Warning: Permanently added '[localhost]:13176' (ECDSA) to the list of known hosts. 2025/08/29 10:00:52 fuzzer started 2025/08/29 10:00:52 dialing manager at localhost:43077 syzkaller login: [ 58.624339] cgroup: Unknown subsys name 'net' [ 58.703338] cgroup: Unknown subsys name 'cpuset' [ 58.718674] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:01:04 syscalls: 2214 2025/08/29 10:01:04 code coverage: enabled 2025/08/29 10:01:04 comparison tracing: enabled 2025/08/29 10:01:04 extra coverage: enabled 2025/08/29 10:01:04 setuid sandbox: enabled 2025/08/29 10:01:04 namespace sandbox: enabled 2025/08/29 10:01:04 Android sandbox: enabled 2025/08/29 10:01:04 fault injection: enabled 2025/08/29 10:01:04 leak checking: enabled 2025/08/29 10:01:04 net packet injection: enabled 2025/08/29 10:01:04 net device setup: enabled 2025/08/29 10:01:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:01:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:01:04 USB emulation: enabled 2025/08/29 10:01:04 hci packet injection: enabled 2025/08/29 10:01:04 wifi device emulation: enabled 2025/08/29 10:01:04 802.15.4 emulation: enabled 2025/08/29 10:01:04 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:01:04 fetching corpus: 50, signal 18738/22291 (executing program) 2025/08/29 10:01:04 fetching corpus: 100, signal 29122/34046 (executing program) 2025/08/29 10:01:04 fetching corpus: 150, signal 38290/44403 (executing program) 2025/08/29 10:01:04 fetching corpus: 200, signal 46759/53948 (executing program) 2025/08/29 10:01:04 fetching corpus: 250, signal 52441/60701 (executing program) 2025/08/29 10:01:04 fetching corpus: 300, signal 56990/66251 (executing program) 2025/08/29 10:01:04 fetching corpus: 350, signal 61956/72085 (executing program) 2025/08/29 10:01:04 fetching corpus: 400, signal 65065/76149 (executing program) 2025/08/29 10:01:04 fetching corpus: 450, signal 67598/79628 (executing program) 2025/08/29 10:01:05 fetching corpus: 500, signal 72326/84970 (executing program) 2025/08/29 10:01:05 fetching corpus: 550, signal 75531/88918 (executing program) 2025/08/29 10:01:05 fetching corpus: 600, signal 78734/92719 (executing program) 2025/08/29 10:01:05 fetching corpus: 650, signal 82984/97330 (executing program) 2025/08/29 10:01:05 fetching corpus: 700, signal 85763/100629 (executing program) 2025/08/29 10:01:05 fetching corpus: 750, signal 87983/103444 (executing program) 2025/08/29 10:01:05 fetching corpus: 800, signal 90312/106237 (executing program) 2025/08/29 10:01:05 fetching corpus: 850, signal 92491/108918 (executing program) 2025/08/29 10:01:05 fetching corpus: 900, signal 94816/111686 (executing program) 2025/08/29 10:01:06 fetching corpus: 950, signal 96602/113947 (executing program) 2025/08/29 10:01:06 fetching corpus: 1000, signal 99379/116858 (executing program) 2025/08/29 10:01:06 fetching corpus: 1050, signal 100674/118652 (executing program) 2025/08/29 10:01:06 fetching corpus: 1100, signal 102223/120607 (executing program) 2025/08/29 10:01:06 fetching corpus: 1150, signal 103615/122414 (executing program) 2025/08/29 10:01:06 fetching corpus: 1200, signal 104872/124131 (executing program) 2025/08/29 10:01:06 fetching corpus: 1250, signal 106227/125837 (executing program) 2025/08/29 10:01:06 fetching corpus: 1300, signal 107270/127336 (executing program) 2025/08/29 10:01:06 fetching corpus: 1350, signal 109083/129275 (executing program) 2025/08/29 10:01:06 fetching corpus: 1400, signal 109890/130491 (executing program) 2025/08/29 10:01:07 fetching corpus: 1450, signal 110756/131744 (executing program) 2025/08/29 10:01:07 fetching corpus: 1500, signal 111760/133095 (executing program) 2025/08/29 10:01:07 fetching corpus: 1550, signal 112839/134500 (executing program) 2025/08/29 10:01:07 fetching corpus: 1600, signal 114407/136190 (executing program) 2025/08/29 10:01:07 fetching corpus: 1650, signal 115189/137339 (executing program) 2025/08/29 10:01:07 fetching corpus: 1700, signal 116069/138540 (executing program) 2025/08/29 10:01:07 fetching corpus: 1750, signal 117270/139873 (executing program) 2025/08/29 10:01:07 fetching corpus: 1800, signal 118569/141294 (executing program) 2025/08/29 10:01:07 fetching corpus: 1850, signal 119144/142219 (executing program) 2025/08/29 10:01:07 fetching corpus: 1900, signal 120258/143415 (executing program) 2025/08/29 10:01:07 fetching corpus: 1950, signal 121339/144551 (executing program) 2025/08/29 10:01:07 fetching corpus: 2000, signal 122098/145513 (executing program) 2025/08/29 10:01:08 fetching corpus: 2050, signal 123192/146716 (executing program) 2025/08/29 10:01:08 fetching corpus: 2100, signal 124462/147877 (executing program) 2025/08/29 10:01:08 fetching corpus: 2150, signal 125192/148696 (executing program) 2025/08/29 10:01:08 fetching corpus: 2200, signal 126148/149650 (executing program) 2025/08/29 10:01:08 fetching corpus: 2250, signal 126723/150424 (executing program) 2025/08/29 10:01:08 fetching corpus: 2300, signal 128105/151544 (executing program) 2025/08/29 10:01:08 fetching corpus: 2350, signal 129243/152534 (executing program) 2025/08/29 10:01:08 fetching corpus: 2400, signal 130143/153459 (executing program) 2025/08/29 10:01:08 fetching corpus: 2450, signal 130979/154277 (executing program) 2025/08/29 10:01:08 fetching corpus: 2500, signal 131878/155090 (executing program) 2025/08/29 10:01:08 fetching corpus: 2550, signal 133030/156004 (executing program) 2025/08/29 10:01:08 fetching corpus: 2600, signal 133852/156765 (executing program) 2025/08/29 10:01:09 fetching corpus: 2650, signal 134869/157598 (executing program) 2025/08/29 10:01:09 fetching corpus: 2700, signal 135434/158231 (executing program) 2025/08/29 10:01:09 fetching corpus: 2750, signal 135846/158793 (executing program) 2025/08/29 10:01:09 fetching corpus: 2800, signal 136638/159496 (executing program) 2025/08/29 10:01:09 fetching corpus: 2850, signal 137201/160133 (executing program) 2025/08/29 10:01:09 fetching corpus: 2900, signal 138245/160829 (executing program) 2025/08/29 10:01:09 fetching corpus: 2950, signal 139020/161460 (executing program) 2025/08/29 10:01:09 fetching corpus: 3000, signal 139829/162080 (executing program) 2025/08/29 10:01:09 fetching corpus: 3050, signal 140475/162602 (executing program) 2025/08/29 10:01:09 fetching corpus: 3100, signal 140932/163068 (executing program) 2025/08/29 10:01:10 fetching corpus: 3150, signal 141322/163463 (executing program) 2025/08/29 10:01:10 fetching corpus: 3200, signal 141931/163989 (executing program) 2025/08/29 10:01:10 fetching corpus: 3250, signal 143604/164653 (executing program) 2025/08/29 10:01:10 fetching corpus: 3300, signal 144375/165119 (executing program) 2025/08/29 10:01:10 fetching corpus: 3350, signal 144814/165489 (executing program) 2025/08/29 10:01:10 fetching corpus: 3400, signal 145319/165880 (executing program) 2025/08/29 10:01:10 fetching corpus: 3450, signal 145724/166227 (executing program) 2025/08/29 10:01:10 fetching corpus: 3500, signal 146709/166645 (executing program) 2025/08/29 10:01:10 fetching corpus: 3550, signal 147070/167003 (executing program) 2025/08/29 10:01:10 fetching corpus: 3600, signal 147906/167406 (executing program) 2025/08/29 10:01:10 fetching corpus: 3650, signal 148415/167741 (executing program) 2025/08/29 10:01:11 fetching corpus: 3700, signal 149157/168188 (executing program) 2025/08/29 10:01:11 fetching corpus: 3750, signal 149434/168456 (executing program) 2025/08/29 10:01:11 fetching corpus: 3800, signal 150101/168783 (executing program) 2025/08/29 10:01:11 fetching corpus: 3850, signal 150593/169040 (executing program) 2025/08/29 10:01:11 fetching corpus: 3900, signal 151096/169323 (executing program) 2025/08/29 10:01:11 fetching corpus: 3950, signal 151759/169581 (executing program) 2025/08/29 10:01:11 fetching corpus: 4000, signal 152180/169818 (executing program) 2025/08/29 10:01:11 fetching corpus: 4050, signal 152634/170028 (executing program) 2025/08/29 10:01:11 fetching corpus: 4100, signal 153307/170248 (executing program) 2025/08/29 10:01:11 fetching corpus: 4150, signal 153645/170258 (executing program) 2025/08/29 10:01:11 fetching corpus: 4200, signal 154345/170258 (executing program) 2025/08/29 10:01:12 fetching corpus: 4250, signal 154929/170267 (executing program) 2025/08/29 10:01:12 fetching corpus: 4300, signal 155447/170301 (executing program) 2025/08/29 10:01:12 fetching corpus: 4350, signal 155897/170362 (executing program) 2025/08/29 10:01:12 fetching corpus: 4400, signal 156276/170371 (executing program) 2025/08/29 10:01:12 fetching corpus: 4450, signal 156654/170371 (executing program) 2025/08/29 10:01:12 fetching corpus: 4500, signal 156949/170378 (executing program) 2025/08/29 10:01:12 fetching corpus: 4550, signal 157265/170406 (executing program) 2025/08/29 10:01:12 fetching corpus: 4600, signal 158088/170432 (executing program) 2025/08/29 10:01:12 fetching corpus: 4650, signal 159131/170432 (executing program) 