Warning: Permanently added '[localhost]:42888' (ECDSA) to the list of known hosts. 2025/08/29 09:59:00 fuzzer started 2025/08/29 09:59:00 dialing manager at localhost:43077 syzkaller login: [ 55.386360] cgroup: Unknown subsys name 'net' [ 55.452086] cgroup: Unknown subsys name 'cpuset' [ 55.490867] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:59:11 syscalls: 2214 2025/08/29 09:59:11 code coverage: enabled 2025/08/29 09:59:11 comparison tracing: enabled 2025/08/29 09:59:11 extra coverage: enabled 2025/08/29 09:59:11 setuid sandbox: enabled 2025/08/29 09:59:11 namespace sandbox: enabled 2025/08/29 09:59:11 Android sandbox: enabled 2025/08/29 09:59:11 fault injection: enabled 2025/08/29 09:59:11 leak checking: enabled 2025/08/29 09:59:11 net packet injection: enabled 2025/08/29 09:59:11 net device setup: enabled 2025/08/29 09:59:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:59:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:59:11 USB emulation: enabled 2025/08/29 09:59:11 hci packet injection: enabled 2025/08/29 09:59:11 wifi device emulation: enabled 2025/08/29 09:59:11 802.15.4 emulation: enabled 2025/08/29 09:59:11 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:59:11 fetching corpus: 50, signal 17187/20759 (executing program) 2025/08/29 09:59:11 fetching corpus: 100, signal 30213/35085 (executing program) 2025/08/29 09:59:11 fetching corpus: 150, signal 36411/42610 (executing program) 2025/08/29 09:59:12 fetching corpus: 200, signal 48960/56023 (executing program) 2025/08/29 09:59:12 fetching corpus: 250, signal 53296/61486 (executing program) 2025/08/29 09:59:12 fetching corpus: 300, signal 57685/66869 (executing program) 2025/08/29 09:59:12 fetching corpus: 350, signal 62480/72510 (executing program) 2025/08/29 09:59:12 fetching corpus: 400, signal 66821/77684 (executing program) 2025/08/29 09:59:12 fetching corpus: 450, signal 69821/81531 (executing program) 2025/08/29 09:59:12 fetching corpus: 500, signal 74161/86478 (executing program) 2025/08/29 09:59:12 fetching corpus: 550, signal 75637/88873 (executing program) 2025/08/29 09:59:12 fetching corpus: 600, signal 77781/91816 (executing program) 2025/08/29 09:59:12 fetching corpus: 650, signal 80480/95181 (executing program) 2025/08/29 09:59:13 fetching corpus: 700, signal 83495/98676 (executing program) 2025/08/29 09:59:13 fetching corpus: 750, signal 86281/101934 (executing program) 2025/08/29 09:59:13 fetching corpus: 800, signal 88668/104837 (executing program) 2025/08/29 09:59:13 fetching corpus: 850, signal 90851/107516 (executing program) 2025/08/29 09:59:13 fetching corpus: 900, signal 93389/110452 (executing program) 2025/08/29 09:59:13 fetching corpus: 950, signal 95264/112772 (executing program) 2025/08/29 09:59:13 fetching corpus: 1000, signal 97247/115164 (executing program) 2025/08/29 09:59:13 fetching corpus: 1050, signal 98494/116952 (executing program) 2025/08/29 09:59:13 fetching corpus: 1100, signal 101394/119910 (executing program) 2025/08/29 09:59:14 fetching corpus: 1150, signal 102777/121727 (executing program) 2025/08/29 09:59:14 fetching corpus: 1200, signal 103744/123160 (executing program) 2025/08/29 09:59:14 fetching corpus: 1250, signal 104661/124611 (executing program) 2025/08/29 09:59:14 fetching corpus: 1300, signal 105622/125989 (executing program) 2025/08/29 09:59:14 fetching corpus: 1350, signal 107164/127825 (executing program) 2025/08/29 09:59:14 fetching corpus: 1400, signal 108277/129275 (executing program) 2025/08/29 09:59:14 fetching corpus: 1450, signal 109406/130767 (executing program) 2025/08/29 09:59:14 fetching corpus: 1500, signal 110876/132468 (executing program) 2025/08/29 09:59:14 fetching corpus: 1550, signal 111874/133847 (executing program) 2025/08/29 09:59:14 fetching corpus: 1600, signal 112792/135101 (executing program) 2025/08/29 09:59:15 fetching corpus: 1650, signal 114508/136793 (executing program) 2025/08/29 09:59:15 fetching corpus: 1700, signal 115676/138139 (executing program) 2025/08/29 09:59:15 fetching corpus: 1750, signal 116809/139447 (executing program) 2025/08/29 09:59:15 fetching corpus: 1800, signal 118076/140789 (executing program) 2025/08/29 09:59:15 fetching corpus: 1850, signal 119119/141980 (executing program) 2025/08/29 09:59:15 fetching corpus: 1900, signal 120445/143373 (executing program) 2025/08/29 09:59:15 fetching corpus: 1950, signal 121652/144587 (executing program) 2025/08/29 09:59:15 fetching corpus: 2000, signal 122479/145581 (executing program) 2025/08/29 09:59:15 fetching corpus: 2050, signal 123802/146799 (executing program) 2025/08/29 09:59:15 fetching corpus: 2100, signal 