Warning: Permanently added '[localhost]:45691' (ECDSA) to the list of known hosts. 2025/08/29 08:17:47 fuzzer started 2025/08/29 08:17:48 dialing manager at localhost:43077 syzkaller login: [ 51.404355] cgroup: Unknown subsys name 'net' [ 51.468173] cgroup: Unknown subsys name 'cpuset' [ 51.481193] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:17:59 syscalls: 2214 2025/08/29 08:17:59 code coverage: enabled 2025/08/29 08:17:59 comparison tracing: enabled 2025/08/29 08:17:59 extra coverage: enabled 2025/08/29 08:17:59 setuid sandbox: enabled 2025/08/29 08:17:59 namespace sandbox: enabled 2025/08/29 08:17:59 Android sandbox: enabled 2025/08/29 08:17:59 fault injection: enabled 2025/08/29 08:17:59 leak checking: enabled 2025/08/29 08:17:59 net packet injection: enabled 2025/08/29 08:17:59 net device setup: enabled 2025/08/29 08:17:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:17:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:17:59 USB emulation: enabled 2025/08/29 08:17:59 hci packet injection: enabled 2025/08/29 08:17:59 wifi device emulation: enabled 2025/08/29 08:17:59 802.15.4 emulation: enabled 2025/08/29 08:17:59 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:17:59 fetching corpus: 50, signal 29264/31891 (executing program) 2025/08/29 08:17:59 fetching corpus: 100, signal 36696/40159 (executing program) 2025/08/29 08:17:59 fetching corpus: 150, signal 43653/47615 (executing program) 2025/08/29 08:18:00 fetching corpus: 200, signal 49297/53570 (executing program) 2025/08/29 08:18:00 fetching corpus: 250, signal 55376/59693 (executing program) 2025/08/29 08:18:00 fetching corpus: 300, signal 59169/63729 (executing program) 2025/08/29 08:18:00 fetching corpus: 350, signal 63255/67653 (executing program) 2025/08/29 08:18:00 fetching corpus: 400, signal 65636/70140 (executing program) 2025/08/29 08:18:00 fetching corpus: 450, signal 69144/73353 (executing program) 2025/08/29 08:18:00 fetching corpus: 500, signal 71956/75880 (executing program) 2025/08/29 08:18:00 fetching corpus: 550, signal 74336/77964 (executing program) 2025/08/29 08:18:01 fetching corpus: 600, signal 78525/81255 (executing program) 2025/08/29 08:18:01 fetching corpus: 650, signal 81913/83761 (executing program) 2025/08/29 08:18:01 fetching corpus: 700, signal 83389/84954 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/85575 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/85664 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/85746 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/85838 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/85934 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86034 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86113 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86219 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86308 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86384 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86457 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86537 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86622 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86705 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86810 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86897 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/86995 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87075 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87158 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87243 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87340 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87418 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87504 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87600 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87690 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87777 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87864 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87932 (executing program) 2025/08/29 08:18:01 fetching corpus: 715, signal 84204/87932 (executing program) 2025/08/29 08:18:04 starting 8 fuzzer processes 08:18:04 executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) epoll_create1(0x0) 08:18:04 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe2ff, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 08:18:04 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) 08:18:04 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x801, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) close_range(r1, 0xffffffffffffffff, 0x0) 08:18:04 executing program 3: timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f0000000140), &(0x7f0000000180)={0x3}, &(0x7f00000001c0)={0x9}, 0x0, 0x0) [ 67.351383] audit: type=1400 audit(1756455484.327:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:18:04 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00', 0x300}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{0x80}, 'port0\x00'}) 08:18:04 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="6d706f6c3d64656661968b8d3d72656c61746976653a4e2d340c"]) 08:18:04 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0xc0189436, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x117, 0x0}) [ 