetching corpus: 1249, signal 104998/124784 (executing program) 2025/08/29 09:56:29 fetching corpus: 1299, signal 106818/126847 (executing program) 2025/08/29 09:56:29 fetching corpus: 1349, signal 108030/128391 (executing program) 2025/08/29 09:56:29 fetching corpus: 1399, signal 109095/129778 (executing program) 2025/08/29 09:56:29 fetching corpus: 1449, signal 110178/131189 (executing program) 2025/08/29 09:56:29 fetching corpus: 1499, signal 111677/132871 (executing program) 2025/08/29 09:56:30 fetching corpus: 1549, signal 112842/134344 (executing program) 2025/08/29 09:56:30 fetching corpus: 1599, signal 114172/135876 (executing program) 2025/08/29 09:56:30 fetching corpus: 1649, signal 115412/137208 (executing program) 2025/08/29 09:56:30 fetching corpus: 1699, signal 116372/138447 (executing program) 2025/08/29 09:56:30 fetching corpus: 1749, signal 117867/139911 (executing program) 2025/08/29 09:56:30 fetching corpus: 1799, signal 118952/141091 (executing program) 2025/08/29 09:56:30 fetching corpus: 1849, signal 120543/142564 (executing program) 2025/08/29 09:56:30 fetching corpus: 1899, signal 121241/143523 (executing program) 2025/08/29 09:56:30 fetching corpus: 1949, signal 121736/144346 (executing program) 2025/08/29 09:56:30 fetching corpus: 1999, signal 122661/145406 (executing program) 2025/08/29 09:56:30 fetching corpus: 2049, signal 123584/146502 (executing program) 2025/08/29 09:56:31 fetching corpus: 2099, signal 125095/147757 (executing program) 2025/08/29 09:56:31 fetching corpus: 2149, signal 125996/148745 (executing program) 2025/08/29 09:56:31 fetching corpus: 2199, signal 126892/149695 (executing program) 2025/08/29 09:56:31 fetching corpus: 2249, signal 127754/150591 (executing program) 2025/08/29 09:56:31 fetching corpus: 2299, signal 128322/151348 (executing program) 2025/08/29 09:56:31 fetching corpus: 2349, signal 128827/152095 (executing program) 2025/08/29 09:56:31 fetching corpus: 2399, signal 129836/153014 (executing program) 2025/08/29 09:56:31 fetching corpus: 2449, signal 131556/154192 (executing program) 2025/08/29 09:56:31 fetching corpus: 2499, signal 132719/155138 (executing program) 2025/08/29 09:56:31 fetching corpus: 2549, signal 133205/155737 (executing program) 2025/08/29 09:56:32 fetching corpus: 2599, signal 133858/156374 (executing program) 2025/08/29 09:56:32 fetching corpus: 2649, signal 134364/156996 (executing program) 2025/08/29 09:56:32 fetching corpus: 2699, signal 135418/157782 (executing program) 2025/08/29 09:56:32 fetching corpus: 2749, signal 135884/158365 (executing program) 2025/08/29 09:56:32 fetching corpus: 2799, signal 136521/159019 (executing program) 2025/08/29 09:56:32 fetching corpus: 2849, signal 137093/159569 (executing program) 2025/08/29 09:56:32 fetching corpus: 2899, signal 137932/160305 (executing program) 2025/08/29 09:56:32 fetching corpus: 2949, signal 138314/160767 (executing program) 2025/08/29 09:56:32 fetching corpus: 2999, signal 139604/161511 (executing program) 2025/08/29 09:56:32 fetching corpus: 3049, signal 140164/162073 (executing program) 2025/08/29 09:56:32 fetching corpus: 3099, signal 140741/162577 (executing program) 2025/08/29 09:56:33 fetching corpus: 3149, signal 141507/163160 (executing program) 2025/08/29 09:56:33 fetching corpus: 3199, signal 142109/163589 (executing program) 2025/08/29 09:56:33 fetching corpus: 3249, signal 142718/164078 (executing program) 2025/08/29 09:56:33 fetching corpus: 3299, signal 143548/164600 (executing program) 2025/08/29 09:56:33 fetching corpus: 3349, signal 144086/165027 (executing program) 2025/08/29 09:56:33 fetching corpus: 3399, signal 144985/165458 (executing program) 2025/08/29 09:56:33 fetching corpus: 3449, signal 145626/165874 (executing program) 2025/08/29 09:56:33 fetching corpus: 3499, signal 146442/166315 (executing program) 2025/08/29 09:56:33 fetching corpus: 3549, signal 146832/166686 (executing program) 2025/08/29 09:56:34 fetching corpus: 3599, signal 147383/167038 (executing program) 2025/08/29 09:56:34 fetching corpus: 3649, signal 147764/167349 (executing program) 2025/08/29 09:56:34 fetching corpus: 3699, signal 148282/167655 (executing program) 2025/08/29 09:56:34 fetching corpus: 3749, signal 148792/167956 (executing program) 2025/08/29 09:56:34 fetching corpus: 3799, signal 149723/168297 (executing program) 2025/08/29 09:56:34 fetching corpus: 3849, signal 150735/168595 (executing program) 2025/08/29 09:56:34 fetching corpus: 3899, signal 151406/168857 (executing program) 2025/08/29 09:56:34 fetching corpus: 3949, signal 151934/169109 (executing program) 2025/08/29 09:56:34 fetching corpus: 3999, signal 153047/169435 (executing program) 2025/08/29 