2025/08/29 10:01:12 fetching corpus: 4700, signal 159661/170433 (executing program) 2025/08/29 10:01:13 fetching corpus: 4750, signal 160143/170446 (executing program) 2025/08/29 10:01:13 fetching corpus: 4800, signal 160975/170532 (executing program) 2025/08/29 10:01:13 fetching corpus: 4850, signal 161294/170540 (executing program) 2025/08/29 10:01:13 fetching corpus: 4900, signal 161648/170550 (executing program) 2025/08/29 10:01:13 fetching corpus: 4950, signal 162201/170584 (executing program) 2025/08/29 10:01:13 fetching corpus: 5000, signal 162684/170590 (executing program) 2025/08/29 10:01:13 fetching corpus: 5050, signal 163070/170612 (executing program) 2025/08/29 10:01:13 fetching corpus: 5100, signal 163527/170614 (executing program) 2025/08/29 10:01:13 fetching corpus: 5150, signal 163861/170621 (executing program) 2025/08/29 10:01:13 fetching corpus: 5200, signal 164427/170633 (executing program) 2025/08/29 10:01:13 fetching corpus: 5250, signal 165107/170652 (executing program) 2025/08/29 10:01:14 fetching corpus: 5300, signal 165616/170659 (executing program) 2025/08/29 10:01:14 fetching corpus: 5350, signal 165975/170665 (executing program) 2025/08/29 10:01:14 fetching corpus: 5400, signal 166308/170701 (executing program) 2025/08/29 10:01:14 fetching corpus: 5450, signal 166695/170722 (executing program) 2025/08/29 10:01:14 fetching corpus: 5500, signal 167076/170729 (executing program) 2025/08/29 10:01:14 fetching corpus: 5550, signal 167558/170750 (executing program) 2025/08/29 10:01:14 fetching corpus: 5600, signal 168098/170766 (executing program) 2025/08/29 10:01:14 fetching corpus: 5649, signal 168451/170766 (executing program) 2025/08/29 10:01:14 fetching corpus: 5649, signal 168451/170766 (executing program) 2025/08/29 10:01:16 starting 8 fuzzer processes 10:01:16 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSETLED(r0, 0x5410, 0x0) 10:01:16 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$FIBMAP(r0, 0x401870cb, 0x0) 10:01:16 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000001540)=@updsa={0x154, 0x1a, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@dev}, {@in6=@local, 0x0, 0x6c}, @in6=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_esn_val={0x1c}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x154}}, 0x0) 10:01:16 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x20, 0x0, "22b92640ca60f1fcb72435b2b829bb3e2eb5b61b16835d75280d18178d16d9b39afdf4eadac9f7d1d743bececd15a6059f91322c27e6be2a8e5c3f2e9a58c9e8801fe910f9a643e38c4c4c3ea5ed2121"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000013c0)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0x34, 0x0, "8e85834ae3bf5beb4f2513c93a7f29081871ed797682832cae363cf54c7e5b5997a41ee20473853b3fbb99a4212255d669319ddf1e5dc0a1d8f2a673981601ee5316f47be6ccd6bc6f72d8e33fb09f24"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x12, 0x0, "535ca0e83c0787cdc939d139d4189f80e4333eee2eb99d8ff9a6c095a443cb8e62b988cf98975941b28d3880af3c69791e1bb05e9a46be1686e72e0ae9e8f2a894d3f5de84da3233cd4997474b09782e"}, 0xd8) 10:01:16 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x80045440, &(0x7f00000000c0)) [ 82.567337] audit: type=1400 audit(1756461676.609:7): avc: denied { execmem } for pid=280 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:01:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') pread64(r0, &(0x7f0000000140)=""/182, 0xb6, 0x0) 10:01:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0xfffffffffffffffd, 0x0) 10:01:16 executing program 6: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) [ 83.678425] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.683166] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.687812] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.694488] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.696978] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.873893] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.877936] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.881497] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.888445] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.892942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.939189] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.940778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.943149] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.945217] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.950963] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.955532] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.956778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.958809] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.965280] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 