68.646271] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.648653] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.651271] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.655227] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.659345] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.661268] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.663684] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.666727] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.689117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.697077] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.706621] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.710422] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.718375] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.723730] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.725698] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.771635] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.777613] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.779519] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.781394] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.785686] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.797130] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.797343] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.801286] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.802272] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.808964] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.814064] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.814163] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.819393] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.824929] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.826575] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.827810] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.837702] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.848369] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.856369] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.867938] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.869860] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.873195] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.874538] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.914223] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.919063] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.739503] Bluetooth: hci2: command tx timeout [ 70.739599] Bluetooth: hci0: command tx timeout [ 70.740098] Bluetooth: hci1: command tx timeout [ 70.866881] Bluetooth: hci6: command tx timeout [ 70.930858] Bluetooth: hci3: command tx timeout [ 70.931541] Bluetooth: hci4: command tx timeout [ 70.997068] Bluetooth: hci5: command tx timeout [ 70.997125] Bluetooth: hci7: command tx timeout [ 72.787390] Bluetooth: hci0: command tx timeout [ 72.788172] Bluetooth: hci2: command tx timeout [ 72.788266] Bluetooth: hci1: command tx timeout [ 72.914909] Bluetooth: hci6: command tx timeout [ 72.979946] Bluetooth: hci4: command tx timeout [ 72.981960] Bluetooth: hci3: command tx timeout [ 73.042914] Bluetooth: hci5: command tx timeout [ 73.043917] Bluetooth: hci7: command tx timeout [ 74.834836] Bluetooth: hci2: command tx timeout [ 74.835314] Bluetooth: hci0: command tx timeout [ 74.835705] Bluetooth: hci1: command tx timeout [ 74.962841] Bluetooth: hci6: command tx timeout [ 75.026864] Bluetooth: hci4: command tx timeout [ 75.027955] Bluetooth: hci3: command tx timeout [ 75.090848] Bluetooth: hci7: command tx timeout [ 75.091862] Bluetooth: hci5: command tx timeout [ 76.882848] Bluetooth: hci1: command tx timeout [ 76.882892] Bluetooth: hci0: command tx timeout [ 76.883310] Bluetooth: hci2: command tx timeout [ 77.011021] Bluetooth: hci6: command tx timeout [ 77.074953] Bluetooth: hci3: command tx timeout [ 77.075361] Bluetooth: hci4: command tx timeout [ 77.138931] Bluetooth: hci5: command tx timeout [ 77.138967] Bluetooth: hci7: command tx timeout [ 106.757493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.758934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.770325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.770966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.002240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.002875] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.134487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.135131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.238390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.239876] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.354403] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.355104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.669716] tmpfs: Bad value for 'mpol' [ 107.671566] tmpfs: Bad value for 'mpol' [ 107.701432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.702018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:18:44 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="6d706f6c3d64656661968b8d3d72656c61746976653a4e2d340c"]) [ 107.746964] audit: type=1400 audit(1756455524.718:8): avc: denied { open } for pid=3827 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 107.760460] tmpfs: Bad value for 'mpol' [ 107.761010] audit: type=1400 audit(1756455524.718:9): avc: denied { kernel } for pid=3827 