09:56:34 fetching corpus: 4049, signal 153346/169649 (executing program) 2025/08/29 09:56:34 fetching corpus: 4099, signal 154002/169750 (executing program) 2025/08/29 09:56:34 fetching corpus: 4149, signal 154445/169810 (executing program) 2025/08/29 09:56:35 fetching corpus: 4199, signal 155027/169816 (executing program) 2025/08/29 09:56:35 fetching corpus: 4249, signal 155524/169839 (executing program) 2025/08/29 09:56:35 fetching corpus: 4299, signal 155949/169841 (executing program) 2025/08/29 09:56:35 fetching corpus: 4349, signal 156379/169855 (executing program) 2025/08/29 09:56:35 fetching corpus: 4399, signal 157010/169878 (executing program) 2025/08/29 09:56:35 fetching corpus: 4449, signal 157842/169887 (executing program) 2025/08/29 09:56:35 fetching corpus: 4499, signal 158429/169892 (executing program) 2025/08/29 09:56:35 fetching corpus: 4549, signal 158837/169907 (executing program) 2025/08/29 09:56:35 fetching corpus: 4599, signal 159192/169932 (executing program) 2025/08/29 09:56:35 fetching corpus: 4649, signal 159587/169959 (executing program) 2025/08/29 09:56:36 fetching corpus: 4699, signal 160105/169967 (executing program) 2025/08/29 09:56:36 fetching corpus: 4749, signal 160644/169988 (executing program) 2025/08/29 09:56:36 fetching corpus: 4799, signal 161130/170004 (executing program) 2025/08/29 09:56:36 fetching corpus: 4849, signal 161539/170004 (executing program) 2025/08/29 09:56:36 fetching corpus: 4899, signal 161924/170038 (executing program) 2025/08/29 09:56:36 fetching corpus: 4949, signal 162426/170041 (executing program) 2025/08/29 09:56:36 fetching corpus: 4999, signal 162849/170109 (executing program) 2025/08/29 09:56:36 fetching corpus: 5049, signal 163273/170119 (executing program) 2025/08/29 09:56:36 fetching corpus: 5099, signal 163573/170137 (executing program) 2025/08/29 09:56:36 fetching corpus: 5149, signal 163953/170150 (executing program) 2025/08/29 09:56:36 fetching corpus: 5199, signal 164510/170158 (executing program) 2025/08/29 09:56:36 fetching corpus: 5249, signal 164986/170172 (executing program) 2025/08/29 09:56:37 fetching corpus: 5299, signal 165305/170176 (executing program) 2025/08/29 09:56:37 fetching corpus: 5349, signal 165808/170182 (executing program) 2025/08/29 09:56:37 fetching corpus: 5399, signal 166331/170184 (executing program) 2025/08/29 09:56:37 fetching corpus: 5449, signal 166673/170186 (executing program) 2025/08/29 09:56:37 fetching corpus: 5499, signal 167168/170186 (executing program) 2025/08/29 09:56:37 fetching corpus: 5549, signal 167523/170203 (executing program) 2025/08/29 09:56:37 fetching corpus: 5599, signal 167801/170206 (executing program) 2025/08/29 09:56:37 fetching corpus: 5600, signal 167815/170206 (executing program) 2025/08/29 09:56:37 fetching corpus: 5600, signal 167815/170206 (executing program) 2025/08/29 09:56:39 starting 8 fuzzer processes 09:56:39 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40345410, &(0x7f0000000500)={{0x0, 0x1}}) close_range(r0, 0xffffffffffffffff, 0x0) 09:56:39 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:56:39 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) 09:56:39 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000100), 0x4) 09:56:39 executing program 5: perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) 09:56:39 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40345410, 0x0) r1 = dup(r0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0xc0189436, 0x0) [ 82.951781] audit: type=1400 audit(1756461399.730:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:56:39 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) 09:56:39 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x7) [ 84.155669] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.158321] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.160138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.165320] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.170222] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.289593] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.299137] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.301231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.312270] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.317532] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.353691] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.357022] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.363271] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.365957] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.370140] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.375824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.382215] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.386050] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.390560] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.409942] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.411971] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.429194] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.433415] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.464168] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.467396] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.497620] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 