125185/148033 (executing program) 2025/08/29 09:59:16 fetching corpus: 2150, signal 126277/149151 (executing program) 2025/08/29 09:59:16 fetching corpus: 2200, signal 126978/150062 (executing program) 2025/08/29 09:59:16 fetching corpus: 2250, signal 127862/150970 (executing program) 2025/08/29 09:59:16 fetching corpus: 2300, signal 128351/151685 (executing program) 2025/08/29 09:59:16 fetching corpus: 2350, signal 129016/152480 (executing program) 2025/08/29 09:59:16 fetching corpus: 2400, signal 130092/153413 (executing program) 2025/08/29 09:59:16 fetching corpus: 2450, signal 131074/154263 (executing program) 2025/08/29 09:59:16 fetching corpus: 2500, signal 132794/155373 (executing program) 2025/08/29 09:59:16 fetching corpus: 2550, signal 133847/156257 (executing program) 2025/08/29 09:59:16 fetching corpus: 2600, signal 134906/157074 (executing program) 2025/08/29 09:59:17 fetching corpus: 2650, signal 136040/157962 (executing program) 2025/08/29 09:59:17 fetching corpus: 2700, signal 136616/158557 (executing program) 2025/08/29 09:59:17 fetching corpus: 2750, signal 137656/159305 (executing program) 2025/08/29 09:59:17 fetching corpus: 2800, signal 138208/159918 (executing program) 2025/08/29 09:59:17 fetching corpus: 2850, signal 139243/160623 (executing program) 2025/08/29 09:59:17 fetching corpus: 2900, signal 139817/161153 (executing program) 2025/08/29 09:59:17 fetching corpus: 2950, signal 140435/161676 (executing program) 2025/08/29 09:59:17 fetching corpus: 3000, signal 141006/162223 (executing program) 2025/08/29 09:59:17 fetching corpus: 3050, signal 142517/162951 (executing program) 2025/08/29 09:59:17 fetching corpus: 3100, signal 143451/163544 (executing program) 2025/08/29 09:59:18 fetching corpus: 3150, signal 144176/164037 (executing program) 2025/08/29 09:59:18 fetching corpus: 3200, signal 144666/164451 (executing program) 2025/08/29 09:59:18 fetching corpus: 3250, signal 145080/164861 (executing program) 2025/08/29 09:59:18 fetching corpus: 3300, signal 145570/165266 (executing program) 2025/08/29 09:59:18 fetching corpus: 3350, signal 146343/165720 (executing program) 2025/08/29 09:59:18 fetching corpus: 3400, signal 146959/166143 (executing program) 2025/08/29 09:59:18 fetching corpus: 3450, signal 147591/166512 (executing program) 2025/08/29 09:59:18 fetching corpus: 3500, signal 148132/166893 (executing program) 2025/08/29 09:59:18 fetching corpus: 3550, signal 148627/167246 (executing program) 2025/08/29 09:59:18 fetching corpus: 3600, signal 149207/167580 (executing program) 2025/08/29 09:59:18 fetching corpus: 3650, signal 149791/167959 (executing program) 2025/08/29 09:59:19 fetching corpus: 3700, signal 150474/168279 (executing program) 2025/08/29 09:59:19 fetching corpus: 3750, signal 150982/168589 (executing program) 2025/08/29 09:59:19 fetching corpus: 3800, signal 151485/168891 (executing program) 2025/08/29 09:59:19 fetching corpus: 3850, signal 152377/169184 (executing program) 2025/08/29 09:59:19 fetching corpus: 3900, signal 152942/169439 (executing program) 2025/08/29 09:59:19 fetching corpus: 3950, signal 153410/169669 (executing program) 2025/08/29 09:59:19 fetching corpus: 4000, signal 154054/169918 (executing program) 2025/08/29 09:59:19 fetching corpus: 4050, signal 154657/170130 (executing program) 2025/08/29 09:59:19 fetching corpus: 4100, signal 155125/170271 (executing program) 2025/08/29 09:59:19 fetching corpus: 4150, signal 155967/170271 (executing program) 2025/08/29 09:59:20 fetching corpus: 4200, signal 156386/170288 (executing program) 2025/08/29 09:59:20 fetching corpus: 4250, signal 156708/170292 (executing program) 2025/08/29 09:59:20 fetching corpus: 4300, signal 157125/170296 (executing program) 2025/08/29 09:59:20 fetching corpus: 4350, signal 157705/170350 (executing program) 2025/08/29 09:59:20 fetching corpus: 4400, signal 158170/170359 (executing program) 2025/08/29 09:59:20 fetching corpus: 4450, signal 158687/170360 (executing program) 2025/08/29 09:59:20 fetching corpus: 4500, signal 159246/170368 (executing program) 2025/08/29 09:59:20 fetching corpus: 4550, signal 159787/170390 (executing program) 2025/08/29 09:59:20 fetching corpus: 4600, signal 160347/170402 (executing program) 2025/08/29 09:59:20 fetching corpus: 4650, signal 160647/170411 (executing program) 2025/08/29 09:59:21 fetching corpus: 4700, signal 161135/170413 (executing program) 2025/08/29 09:59:21 fetching corpus: 4750, signal 161470/170416 (executing program) 2025/08/29 09:59:21 fetching corpus: 4800, signal 162033/170428 (executing program) 2025/08/29 09:59:21 fetching corpus: 4850, signal 