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:18:44 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="6d706f6c3d64656661968b8d3d72656c61746976653a4e2d340c"]) [ 107.832010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.832639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.835763] tmpfs: Bad value for 'mpol' 08:18:44 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="6d706f6c3d64656661968b8d3d72656c61746976653a4e2d340c"]) 08:18:44 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00', 0x300}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{0x80}, 'port0\x00'}) [ 107.927560] tmpfs: Bad value for 'mpol' 08:18:44 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x801, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) close_range(r1, 0xffffffffffffffff, 0x0) 08:18:45 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x801, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) close_range(r1, 0xffffffffffffffff, 0x0) 08:18:45 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00', 0x300}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{0x80}, 'port0\x00'}) 08:18:45 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00', 0x300}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{0x80}, 'port0\x00'}) [ 108.252841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.253470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.350007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.350612] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.451215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.451951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.515552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.516494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.519923] audit: type=1400 audit(1756455525.495:10): avc: denied { write } for pid=3887 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.564177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.564976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.580366] syz-executor.7 (3888) used greatest stack depth: 23688 bytes left [ 108.625575] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.626500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.903562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.904420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.927494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.928084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:18:46 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x801, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) close_range(r1, 0xffffffffffffffff, 0x0) 08:18:46 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0xc0189436, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x117, 0x0}) 08:18:46 executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) epoll_create1(0x0) 08:18:46 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) 08:18:46 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x801, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) close_range(r1, 0xffffffffffffffff, 0x0) 08:18:46 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe2ff, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 08:18:46 executing program 5: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x801, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) close_range(r1, 0xffffffffffffffff, 0x0) 08:18:46 executing program 3: timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f0000000140), &(0x7f0000000180)={0x3}, &(0x7f00000001c0)={0x9}, 0x0, 0x0) 08:18:46 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0xc0189436, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x117, 0x0}) 08:18:46 executing program 3: timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f0000000140), &(0x7f0000000180)={0x3}, &(0x7f00000001c0)={0x9}, 0x0, 0x0) 08:18:46 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe2ff, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 08:18:46 executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) epoll_create1(0x0) 08:18:46 executing program 3: timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f0000000140), &(0x7f0000000180)={0x3}, &(0x7f00000001c0)={0x9}, 0x0, 0x0) 08:18:46 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0xc0189436, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x117, 0x0}) 08:18:46 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0xa0103) 08:18:46 executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) epoll_create1(0x0) [ 109.264417] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 109.265324] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 109.265995] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.270487] Tainted: [W]=WARN [ 109.270774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.271405] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.271784] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.273180] RSP: 0018:ffff888018ab7780 EFLAGS: 00010012 [ 109.273589] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 109.274134] RDX: ffff8880426e1b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 109.274681] RBP: ffff888018ab79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16b70 [ 109.275233] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.275780] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.276327] FS: 