83.967911] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.969162] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.971525] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.978067] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 83.979713] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 83.981491] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.983625] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 83.985725] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 83.991673] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.995926] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.003329] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.005865] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.007568] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.010623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.014750] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 84.016443] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 84.018620] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 84.021251] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.031668] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.071397] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 84.084044] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 85.775319] Bluetooth: hci0: command tx timeout [ 85.966370] Bluetooth: hci1: command tx timeout [ 86.032132] Bluetooth: hci2: command tx timeout [ 86.094368] Bluetooth: hci7: command tx timeout [ 86.095367] Bluetooth: hci4: command tx timeout [ 86.095970] Bluetooth: hci3: command tx timeout [ 86.097201] Bluetooth: hci5: command tx timeout [ 86.158175] Bluetooth: hci6: command tx timeout [ 87.823134] Bluetooth: hci0: command tx timeout [ 88.014310] Bluetooth: hci1: command tx timeout [ 88.079103] Bluetooth: hci2: command tx timeout [ 88.142296] Bluetooth: hci7: command tx timeout [ 88.142725] Bluetooth: hci3: command tx timeout [ 88.143950] Bluetooth: hci5: command tx timeout [ 88.144504] Bluetooth: hci4: command tx timeout [ 88.209138] Bluetooth: hci6: command tx timeout [ 89.870120] Bluetooth: hci0: command tx timeout [ 90.062158] Bluetooth: hci1: command tx timeout [ 90.127119] Bluetooth: hci2: command tx timeout [ 90.193109] Bluetooth: hci5: command tx timeout [ 90.193548] Bluetooth: hci4: command tx timeout [ 90.193952] Bluetooth: hci3: command tx timeout [ 90.194706] Bluetooth: hci7: command tx timeout [ 90.255118] Bluetooth: hci6: command tx timeout [ 91.919356] Bluetooth: hci0: command tx timeout [ 92.111121] Bluetooth: hci1: command tx timeout [ 92.176164] Bluetooth: hci2: command tx timeout [ 92.239195] Bluetooth: hci7: command tx timeout [ 92.239759] Bluetooth: hci5: command tx timeout [ 92.240777] Bluetooth: hci3: command tx timeout [ 92.241213] Bluetooth: hci4: command tx timeout [ 92.303135] Bluetooth: hci6: command tx timeout [ 120.681271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.681943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.804013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.805026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.007345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.007964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.167015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.167789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:01:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x20, 0x0, "22b92640ca60f1fcb72435b2b829bb3e2eb5b61b16835d75280d18178d16d9b39afdf4eadac9f7d1d743bececd15a6059f91322c27e6be2a8e5c3f2e9a58c9e8801fe910f9a643e38c4c4c3ea5ed2121"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000013c0)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0x34, 0x0, "8e85834ae3bf5beb4f2513c93a7f29081871ed797682832cae363cf54c7e5b5997a41ee20473853b3fbb99a4212255d669319ddf1e5dc0a1d8f2a673981601ee5316f47be6ccd6bc6f72d8e33fb09f24"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x12, 0x0, "535ca0e83c0787cdc939d139d4189f80e4333eee2eb99d8ff9a6c095a443cb8e62b988cf98975941b28d3880af3c69791e1bb05e9a46be1686e72e0ae9e8f2a894d3f5de84da3233cd4997474b09782e"}, 0xd8) 10:01:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x20, 