162334/170441 (executing program) 2025/08/29 09:59:21 fetching corpus: 4900, signal 162640/170452 (executing program) 2025/08/29 09:59:21 fetching corpus: 4950, signal 163110/170453 (executing program) 2025/08/29 09:59:21 fetching corpus: 5000, signal 163456/170461 (executing program) 2025/08/29 09:59:21 fetching corpus: 5050, signal 163881/170467 (executing program) 2025/08/29 09:59:21 fetching corpus: 5100, signal 164524/170478 (executing program) 2025/08/29 09:59:21 fetching corpus: 5150, signal 164811/170484 (executing program) 2025/08/29 09:59:21 fetching corpus: 5200, signal 165133/170505 (executing program) 2025/08/29 09:59:22 fetching corpus: 5250, signal 165707/170548 (executing program) 2025/08/29 09:59:22 fetching corpus: 5300, signal 166011/170567 (executing program) 2025/08/29 09:59:22 fetching corpus: 5350, signal 166373/170567 (executing program) 2025/08/29 09:59:22 fetching corpus: 5400, signal 166676/170587 (executing program) 2025/08/29 09:59:22 fetching corpus: 5450, signal 167001/170605 (executing program) 2025/08/29 09:59:22 fetching corpus: 5500, signal 167450/170605 (executing program) 2025/08/29 09:59:22 fetching corpus: 5550, signal 167796/170653 (executing program) 2025/08/29 09:59:22 fetching corpus: 5600, signal 168064/170659 (executing program) 2025/08/29 09:59:22 fetching corpus: 5633, signal 168344/170659 (executing program) 2025/08/29 09:59:22 fetching corpus: 5633, signal 168344/170659 (executing program) 2025/08/29 09:59:25 starting 8 fuzzer processes 09:59:25 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) 09:59:25 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x540b, &(0x7f0000000140)) 09:59:25 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f00000006c0)=[{&(0x7f0000000500)="df", 0x1}], 0x1) dup3(r1, r0, 0x0) recvmsg$unix(r0, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) 09:59:25 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}}) 09:59:25 executing program 7: openat$pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r0 = fork() process_vm_readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/211, 0xd3}], 0x1, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000240)=""/30, 0x1e}], 0x2, 0x0) 09:59:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x18, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 09:59:25 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$unix(r1, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:59:25 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xed, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000240)) [ 80.467206] audit: type=1400 audit(1756461565.581:7): avc: denied { execmem } for pid=280 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 81.712711] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.714545] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.716357] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.722307] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.723814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.725907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.727744] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.729170] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.730400] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.733822] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.735583] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.737983] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.739793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.742297] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.745158] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.746857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.748393] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.753691] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.770914] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.773494] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.776148] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.788696] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.793854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.797152] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.803222] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.805205] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.807183] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.813382] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.815199] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.822305] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.823952] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.826008] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.833675] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.837635] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.844721] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.847269] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.850044] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.852367] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.858026] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.864059] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 