84.516168] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 84.530240] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 84.537680] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 84.539428] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 84.543164] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.545023] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.551113] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.553292] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.555792] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 84.571785] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 84.587332] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 84.593676] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 84.595769] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 84.597865] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 86.186840] Bluetooth: hci0: command tx timeout [ 86.380107] Bluetooth: hci1: command tx timeout [ 86.442015] Bluetooth: hci3: command tx timeout [ 86.506963] Bluetooth: hci2: command tx timeout [ 86.570097] Bluetooth: hci4: command tx timeout [ 86.635386] Bluetooth: hci7: command tx timeout [ 86.698048] Bluetooth: hci5: command tx timeout [ 86.699348] Bluetooth: hci6: command tx timeout [ 88.235928] Bluetooth: hci0: command tx timeout [ 88.426033] Bluetooth: hci1: command tx timeout [ 88.490291] Bluetooth: hci3: command tx timeout [ 88.554037] Bluetooth: hci2: command tx timeout [ 88.619077] Bluetooth: hci4: command tx timeout [ 88.681981] Bluetooth: hci7: command tx timeout [ 88.748155] Bluetooth: hci5: command tx timeout [ 88.748216] Bluetooth: hci6: command tx timeout [ 90.281945] Bluetooth: hci0: command tx timeout [ 90.474172] Bluetooth: hci1: command tx timeout [ 90.537945] Bluetooth: hci3: command tx timeout [ 90.601944] Bluetooth: hci2: command tx timeout [ 90.665972] Bluetooth: hci4: command tx timeout [ 90.730069] Bluetooth: hci7: command tx timeout [ 90.793939] Bluetooth: hci6: command tx timeout [ 90.794988] Bluetooth: hci5: command tx timeout [ 92.330935] Bluetooth: hci0: command tx timeout [ 92.521926] Bluetooth: hci1: command tx timeout [ 92.586078] Bluetooth: hci3: command tx timeout [ 92.649921] Bluetooth: hci2: command tx timeout [ 92.713923] Bluetooth: hci4: command tx timeout [ 92.779069] Bluetooth: hci7: command tx timeout [ 92.842028] Bluetooth: hci5: command tx timeout [ 92.842087] Bluetooth: hci6: command tx timeout [ 123.036163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.037557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.394507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.395797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:57:20 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:57:20 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:57:21 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:57:21 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:57:21 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:57:21 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x4bbe, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x2) 09:57:21 executing program 1: perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xf) [ 125.119066] audit: type=1400 audit(1756461441.896:8): avc: denied { open } for pid=3762 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.127091] audit: type=1400 audit(1756461441.897:9): avc: denied { kernel } for pid=3762 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:57:21 executing program 1: perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xf) [ 