0x0, "22b92640ca60f1fcb72435b2b829bb3e2eb5b61b16835d75280d18178d16d9b39afdf4eadac9f7d1d743bececd15a6059f91322c27e6be2a8e5c3f2e9a58c9e8801fe910f9a643e38c4c4c3ea5ed2121"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000013c0)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0x34, 0x0, "8e85834ae3bf5beb4f2513c93a7f29081871ed797682832cae363cf54c7e5b5997a41ee20473853b3fbb99a4212255d669319ddf1e5dc0a1d8f2a673981601ee5316f47be6ccd6bc6f72d8e33fb09f24"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x12, 0x0, "535ca0e83c0787cdc939d139d4189f80e4333eee2eb99d8ff9a6c095a443cb8e62b988cf98975941b28d3880af3c69791e1bb05e9a46be1686e72e0ae9e8f2a894d3f5de84da3233cd4997474b09782e"}, 0xd8) 10:01:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x20, 0x0, "22b92640ca60f1fcb72435b2b829bb3e2eb5b61b16835d75280d18178d16d9b39afdf4eadac9f7d1d743bececd15a6059f91322c27e6be2a8e5c3f2e9a58c9e8801fe910f9a643e38c4c4c3ea5ed2121"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000013c0)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0x34, 0x0, "8e85834ae3bf5beb4f2513c93a7f29081871ed797682832cae363cf54c7e5b5997a41ee20473853b3fbb99a4212255d669319ddf1e5dc0a1d8f2a673981601ee5316f47be6ccd6bc6f72d8e33fb09f24"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x12, 0x0, "535ca0e83c0787cdc939d139d4189f80e4333eee2eb99d8ff9a6c095a443cb8e62b988cf98975941b28d3880af3c69791e1bb05e9a46be1686e72e0ae9e8f2a894d3f5de84da3233cd4997474b09782e"}, 0xd8) [ 121.575687] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.577095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:01:55 executing program 6: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) 10:01:55 executing program 1: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) 10:01:55 executing program 6: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) [ 121.742256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.742851] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:01:55 executing program 1: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) 10:01:55 executing program 1: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) [ 122.085834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.086501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.169250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.169873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.447141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.447735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.501701] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.502344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.915418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.916049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.989766] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.990636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.153635] audit: type=1400 audit(1756461717.195:8): avc: denied { open } for pid=3917 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.159276] audit: type=1400 audit(1756461717.195:9): avc: denied { kernel } for pid=3917 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.170155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.170181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.228043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.228706] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.275281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.275914] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.319471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.320289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:01:57 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSETLED(r0, 0x5410, 0x0) 10:01:57 executing program 6: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000180)={0x1}, 0x8, 0x0) msgrcv(r0, &(0x7f00000003c0)={0x0, ""/4096}, 0x1008, 0x8efa9372ac31c0b7, 0x0) msgrcv(r0, &(0x7f0000000300)={0x0, ""/23}, 0x1f, 0x0, 0x0) 10:01:57 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0xfffffffffffffffd, 0x0) 10:01:57 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x80045440, &(0x7f00000000c0)) 10:01:57 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') pread64(r0, &(0x7f0000000140)=""/182, 0xb6, 0x0) 10:01:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x20, 0x0, "22b92640ca60f1fcb72435b2b829bb3e2eb5b61b16835d75280d18178d16d9b39afdf4eadac9f7d1d743bececd15a6059f91322c27e6be2a8e5c3f2e9a58c9e8801fe910f9a643e38c4c4c3ea5ed2121"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000013c0)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0x34, 