83.794933] Bluetooth: hci1: command tx timeout [ 83.795717] Bluetooth: hci0: command tx timeout [ 83.858524] Bluetooth: hci4: command tx timeout [ 83.859246] Bluetooth: hci3: command tx timeout [ 83.860149] Bluetooth: hci2: command tx timeout [ 83.922496] Bluetooth: hci6: command tx timeout [ 83.923101] Bluetooth: hci5: command tx timeout [ 83.923719] Bluetooth: hci7: command tx timeout [ 85.842904] Bluetooth: hci1: command tx timeout [ 85.843359] Bluetooth: hci0: command tx timeout [ 85.906565] Bluetooth: hci2: command tx timeout [ 85.906997] Bluetooth: hci3: command tx timeout [ 85.907372] Bluetooth: hci4: command tx timeout [ 85.970564] Bluetooth: hci7: command tx timeout [ 85.970985] Bluetooth: hci5: command tx timeout [ 85.971365] Bluetooth: hci6: command tx timeout [ 87.891507] Bluetooth: hci0: command tx timeout [ 87.891758] Bluetooth: hci1: command tx timeout [ 87.954999] Bluetooth: hci4: command tx timeout [ 87.955881] Bluetooth: hci3: command tx timeout [ 87.956386] Bluetooth: hci2: command tx timeout [ 88.018553] Bluetooth: hci6: command tx timeout [ 88.018626] Bluetooth: hci5: command tx timeout [ 88.019526] Bluetooth: hci7: command tx timeout [ 89.938640] Bluetooth: hci1: command tx timeout [ 89.938665] Bluetooth: hci0: command tx timeout [ 90.002470] Bluetooth: hci2: command tx timeout [ 90.002676] Bluetooth: hci4: command tx timeout [ 90.002898] Bluetooth: hci3: command tx timeout [ 90.066563] Bluetooth: hci5: command tx timeout [ 90.066980] Bluetooth: hci7: command tx timeout [ 90.067365] Bluetooth: hci6: command tx timeout [ 119.132547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.133264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.332471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.333386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.636821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.637473] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.865736] audit: type=1400 audit(1756461604.976:8): avc: denied { open } for pid=3701 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.873567] audit: type=1400 audit(1756461604.976:9): avc: denied { kernel } for pid=3701 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.931101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.932222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:00:05 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xed, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000240)) [ 120.120782] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.121392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:00:05 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xed, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000240)) 10:00:05 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xed, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000240)) [ 120.380532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.381803] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.683371] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 120.708388] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 10:00:05 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_capability(r0, &(0x7f0000000080), &(0x7f00000000c0)=@v2, 0x14, 0x0) 10:00:05 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}}) 10:00:06 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_capability(r0, &(0x7f0000000080), &(0x7f00000000c0)=@v2, 0x14, 0x0) [ 120.922784] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 10:00:06 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}}) 10:00:06 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_capability(r0, &(0x7f0000000080), &(0x7f00000000c0)=@v2, 0x14, 0x0) [ 121.073263] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 