000055558e100400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 109.276967] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.277568] CR2: 0000001b2cf26000 CR3: 0000000041bff000 CR4: 0000000000350ef0 [ 109.278173] Call Trace: [ 109.278376] [ 109.278556] ? __ext4_journal_stop+0xe2/0x1f0 [ 109.278913] ? ext4_dirty_inode+0xf1/0x130 [ 109.279247] ? __mark_inode_dirty+0x1b7/0xd00 [ 109.279604] ? do_user_addr_fault+0x4fa/0xeb0 [ 109.279962] ? __pfx_perf_tp_event+0x10/0x10 [ 109.280311] ? lock_acquire+0x15e/0x2f0 [ 109.280626] ? __virt_addr_valid+0x1c6/0x5d0 [ 109.280992] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.281455] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.281915] ? __lock_acquire+0x694/0x1b70 [ 109.282246] ? __lock_acquire+0xc65/0x1b70 [ 109.282579] ? page_ref_add_unless.constprop.0+0x25/0x390 [ 109.283011] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.283402] perf_trace_run_bpf_submit+0xef/0x180 [ 109.283782] perf_trace_preemptirq_template+0x259/0x430 [ 109.284201] ? __pick_eevdf+0x100/0x570 [ 109.284513] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.284977] ? update_curr+0x39e/0x500 [ 109.285284] ? find_held_lock+0x2b/0x80 [ 109.285602] ? try_to_wake_up+0x8ae/0x11d0 [ 109.285940] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 109.286341] trace_irq_enable.constprop.0+0xa6/0x100 [ 109.286734] trace_hardirqs_on+0x26/0x40 [ 109.287057] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 109.287444] try_to_wake_up+0x8ae/0x11d0 [ 109.287766] ? __pfx_try_to_wake_up+0x10/0x10 [ 109.288122] ? plist_del+0x122/0x270 [ 109.288422] ? find_held_lock+0x2b/0x80 [ 109.288740] ? futex_wake+0x474/0x540 [ 109.289052] wake_up_q+0xa1/0x130 [ 109.289331] futex_wake+0x47e/0x540 [ 109.289624] ? __pfx_futex_wake+0x10/0x10 [ 109.289955] ? __handle_mm_fault+0x753/0x3260 [ 109.290313] ? __lock_acquire+0x694/0x1b70 [ 109.290646] do_futex+0x26d/0x370 [ 109.290922] ? __pfx_do_futex+0x10/0x10 [ 109.291234] ? find_held_lock+0x2b/0x80 [ 109.291551] __x64_sys_futex+0x1c9/0x4d0 [ 109.291870] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.292330] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.292691] do_syscall_64+0xbf/0x360 [ 109.292999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.293400] RIP: 0033:0x7f59ce240b19 [ 109.293688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.295078] RSP: 002b:00007ffc14a5d678 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.295662] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f59ce240b19 [ 109.296208] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f59ce353f68 [ 109.296754] RBP: 00007f59ce353f60 R08: 00007f59ce3500a0 R09: 0000000000000000 [ 109.297308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59ce358b50 [ 109.297860] R13: 00007ffc14a5d780 R14: 00007f59ce353f60 R15: 000000000001aa64 [ 109.298410] [ 109.298596] Modules linked in: [ 109.298849] ---[ end trace 0000000000000000 ]--- [ 109.299211] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.299579] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.300977] RSP: 0018:ffff888018ab7780 EFLAGS: 00010012 [ 109.301388] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 109.301936] RDX: ffff8880426e1b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 109.302484] RBP: ffff888018ab79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16b70 [ 109.303039] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.303584] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.304131] FS: 000055558e100400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 109.304744] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.305203] CR2: 0000001b2cf26000 CR3: 0000000041bff000 CR4: 0000000000350ef0 [ 109.305752] note: syz-executor.7[3950] exited with irqs disabled [ 109.306286] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 109.307149] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 109.307820] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.308738] Tainted: [D]=DIE, [W]=WARN [ 109.309050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.309682] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.310051] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.311444] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 109.311863] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 109.312415] RDX: ffff8880426e1b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 109.312980] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16b70 [ 109.313533] R10: 0000000000000000 R11: ffff88801896d498 R12: dffffc0000000000 [ 109.314085] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 109.314637] FS: 000055558e100400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 109.315256] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.315710] CR2: 0000001b2cf26000 CR3: 0000000041bff000 CR4: 0000000000350ef0 [ 109.316268] Call Trace: [ 109.316474] [ 109.316650] ? __pfx_perf_tp_event+0x10/0x10 [ 109.317013] ? trace_pelt_se_tp+0xdf/0x130 [ 109.317347] ? place_entity+0x1c/0x410 [ 109.317657] ? lock_acquire+0x18c/0x2f0 [ 109.317971] ? update_cfs_group+0x11d/0x260 [ 109.318311] ? lock_release+0x1c7/0x290 [ 109.318626] ? trace_softirq_raise+0xbe/0x100 [ 109.318995] ? run_posix_cpu_timers+0x160/0x7d0 [ 