0x0, "8e85834ae3bf5beb4f2513c93a7f29081871ed797682832cae363cf54c7e5b5997a41ee20473853b3fbb99a4212255d669319ddf1e5dc0a1d8f2a673981601ee5316f47be6ccd6bc6f72d8e33fb09f24"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x12, 0x0, "535ca0e83c0787cdc939d139d4189f80e4333eee2eb99d8ff9a6c095a443cb8e62b988cf98975941b28d3880af3c69791e1bb05e9a46be1686e72e0ae9e8f2a894d3f5de84da3233cd4997474b09782e"}, 0xd8) 10:01:57 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$FIBMAP(r0, 0x401870cb, 0x0) 10:01:57 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000001540)=@updsa={0x154, 0x1a, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@dev}, {@in6=@local, 0x0, 0x6c}, @in6=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_esn_val={0x1c}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x154}}, 0x0) 10:01:57 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x80045440, &(0x7f00000000c0)) 10:01:57 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSETLED(r0, 0x5410, 0x0) 10:01:57 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') pread64(r0, &(0x7f0000000140)=""/182, 0xb6, 0x0) 10:01:57 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000001540)=@updsa={0x154, 0x1a, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@dev}, {@in6=@local, 0x0, 0x6c}, @in6=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_esn_val={0x1c}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x154}}, 0x0) [ 123.575271] Oops: general protection fault, probably for non-canonical address 0xfcfffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.576319] KASAN: maybe wild-memory-access in range [0xe800000000000190-0xe800000000000197] [ 123.577082] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.580176] Tainted: [W]=WARN [ 123.581183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.583134] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.583818] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.585153] RSP: 0018:ffff888014367800 EFLAGS: 00010212 [ 123.585562] RAX: 1d00000000000032 RBX: e7ffffffffffffa0 RCX: ffffc90006a5a000 [ 123.586110] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: e800000000000190 [ 123.586654] RBP: ffff888014367a70 R08: ffff88806ce31340 R09: ffffe8ffffc166e8 [ 123.587201] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.587750] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.588299] FS: 00007fb3b96f7700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.588975] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.589510] CR2: 00007fb3bc295018 CR3: 0000000017699000 CR4: 0000000000350ef0 [ 123.590154] Call Trace: [ 123.590396] [ 123.590611] ? perf_swevent_event+0x63/0x3f0 [ 123.591032] ? __pfx_perf_tp_event+0x10/0x10 [ 123.591443] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 123.591840] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 123.592225] ? perf_swevent_event+0x63/0x3f0 [ 123.592569] ? perf_tp_event+0x807/0xe70 [ 123.592891] ? __pfx_perf_tp_event+0x10/0x10 [ 123.593247] ? __perf_install_in_context+0x503/0xb90 [ 123.593640] ? do_raw_spin_unlock+0x53/0x220 [ 123.593990] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.594408] perf_trace_run_bpf_submit+0xef/0x180 [ 123.594860] perf_trace_lock+0x337/0x5d0 [ 123.595235] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.595664] ? lock_acquire+0x15e/0x2f0 [ 123.596030] ? futex_ref_get+0x48/0x300 [ 123.596399] ? futex_ref_get+0x114/0x300 [ 123.596769] ? futex_hash+0x15c/0x390 [ 123.597119] lock_release+0x1ab/0x290 [ 123.597438] ? futex_hash+0x15c/0x390 [ 123.597744] futex_ref_get+0x119/0x300 [ 123.598062] ? futex_hash+0x15c/0x390 [ 123.598367] futex_hash+0x70/0x390 [ 123.598657] futex_wake+0x143/0x540 [ 123.598953] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.599325] ? __pfx_futex_wake+0x10/0x10 [ 123.599660] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 123.600127] ? lock_release+0xc8/0x290 [ 123.600497] do_futex+0x26d/0x370 [ 123.600821] ? __pfx_do_futex+0x10/0x10 [ 123.601197] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 123.601695] ? find_held_lock+0x2b/0x80 [ 123.602074] __x64_sys_futex+0x1c9/0x4d0 [ 123.602451] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.602856] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.603276] do_syscall_64+0xbf/0x360 [ 123.603581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.603985] RIP: 0033:0x7fb3bc181b19 [ 123.604281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.605740] RSP: 