121.395644] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.396289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.470392] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.471042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.360942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.362015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.403344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.404067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.471458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.472149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.537240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.538243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.583319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.584184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.648183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.649163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.719319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.719983] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.762303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.762958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:00:08 executing program 7: openat$pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r0 = fork() process_vm_readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/211, 0xd3}], 0x1, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000240)=""/30, 0x1e}], 0x2, 0x0) 10:00:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x18, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 10:00:08 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) 10:00:08 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {'port', 0x22}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}}) 10:00:08 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_capability(r0, &(0x7f0000000080), &(0x7f00000000c0)=@v2, 0x14, 0x0) 10:00:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x540b, &(0x7f0000000140)) 10:00:08 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$unix(r1, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:00:08 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f00000006c0)=[{&(0x7f0000000500)="df", 0x1}], 0x1) dup3(r1, r0, 0x0) recvmsg$unix(r0, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) [ 122.946746] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 122.947688] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.948308] CPU: 1 UID: 0 PID: 3934 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.951696] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 122.952763] Tainted: [W]=WARN [ 122.952770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.952778] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.954774] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.956257] RSP: 0018:ffff8880466af780 EFLAGS: 00010012 [ 122.956690] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a32000 [ 122.957267] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.957857] RBP: ffff8880466af9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168e0 [ 122.958435] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 122.959018] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.959600] FS: 00007ff203991700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.960257] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.960730] CR2: 0000000020000140 CR3: 000000001bf0a000 CR4: 0000000000350ef0 [ 122.961309] Call Trace: [ 122.961524] [ 122.961717] ? __pfx_perf_tp_event+0x10/0x10 [ 122.962095] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 122.962604] ? lock_acquire+0x15e/0x2f0 [ 122.962938] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 122.963460] ? lock_is_held_type+0x9e/0x120 [ 122.963848] ? lock_is_held_type+0x9e/0x120 [ 122.964211] ? ctx_sched_in+0x134/0x9b0 [ 122.964539] ? kvm_sched_clock_read+0x16/0x30 [ 122.964916] ? sched_clock+0x37/0x60 [ 122.965238] ? sched_clock_cpu+0x6c/0x4e0 [ 122.965588] ? lock_is_held_type+0x9e/0x120 [ 122.965949] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.966364] ? lock_is_held_type+0x9e/0x120 [ 122.966721] perf_trace_run_bpf_submit+0xef/0x180 [ 122.967127] perf_trace_preemptirq_template+0x259/0x430 [ 122.967576] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.968070] ? check_preempt_wakeup_fair+0x406/0x950 [ 122.968486] ? find_held_lock+0x2b/0x80 [ 122.968825] ? try_to_wake_up+0x8ae/0x11d0 [ 122.969179] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.969596] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.970012] trace_hardirqs_on+0x26/0x40 [ 122.970345] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.970754] try_to_wake_up+0x8ae/0x11d0 [ 122.971093] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.971467] ? plist_del+0x122/0x270 [ 122.971784] ? find_held_lock+0x2b/0x80 [ 122.972131] ? futex_wake+0x474/0x540 [ 122.972454] wake_up_q+0xa1/0x130 [ 122.972745] futex_wake+0x47e/0x540 [ 122.973050] ? __pfx_futex_wake+0x10/0x10 [ 122.973396] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 122.973815] ? lock_release+0xc8/0x290 [ 122.974137] do_futex+0x26d/0x370 [ 122.974428] ? __pfx_do_futex+0x10/0x10 [ 122.974759] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.975197] ? find_held_lock+0x2b/0x80 [ 122.975529] __x64_sys_futex+0x1c9/0x4d0 [ 122.975872] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.976358] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.976735] ? xfd_validate_state+0x55/0x180 [ 122.977108] do_syscall_64+0xbf/0x360 [ 122.977429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.977851] RIP: 0033:0x7ff20641bb19 [ 122.978154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.979622] RSP: 002b:00007ff203991218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.980248] RAX: ffffffffffffffda RBX: 00007ff20652ef68 RCX: 00007ff20641bb19 [ 122.980843] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff20652ef6c [ 122.981443] RBP: 00007ff20652ef60 R08: 000000000000000e R09: 0000000000000000 [ 122.982028] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff20652ef6c [ 122.982612] R13: 00007ffcc66aebaf R14: 00007ff203991300 R15: 0000000000022000 [ 122.983204] [ 122.983399] Modules linked in: [ 122.983665] ---[ end trace 0000000000000000 ]--- [ 122.984067] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.984459] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.984614] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 122.985938] RSP: 0018:ffff8880466af780 EFLAGS: 00010012 [ 122.987673] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 122.988117] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a32000 [ 122.989445] CPU: 0 UID: 0 PID: 3935 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.990017] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.991840] Tainted: [D]=DIE, [W]=WARN [ 122.992399] RBP: ffff8880466af9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168e0 [ 122.992993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.993570] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 122.994831] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.995416] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.996137] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.996708] FS: 00007ff203991700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.999463] RSP: 0018:ffff8880465ff780 EFLAGS: 00010012 [ 123.000128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.000131] [ 123.000140] CR2: 0000000020000140 CR3: 000000001bf0a000 CR4: 0000000000350ef0 [ 123.000935] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.001404] note: syz-executor.3[3934] exited with irqs disabled [ 123.001668] RDX: ffff8880169e3700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.005318] RBP: ffff8880465ff9f0 R08: ffff88806ce31340 R09: ffffe8ffffc168e0 [ 123.006414] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 123.007507] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.008614] FS: 0000555584812400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.009849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.010744] CR2: 0000555584813c18 CR3: 0000000042928000 CR4: 0000000000350ef0 [ 123.011846] Call Trace: [ 123.012254] [ 123.012611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.013440] ? __pfx_perf_tp_event+0x10/0x10 [ 123.014138] ? __mutex_trylock_common+0xf9/0x260 [ 123.014883] ? arch_scale_cpu_capacity+0x17/0xa0 [ 123.015641] ? cpu_util.constprop.0+0x17d/0x340 [ 123.016390] ? __asan_memset+0x24/0x50 [ 123.017004] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 123.017844] ? lock_release+0x1c7/0x290 [ 123.018474] ? __pfx___mutex_lock+0x10/0x10 [ 123.019161] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 123.020039] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 123.020863] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.021643] ? __resched_curr+0x2a2/0x330 [ 123.022306] ? __pfx___resched_curr+0x10/0x10 [ 123.023021] perf_trace_run_bpf_submit+0xef/0x180 [ 123.023782] perf_trace_preemptirq_template+0x259/0x430 [ 123.024638] ? __pick_eevdf+0x326/0x570 [ 123.025259] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.026177] ? update_curr+0x39e/0x500 [ 123.026789] ? check_preempt_wakeup_fair+0x406/0x950 [ 123.027578] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.028377] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.029168] trace_hardirqs_on+0x26/0x40 [ 123.029798] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.030567] try_to_wake_up+0x8ae/0x11d0 [ 123.031212] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.031931] ? plist_del+0x122/0x270 [ 