125.833364] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.833991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.966977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.967602] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.035448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.036093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.128448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.129098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.186516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.187999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.248735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.249515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.308186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.308773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.366388] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.366992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.411699] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.412540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.472777] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.473391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.543858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.544502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.569778] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.570528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.001165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.001772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.073849] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.074540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.161361] audit: type=1326 audit(1756461443.940:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3915 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456bc61b19 code=0x0 09:57:24 executing program 1: perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xf) 09:57:24 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='personality\x00') pread64(r0, &(0x7f0000000080)=""/239, 0xef, 0x0) 09:57:24 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) 09:57:24 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x7) 09:57:24 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40345410, &(0x7f0000000500)={{0x0, 0x1}}) close_range(r0, 0xffffffffffffffff, 0x0) 09:57:24 executing program 5: perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) 09:57:24 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000100), 0x4) 09:57:24 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) 09:57:24 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) 09:57:24 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40345410, &(0x7f0000000500)={{0x0, 0x1}}) close_range(r0, 0xffffffffffffffff, 0x0) [ 127.347305] audit: type=1326 audit(1756461444.122:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3931 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456bc61b19 code=0x0 09:57:24 executing program 1: perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xf) 09:57:24 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000100), 0x4) 09:57:24 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='personality\x00') pread64(r0, &(0x7f0000000080)=""/239, 0xef, 0x0) 09:57:24 executing program 5: perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) 09:57:24 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) 09:57:24 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x7) 09:57:24 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) 09:57:24 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40345410, &(0x7f0000000500)={{0x0, 0x1}}) close_range(r0, 0xffffffffffffffff, 0x0) [ 127.480490] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 127.481408] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.482097] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.483045] Tainted: [W]=WARN [ 127.484013] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.485880] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.486898] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.491347] RSP: 0018:ffff888046037600 EFLAGS: 00010212 [ 127.491778] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90007859000 [ 127.492341] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.492901] RBP: ffff888046037870 R08: ffff88806cf31340 R09: ffffe8ffffd10618 [ 127.493462] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.494021] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.494583] FS: 00007fc1934fc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.495217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.495686] CR2: 0000555587ff7c18 CR3: 0000000042d8a000 CR4: 0000000000350ef0 [ 127.496246] Call Trace: [ 127.496454] [ 127.496640] ? __pfx_perf_tp_event+0x10/0x10 [ 127.497020] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.497420] perf_trace_run_bpf_submit+0xef/0x180 [ 127.497816] perf_trace_lock+0x337/0x5d0 [ 127.498150] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.498521] ? lock_acquire+0x15e/0x2f0 [ 127.498841] ? futex_ref_get+0x48/0x300 [ 127.499163] ? futex_ref_get+0x114/0x300 [ 127.499486] ? futex_hash+0x15c/0x390 [ 