002b:00007fb3b96f7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.606420] RAX: ffffffffffffffda RBX: 00007fb3bc294f68 RCX: 00007fb3bc181b19 [ 123.607073] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb3bc294f6c [ 123.607714] RBP: 00007fb3bc294f60 R08: 000000000000000e R09: 0000000000000000 [ 123.608358] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb3bc294f6c [ 123.608912] R13: 00007ffc8bd20e0f R14: 00007fb3b96f7300 R15: 0000000000022000 [ 123.609480] [ 123.609664] Modules linked in: [ 123.609973] Oops: general protection fault, probably for non-canonical address 0xfcfffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 123.610823] KASAN: maybe wild-memory-access in range [0xe800000000000190-0xe800000000000197] [ 123.611516] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.612579] Tainted: [D]=DIE, [W]=WARN [ 123.612927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.613709] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.614137] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.615529] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 123.615941] RAX: 1d00000000000032 RBX: e7ffffffffffffa0 RCX: ffffffff81898973 [ 123.616486] RDX: ffff888017035280 RSI: ffffffff818995b7 RDI: e800000000000190 [ 123.617045] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc166e8 [ 123.617735] R10: 0000000000000000 R11: ffff8880172cb098 R12: dffffc0000000000 [ 123.618298] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 123.618863] FS: 00007fb3b96f7700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.619504] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.619965] CR2: 00007fb3bc295018 CR3: 0000000017699000 CR4: 0000000000350ef0 [ 123.620541] Call Trace: [ 123.620766] [ 123.620964] ? __pfx_perf_tp_event+0x10/0x10 [ 123.621355] ? sched_clock_cpu+0x6c/0x4e0 [ 123.621709] ? exc_int3+0x18/0xd0 [ 123.622006] ? perf_trace_lock+0xb5/0x5d0 [ 123.622356] ? tmigr_handle_remote_up+0x832/0xa10 [ 123.622761] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.623139] ? tmigr_next_groupevt+0x162/0x1e0 [ 123.623524] ? tmigr_handle_remote_up+0x832/0xa10 [ 123.623943] ? lock_release+0x172/0x290 [ 123.624313] ? kvm_sched_clock_read+0x16/0x30 [ 123.624827] ? sched_clock+0x37/0x60 [ 123.625177] ? sched_clock_cpu+0x6c/0x4e0 [ 123.625570] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.626022] perf_trace_run_bpf_submit+0xef/0x180 [ 123.626476] perf_trace_lock+0x337/0x5d0 [ 123.626847] ? update_cfs_group+0x11d/0x260 [ 123.627188] ? kvm_sched_clock_read+0x16/0x30 [ 123.627539] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.627891] ? check_preempt_wakeup_fair+0x6e/0x950 [ 123.628274] ? sched_ttwu_pending+0x2e0/0x4a0 [ 123.628627] lock_release+0x1ab/0x290 [ 123.628923] ? ttwu_do_activate+0x1a4/0x8a0 [ 123.629271] _raw_spin_unlock+0x16/0x40 [ 123.629581] sched_ttwu_pending+0x2e0/0x4a0 [ 123.629925] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 123.630305] __flush_smp_call_function_queue+0x434/0x740 [ 123.630724] __sysvec_call_function_single+0x6d/0x370 [ 123.631124] sysvec_call_function_single+0xa1/0xc0 [ 123.631509] [ 123.631685] [ 123.631862] asm_sysvec_call_function_single+0x1a/0x20 [ 123.632269] RIP: 0010:oops_exit+0x0/0x50 [ 123.632635] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 123.634254] RSP: 0018:ffff888014367690 EFLAGS: 00000202 [ 123.634730] RAX: 000000000002ad59 RBX: 0000000000000216 RCX: ffffc90006a5a000 [ 123.635378] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 123.635919] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 123.636460] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888014367758 [ 123.636997] R13: 0000000000000000 R14: fcfffc0000000032 R15: 0000000000000000 [ 123.637559] ? oops_end+0x4a/0xe0 [ 123.637843] oops_end+0x65/0xe0 [ 123.638113] exc_general_protection+0x1a2/0x330 [ 123.638494] asm_exc_general_protection+0x26/0x30 [ 123.638869] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.639235] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.640623] RSP: 0018:ffff888014367800 EFLAGS: 00010212 [ 123.641034] RAX: 1d00000000000032 RBX: e7ffffffffffffa0 RCX: ffffc90006a5a000 [ 123.641592] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: e800000000000190 [ 123.642136] RBP: ffff888014367a70 R08: ffff88806ce31340 R09: ffffe8ffffc166e8 [ 123.642679] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.643224] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.643774] ? perf_tp_event+0x167/0xe70 [ 