123.032524] ? __futex_unqueue+0xda/0x1c0 [ 123.033174] wake_up_q+0xa1/0x130 [ 123.033732] futex_wake+0x47e/0x540 [ 123.034314] ? __pfx_futex_wake+0x10/0x10 [ 123.034965] ? xfd_validate_state+0x55/0x180 [ 123.035665] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.036481] ? finish_task_switch.isra.0+0x206/0x840 [ 123.037281] do_futex+0x26d/0x370 [ 123.037833] ? __pfx_do_futex+0x10/0x10 [ 123.038457] ? __pfx___schedule+0x10/0x10 [ 123.039111] __x64_sys_futex+0x1c9/0x4d0 [ 123.039747] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.040681] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.041400] ? xfd_validate_state+0x55/0x180 [ 123.042103] do_syscall_64+0xbf/0x360 [ 123.042700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.043495] RIP: 0033:0x7f61a8a1db19 [ 123.044083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.046850] RSP: 002b:00007ffef56fcc68 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.048024] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f61a8a1db19 [ 123.049115] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f61a8b30f68 [ 123.050182] RBP: 00007f61a8b30f60 R08: 00007f61a5f93700 R09: 0000000000000000 [ 123.051231] R10: 00007f61a5f93700 R11: 0000000000000246 R12: 00007f61a8b35078 [ 123.052288] R13: 00007ffef56fcd70 R14: 00007f61a8b30f60 R15: 000000000001dff2 [ 123.053347] [ 123.053698] Modules linked in: [ 123.054182] ---[ end trace 0000000000000000 ]--- [ 123.054183] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 123.054199] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 123.054878] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.055747] CPU: 1 UID: 0 PID: 3934 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.056843] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.057212] Tainted: [D]=DIE, [W]=WARN [ 123.058915] RSP: 0018:ffff8880466af780 EFLAGS: 00010012 [ 123.060327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.060890] [ 123.061302] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.062494] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a32000 [ 123.062630] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.063299] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.063863] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 123.066500] RBP: ffff8880466af9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168e0 [ 123.067057] [ 123.067063] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 123.067835] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 123.068391] RDX: ffff888016475280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.068646] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.069196] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd168e0 [ 123.070230] FS: 0000555584812400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.070777] R10: 0000000000000000 R11: ffff888019d81098 R12: dffffc0000000000 [ 123.071809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.072368] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 123.073525] CR2: 0000555584813c18 CR3: 0000000042928000 CR4: 0000000000350ef0 [ 123.074073] FS: 00007ff203991700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.074941] note: syz-executor.4[3935] exited with irqs disabled [ 123.075488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.078074] CR2: 0000000020000140 CR3: 000000001bf0a000 CR4: 0000000000350ef0 [ 123.078631] Call Trace: [ 123.078839] [ 123.079017] ? __pfx_perf_tp_event+0x10/0x10 [ 123.079374] ? enqueue_task_fair+0xded/0x1e00 [ 123.079734] ? do_raw_spin_lock+0x123/0x260 [ 123.080086] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.080459] ? lock_acquire+0x18c/0x2f0 [ 123.080778] ? lock_release+0x1c7/0x290 [ 123.081096] ? do_raw_spin_unlock+0x53/0x220 [ 123.081453] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 123.081856] ? try_to_wake_up+0x128/0x11d0 [ 123.082197] ? do_raw_spin_lock+0x123/0x260 [ 123.082548] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.082924] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.083330] perf_trace_run_bpf_submit+0xef/0x180 [ 123.083719] perf_trace_preemptirq_template+0x259/0x430 [ 123.084155] ? read_tsc+0x9/0x20 [ 123.084433] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.084907] ? clockevents_program_event+0x135/0x360 [ 123.085314] ? tick_program_event+0xac/0x140 [ 123.085670] ? handle_softirqs+0x16e/0x770 [ 123.086019] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.086425] trace_hardirqs_on+0x26/0x40 [ 123.086751] handle_softirqs+0x16e/0x770 [ 123.087087] __irq_exit_rcu+0xc4/0x100 [ 123.087403] irq_exit_rcu+0x9/0x20 [ 123.087692] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.088093] [ 