127.499802] lock_release+0x1ab/0x290 [ 127.500113] ? futex_hash+0x15c/0x390 [ 127.500420] futex_ref_get+0x119/0x300 [ 127.500734] ? futex_hash+0x15c/0x390 [ 127.501041] futex_hash+0x70/0x390 [ 127.501331] futex_wait_setup+0xae/0x550 [ 127.501667] __futex_wait+0x151/0x300 [ 127.501981] ? __pfx___futex_wait+0x10/0x10 [ 127.502334] ? __pfx_futex_wake_mark+0x10/0x10 [ 127.502714] futex_wait+0xde/0x380 [ 127.503008] ? __pfx_futex_wait+0x10/0x10 [ 127.503346] ? perf_trace_lock+0xb5/0x5d0 [ 127.503689] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 127.504110] do_futex+0x2ee/0x370 [ 127.504394] ? __pfx_do_futex+0x10/0x10 [ 127.504714] ? do_raw_spin_lock+0x123/0x260 [ 127.505066] __x64_sys_futex+0x1c9/0x4d0 [ 127.505400] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 127.505817] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.506192] ? kcov_ioctl+0x386/0x6c0 [ 127.506502] ? fput+0x6a/0x100 [ 127.506773] do_syscall_64+0xbf/0x360 [ 127.507081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.507495] RIP: 0033:0x7fc195f86b19 [ 127.507815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.509237] RSP: 002b:00007fc1934fc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.509837] RAX: ffffffffffffffda RBX: 00007fc196099f68 RCX: 00007fc195f86b19 [ 127.510396] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc196099f68 [ 127.510953] RBP: 00007fc196099f60 R08: 00007fc1934fc700 R09: 0000000000000000 [ 127.511511] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc196099f6c [ 127.512080] R13: 00007ffc65047a4f R14: 00007fc1934fc300 R15: 0000000000022000 [ 127.512651] [ 127.512842] Modules linked in: [ 127.513124] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 127.513990] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.514665] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.515598] Tainted: [D]=DIE, [W]=WARN [ 127.515898] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.516537] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.516912] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.518327] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 127.518742] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.519296] RDX: ffff888044449b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.519858] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd10618 [ 127.520414] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 127.520972] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 127.521528] FS: 00007fc1934fc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.522156] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.522610] CR2: 0000555587ff7c18 CR3: 0000000042d8a000 CR4: 0000000000350ef0 [ 127.523168] Call Trace: [ 127.523376] [ 127.523561] ? __pfx_perf_tp_event+0x10/0x10 [ 127.523921] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 127.524362] ? __resched_curr+0x2a2/0x330 [ 127.524695] ? __pfx___resched_curr+0x10/0x10 [ 127.525060] ? perf_trace_lock+0xb5/0x5d0 [ 127.525389] ? perf_trace_lock+0xb5/0x5d0 [ 127.525723] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.526086] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.526450] ? lock_is_held_type+0x9e/0x120 [ 127.526804] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.527202] perf_trace_run_bpf_submit+0xef/0x180 [ 127.527597] perf_trace_lock+0x337/0x5d0 [ 127.527920] ? place_entity+0x1c/0x410 [ 127.528229] ? kvm_sched_clock_read+0x16/0x30 [ 127.528589] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.528952] ? check_preempt_wakeup_fair+0x6e/0x950 [ 127.529347] ? sched_ttwu_pending+0x2e0/0x4a0 [ 127.529710] lock_release+0x1ab/0x290 [ 127.530012] ? ttwu_do_activate+0x1a4/0x8a0 [ 127.530360] _raw_spin_unlock+0x16/0x40 [ 127.530682] sched_ttwu_pending+0x2e0/0x4a0 [ 127.531031] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 127.531419] ? hrtimer_interrupt+0x652/0x830 [ 127.531780] __flush_smp_call_function_queue+0x434/0x740 [ 127.532217] __sysvec_call_function_single+0x6d/0x370 [ 127.532634] sysvec_call_function_single+0xa1/0xc0 [ 127.533025] [ 127.533205] [ 127.533388] asm_sysvec_call_function_single+0x1a/0x20 [ 127.533800] RIP: 0010:oops_exit+0x0/0x50 [ 127.534127] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 127.535535] RSP: 0018:ffff888046037490 EFLAGS: 00000202 [ 127.535958] RAX: 000000000002613e RBX: 0000000000000212 RCX: ffffc90007859000 [ 127.536511] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 127.537064] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 127.537621] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046037558 [ 127.538175] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 127.538738] ? oops_end+0x4a/0xe0 [ 127.539028] oops_end+0x65/0xe0 [ 