123.644094] ? perf_swevent_event+0x63/0x3f0 [ 123.644443] ? __pfx_perf_tp_event+0x10/0x10 [ 123.644789] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 123.645177] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 123.645574] ? perf_swevent_event+0x63/0x3f0 [ 123.645921] ? perf_tp_event+0x807/0xe70 [ 123.646246] ? __pfx_perf_tp_event+0x10/0x10 [ 123.646591] ? __perf_install_in_context+0x503/0xb90 [ 123.646968] ? do_raw_spin_unlock+0x53/0x220 [ 123.647309] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.647683] perf_trace_run_bpf_submit+0xef/0x180 [ 123.648048] perf_trace_lock+0x337/0x5d0 [ 123.648356] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.648701] ? lock_acquire+0x15e/0x2f0 [ 123.648999] ? futex_ref_get+0x48/0x300 [ 123.649303] ? futex_ref_get+0x114/0x300 [ 123.649605] ? futex_hash+0x15c/0x390 [ 123.649892] lock_release+0x1ab/0x290 [ 123.650181] ? futex_hash+0x15c/0x390 [ 123.650465] futex_ref_get+0x119/0x300 [ 123.650773] ? futex_hash+0x15c/0x390 [ 123.651070] futex_hash+0x70/0x390 [ 123.651351] futex_wake+0x143/0x540 [ 123.651678] ? __pfx_perf_trace_lock+0x10/0x10 [ 123.652106] ? __pfx_futex_wake+0x10/0x10 [ 123.652490] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 123.652946] ? lock_release+0xc8/0x290 [ 123.653316] do_futex+0x26d/0x370 [ 123.653636] ? __pfx_do_futex+0x10/0x10 [ 123.653994] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 123.654469] ? find_held_lock+0x2b/0x80 [ 123.654783] __x64_sys_futex+0x1c9/0x4d0 [ 123.655140] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.655557] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 123.656023] do_syscall_64+0xbf/0x360 [ 123.656368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.656827] RIP: 0033:0x7fb3bc181b19 [ 123.657165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.658576] RSP: 002b:00007fb3b96f7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.659131] RAX: ffffffffffffffda RBX: 00007fb3bc294f68 RCX: 00007fb3bc181b19 [ 123.659650] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb3bc294f6c [ 123.660167] RBP: 00007fb3bc294f60 R08: 000000000000000e R09: 0000000000000000 [ 123.660689] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb3bc294f6c [ 123.661217] R13: 00007ffc8bd20e0f R14: 00007fb3b96f7300 R15: 0000000000022000 [ 123.661775] [ 123.661959] Modules linked in: [ 123.662213] ---[ end trace 0000000000000000 ]--- [ 123.662578] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.662942] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.664330] RSP: 0018:ffff888014367800 EFLAGS: 00010212 [ 123.664738] RAX: 1d00000000000032 RBX: e7ffffffffffffa0 RCX: ffffc90006a5a000 [ 123.665293] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: e800000000000190 [ 123.665841] RBP: ffff888014367a70 R08: ffff88806ce31340 R09: ffffe8ffffc166e8 [ 123.666390] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.666936] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.667482] FS: 00007fb3b96f7700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 123.668097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.668542] CR2: 00007fb3bc295018 CR3: 0000000017699000 CR4: 0000000000350ef0 [ 123.669090] Kernel panic - not syncing: Fatal exception in interrupt [ 124.713530] Shutting down cpus with NMI [ 124.713961] Kernel Offset: disabled [ 124.714231] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:01:57 Registers: info registers vcpu 0 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888014367198 R8 =0000000000000000 R9 =ffffed10013e4046 R10=000000000000002e R11=3a6465746e696154 R12=000000000000002e R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb3b96f7700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb3bc295018 CR3=0000000017699000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fb3bc2687c000007fb3bc2687c8 XMM02=00007fb3bc2687e000007fb3bc2687c0 XMM03=00007fb3bc2687c800007fb3bc2687c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000005 RBX=0000000000000001 RCX=ffffffff867e2de8 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000001 RBP=ffff88801688f970 RSP=ffff88801688f858 R8 =ffffffff867e2dec R9 =ffff88801688f958 R10=000000000003be53 R11=0000000000006cee R12=ffff88801688f978 R13=ffff88801688f960 R14=ffff88801688f918 R15=ffff88801688f918 RIP=ffffffff81359011 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557eddb400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe2353513a4 CR3=0000000044387000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000