123.088275] [ 123.088457] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.088873] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.089249] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 123.090668] RSP: 0018:ffff8880466aff28 EFLAGS: 00000246 [ 123.091087] RAX: 0000000000000001 RBX: ffff888016475280 RCX: ffffffff817c2b86 [ 123.091646] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.092212] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 123.092771] R10: ffffffff8643ac57 R11: 3030303030302043 R12: ffff888016475280 [ 123.093330] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 123.093895] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.094320] ? make_task_dead+0x214/0x3b0 [ 123.094663] ? make_task_dead+0x214/0x3b0 [ 123.095006] ? do_syscall_64+0xbf/0x360 [ 123.095332] rewind_stack_and_make_dead+0x16/0x20 [ 123.095734] RIP: 0033:0x7ff20641bb19 [ 123.096057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.097531] RSP: 002b:00007ff203991218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.098164] RAX: ffffffffffffffda RBX: 00007ff20652ef68 RCX: 00007ff20641bb19 [ 123.098751] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff20652ef6c [ 123.099339] RBP: 00007ff20652ef60 R08: 000000000000000e R09: 0000000000000000 [ 123.099930] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff20652ef6c [ 123.100509] R13: 00007ffcc66aebaf R14: 00007ff203991300 R15: 0000000000022000 [ 123.101102] [ 123.101293] Modules linked in: [ 123.101571] ---[ end trace 0000000000000000 ]--- [ 123.101573] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 123.101951] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.103638] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.104021] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.105343] CPU: 0 UID: 0 PID: 3935 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.106797] RSP: 0018:ffff8880466af780 EFLAGS: 00010012 [ 123.108603] Tainted: [D]=DIE, [W]=WARN [ 123.109022] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a32000 [ 123.109612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.110192] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 123.111442] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.112025] RBP: ffff8880466af9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168e0 [ 123.112731] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.113323] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 123.116095] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 123.116674] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.116678] [ 123.116689] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.117113] FS: 00007ff203991700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.118194] RDX: ffff8880169e3700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.118335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.119418] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc168e0 [ 123.120074] CR2: 0000000020000140 CR3: 000000001bf0a000 CR4: 0000000000350ef0 [ 123.121157] R10: 0000000000000000 R11: 0000000000020fed R12: dffffc0000000000 [ 123.121634] Kernel panic - not syncing: Fatal exception in interrupt [ 124.167958] Shutting down cpus with NMI [ 124.170150] Kernel Offset: disabled [ 124.170439] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:00:08 Registers: info registers vcpu 0 RAX=0000000000000004 RBX=ffffea00002fcf80 RCX=0000000000000005 RDX=0000000000000000 RSI=0000000000000286 RDI=ffff888008c4a918 RBP=ffff888008c4a900 RSP=ffff888016fd7aa8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000003 R11=ffff88806ce3bb10 R12=ffff888008c4a948 R13=ffff888008c4b780 R14=ffffea0000329e80 R15=ffff888008c4a900 RIP=ffffffff84bde39d RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe529a178c0 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020002002 CR3=000000000dd41000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffff00000000000000000000 XMM02=000000000000317570632f302f716d2f XMM03=7269762f736563697665642f7379732f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=0000560229f74bb00000000400000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880466af0e0 R8 =0000000000000000 R9 =ffffed10016c3046 R10=0000000000000020 R11=552031203a555043 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff203991700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000140 CR3=000000001bf0a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007ff2065027c000007ff2065027c8 XMM02=00007ff2065027e000007ff2065027c0 XMM03=00007ff2065027c800007ff2065027c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000