127.539300] exc_general_protection+0x1a2/0x330 [ 127.539683] asm_exc_general_protection+0x26/0x30 [ 127.540062] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.540431] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.541840] RSP: 0018:ffff888046037600 EFLAGS: 00010212 [ 127.542254] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90007859000 [ 127.542810] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.543366] RBP: ffff888046037870 R08: ffff88806cf31340 R09: ffffe8ffffd10618 [ 127.543928] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.544482] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.545040] ? perf_tp_event+0x167/0xe70 [ 127.545372] ? __pfx_perf_tp_event+0x10/0x10 [ 127.545746] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.546142] perf_trace_run_bpf_submit+0xef/0x180 [ 127.546531] perf_trace_lock+0x337/0x5d0 [ 127.546859] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.547226] ? lock_acquire+0x15e/0x2f0 [ 127.547553] ? futex_ref_get+0x48/0x300 [ 127.547866] ? futex_ref_get+0x114/0x300 [ 127.548185] ? futex_hash+0x15c/0x390 [ 127.548488] lock_release+0x1ab/0x290 [ 127.548791] ? futex_hash+0x15c/0x390 [ 127.549094] futex_ref_get+0x119/0x300 [ 127.549402] ? futex_hash+0x15c/0x390 [ 127.549705] futex_hash+0x70/0x390 [ 127.549997] futex_wait_setup+0xae/0x550 [ 127.550327] __futex_wait+0x151/0x300 [ 127.550636] ? __pfx___futex_wait+0x10/0x10 [ 127.550984] ? __pfx_futex_wake_mark+0x10/0x10 [ 127.551359] futex_wait+0xde/0x380 [ 127.551656] ? __pfx_futex_wait+0x10/0x10 [ 127.551985] ? perf_trace_lock+0xb5/0x5d0 [ 127.552316] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 127.552726] do_futex+0x2ee/0x370 [ 127.553008] ? __pfx_do_futex+0x10/0x10 [ 127.553327] ? do_raw_spin_lock+0x123/0x260 [ 127.553671] __x64_sys_futex+0x1c9/0x4d0 [ 127.554000] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 127.554412] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.554778] ? kcov_ioctl+0x386/0x6c0 [ 127.555085] ? fput+0x6a/0x100 [ 127.555349] do_syscall_64+0xbf/0x360 [ 127.555656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.556064] RIP: 0033:0x7fc195f86b19 [ 127.556357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.557762] RSP: 002b:00007fc1934fc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.558353] RAX: ffffffffffffffda RBX: 00007fc196099f68 RCX: 00007fc195f86b19 [ 127.558907] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc196099f68 [ 127.559463] RBP: 00007fc196099f60 R08: 00007fc1934fc700 R09: 0000000000000000 [ 127.560023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc196099f6c [ 127.560576] R13: 00007ffc65047a4f R14: 00007fc1934fc300 R15: 0000000000022000 [ 127.561135] [ 127.561323] Modules linked in: [ 127.561579] ---[ end trace 0000000000000000 ]--- [ 127.561949] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.562321] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.563739] RSP: 0018:ffff888046037600 EFLAGS: 00010212 [ 127.564158] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90007859000 [ 127.564713] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.565265] RBP: ffff888046037870 R08: ffff88806cf31340 R09: ffffe8ffffd10618 [ 127.565821] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.566374] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.566926] FS: 00007fc1934fc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.567562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.568019] CR2: 0000555587ff7c18 CR3: 0000000042d8a000 CR4: 0000000000350ef0 [ 127.568576] Kernel panic - not syncing: Fatal exception in interrupt [ 128.612962] Shutting down cpus with NMI [ 128.613492] Kernel Offset: disabled [ 128.613776] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:57:24 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000000 RCX=ffffffff817c2b86 RDX=0000000000000000 RSI=0000000000000040 RDI=ffffffff815c4f81 RBP=ffff888045f17b40 RSP=ffff888045f17ae0 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff8643ac57 R11=0000000000000000 R12=ffff888008c49c80 R13=0000000000000000 R14=ffff88800e2fca80 R15=ffffea000038bf00 RIP=ffffffff81a85f55 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d222000 CR3=0000000040770000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888046036ef0 R8 =0000000000000000 R9 =ffffed10013fb046 R10=0000000000000030 R11=0000000065646f43 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc1934fc700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555587ff7c18 CR3=0000000042d8a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc19606d7c000007fc19606d7c8 XMM02=00007fc19606d7e000007fc19606d7c0 XMM03=00007fc19606d7c800007fc19606d7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000