109.319364] ? __raise_softirq_irqoff+0x5f/0x90 [ 109.319728] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 109.320121] ? sched_balance_trigger+0x1ac/0xcb0 [ 109.320497] ? sched_tick+0x27c/0x6c0 [ 109.320803] ? do_raw_spin_lock+0x123/0x260 [ 109.321154] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 109.321527] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.321928] perf_trace_run_bpf_submit+0xef/0x180 [ 109.322312] perf_trace_preemptirq_template+0x259/0x430 [ 109.322734] ? read_tsc+0x9/0x20 [ 109.323011] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.323474] ? clockevents_program_event+0x135/0x360 [ 109.323876] ? tick_program_event+0xac/0x140 [ 109.324222] ? handle_softirqs+0x16e/0x770 [ 109.324559] trace_irq_enable.constprop.0+0xa6/0x100 [ 109.324962] trace_hardirqs_on+0x26/0x40 [ 109.325280] handle_softirqs+0x16e/0x770 [ 109.325607] __irq_exit_rcu+0xc4/0x100 [ 109.325920] irq_exit_rcu+0x9/0x20 [ 109.326201] sysvec_apic_timer_interrupt+0x70/0x80 [ 109.326592] [ 109.326772] [ 109.326953] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 109.327360] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 109.327730] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 109.329141] RSP: 0018:ffff888018ab7f28 EFLAGS: 00000246 [ 109.329553] RAX: 0000000000000001 RBX: ffff8880426e1b80 RCX: ffffffff817c2b86 [ 109.330103] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 109.330652] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 109.331208] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880426e1b80 [ 109.331757] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 109.332308] ? trace_irq_enable.constprop.0+0x26/0x100 [ 109.332714] ? make_task_dead+0x214/0x3b0 [ 109.333055] ? make_task_dead+0x214/0x3b0 [ 109.333382] ? do_syscall_64+0xbf/0x360 [ 109.333695] rewind_stack_and_make_dead+0x16/0x20 [ 109.334082] RIP: 0033:0x7f59ce240b19 [ 109.334372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.335769] RSP: 002b:00007ffc14a5d678 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.336355] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f59ce240b19 [ 109.336921] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f59ce353f68 [ 109.337471] RBP: 00007f59ce353f60 R08: 00007f59ce3500a0 R09: 0000000000000000 [ 109.338018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59ce358b50 [ 109.338566] R13: 00007ffc14a5d780 R14: 00007f59ce353f60 R15: 000000000001aa64 [ 109.339117] [ 109.339304] Modules linked in: [ 109.339561] ---[ end trace 0000000000000000 ]--- [ 109.339565] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 109.339925] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.340846] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 109.341208] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.341797] CPU: 1 UID: 0 PID: 214 Comm: kworker/1:3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.343173] RSP: 0018:ffff888018ab7780 EFLAGS: 00010012 [ 109.344064] Tainted: [D]=DIE, [W]=WARN [ 109.344469] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 109.344769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.345321] RDX: ffff8880426e1b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 109.345961] Workqueue: mld mld_ifc_work [ 109.346506] RBP: ffff888018ab79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16b70 [ 109.346818] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.347360] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.347730] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.348290] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.349744] RSP: 0018:ffff88800c7af400 EFLAGS: 00010012 [ 109.350301] FS: 000055558e100400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 109.350728] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 109.351352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.351913] RDX: ffff88801782b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 109.352369] CR2: 0000001b2cf26000 CR3: 0000000041bff000 CR4: 0000000000350ef0 [ 109.352949] RBP: ffff88800c7af670 R08: ffff88806cf31340 R09: ffffe8ffffd16b70 [ 109.353511] Kernel panic - not syncing: Fatal exception in interrupt [ 109.355025] Kernel Offset: disabled [ 109.355315] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:18:46 Registers: info registers vcpu 0 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888018ab70e0 R8 =0000000000000000 R9 =ffffed10016d0046 R10=0000000000000032 R11=552030203a555043 R12=0000000000000032 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558e100400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cf26000 CR3=0000000041bff000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f59ce3277c800007f59ce3277c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000050 RBX=ffff88800a558000 RCX=ffffffff82549146 RDX=0000000000010376 RSI=ffffffff82549154 RDI=0000000000000007 RBP=0000000000010376 RSP=ffff88800c7af348 R8 =0000000000000001 R9 =0000000000006d2c R10=0000000000010376 R11=0000000000000000 R12=0000000000010376 R13=ffffed10014ab001 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff82549158 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d127000 CR3=0000000040189000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11 XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000