Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:43701' (ECDSA) to the list of known hosts. 2025/08/29 10:35:22 fuzzer started 2025/08/29 10:35:22 dialing manager at localhost:43077 syzkaller login: [ 50.702662] cgroup: Unknown subsys name 'net' [ 50.760667] cgroup: Unknown subsys name 'cpuset' [ 50.775029] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:35:33 syscalls: 2214 2025/08/29 10:35:33 code coverage: enabled 2025/08/29 10:35:33 comparison tracing: enabled 2025/08/29 10:35:33 extra coverage: enabled 2025/08/29 10:35:33 setuid sandbox: enabled 2025/08/29 10:35:33 namespace sandbox: enabled 2025/08/29 10:35:33 Android sandbox: enabled 2025/08/29 10:35:33 fault injection: enabled 2025/08/29 10:35:33 leak checking: enabled 2025/08/29 10:35:33 net packet injection: enabled 2025/08/29 10:35:33 net device setup: enabled 2025/08/29 10:35:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:35:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:35:33 USB emulation: enabled 2025/08/29 10:35:33 hci packet injection: enabled 2025/08/29 10:35:33 wifi device emulation: enabled 2025/08/29 10:35:33 802.15.4 emulation: enabled 2025/08/29 10:35:33 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:35:33 fetching corpus: 50, signal 24467/27890 (executing program) 2025/08/29 10:35:33 fetching corpus: 100, signal 33574/38378 (executing program) 2025/08/29 10:35:33 fetching corpus: 150, signal 39639/45785 (executing program) 2025/08/29 10:35:33 fetching corpus: 200, signal 46367/53754 (executing program) 2025/08/29 10:35:33 fetching corpus: 250, signal 53354/61722 (executing program) 2025/08/29 10:35:33 fetching corpus: 300, signal 59020/68336 (executing program) 2025/08/29 10:35:33 fetching corpus: 350, signal 63163/73425 (executing program) 2025/08/29 10:35:33 fetching corpus: 400, signal 66793/77967 (executing program) 2025/08/29 10:35:34 fetching corpus: 450, signal 70985/82970 (executing program) 2025/08/29 10:35:34 fetching corpus: 500, signal 73696/86530 (executing program) 2025/08/29 10:35:34 fetching corpus: 550, signal 76090/89725 (executing program) 2025/08/29 10:35:34 fetching corpus: 600, signal 78950/93364 (executing program) 2025/08/29 10:35:34 fetching corpus: 650, signal 81303/96412 (executing program) 2025/08/29 10:35:34 fetching corpus: 700, signal 83293/99161 (executing program) 2025/08/29 10:35:34 fetching corpus: 750, signal 85922/102386 (executing program) 2025/08/29 10:35:34 fetching corpus: 800, signal 87987/105061 (executing program) 2025/08/29 10:35:34 fetching corpus: 850, signal 89889/107609 (executing program) 2025/08/29 10:35:34 fetching corpus: 900, signal 91124/109569 (executing program) 2025/08/29 10:35:35 fetching corpus: 950, signal 93926/112771 (executing program) 2025/08/29 10:35:35 fetching corpus: 1000, signal 95730/115086 (executing program) 2025/08/29 10:35:35 fetching corpus: 1050, signal 98157/117773 (executing program) 2025/08/29 10:35:35 fetching corpus: 1100, signal 99487/119657 (executing program) 2025/08/29 10:35:35 fetching corpus: 1150, signal 100896/121589 (executing program) 2025/08/29 10:35:35 fetching corpus: 1200, signal 102136/123430 (executing program) 2025/08/29 10:35:35 fetching corpus: 1250, signal 103463/125272 (executing program) 2025/08/29 10:35:36 fetching corpus: 1300, signal 105268/127353 (executing program) 2025/08/29 10:35:36 fetching corpus: 1350, signal 106509/129009 (executing program) 2025/08/29 10:35:36 fetching corpus: 1400, signal 107786/130726 (executing program) 2025/08/29 10:35:36 fetching corpus: 1450, signal 109002/132259 (executing program) 2025/08/29 10:35:36 fetching corpus: 1500, signal 110020/133690 (executing program) 2025/08/29 10:35:36 fetching corpus: 1550, signal 111726/135555 (executing program) 2025/08/29 10:35:36 fetching corpus: 1600, signal 113520/137464 (executing program) 2025/08/29 10:35:36 fetching corpus: 1650, signal 114406/138723 (executing program) 2025/08/29 10:35:36 fetching corpus: 1700, signal 116199/140563 (executing program) 2025/08/29 10:35:36 fetching corpus: 1750, signal 117097/141800 (executing program) 2025/08/29 10:35:37 fetching corpus: 1800, signal 118068/143075 (executing program) 2025/08/29 10:35:37 fetching corpus: 1850, signal 119014/144301 (executing program) 2025/08/29 10:35:37 fetching corpus: 1900, signal 120238/145661 (executing program) 2025/08/29 10:35:37 fetching corpus: 1950, signal 121204/146856 (executing program) 2025/08/29 10:35:37 fetching corpus: 2000, signal 121999/147931 (executing program) 2025/08/29 10:35:37 fetching corpus: 2050, signal 123005/149064 (executing program) 2025/08/29 10:35:37 fetching corpus: 2100, signal 123675/150046 (executing program) 2025/08/29 10:35:37 fetching corpus: 2150, signal 124679/151096 (executing program) 2025/08/29 10:35:37 fetching corpus: 2200, signal 125378/152037 (executing program) 2025/08/29 10:35:37 fetching corpus: 2250, signal 126669/153294 (executing program) 2025/08/29 10:35:37 fetching corpus: 2300, signal 127383/154220 (executing program) 2025/08/29 10:35:37 fetching corpus: 2350, signal 128141/155138 (executing program) 2025/08/29 10:35:38 fetching corpus: 2400, signal 129043/156091 (executing program) 2025/08/29 10:35:38 fetching corpus: 2450, signal 129924/157033 (executing program) 2025/08/29 10:35:38 fetching corpus: 2500, signal 130782/157922 (executing program) 2025/08/29 10:35:38 fetching corpus: 2550, signal 131658/158896 (executing program) 2025/08/29 10:35:38 fetching corpus: 2600, signal 133121/160049 (executing program) 2025/08/29 10:35:38 fetching corpus: 2650, signal 134058/160946 (executing program) 2025/08/29 10:35:38 fetching corpus: 2700, signal 135124/161871 (executing program) 2025/08/29 10:35:38 fetching corpus: 2750, signal 136032/162707 (executing program) 2025/08/29 10:35:38 fetching corpus: 2800, signal 136712/163412 (executing program) 2025/08/29 10:35:38 fetching corpus: 2850, signal 137562/164166 (executing program) 2025/08/29 10:35:39 fetching corpus: 2900, signal 138390/164863 (executing program) 2025/08/29 10:35:39 fetching corpus: 2950, signal 139551/165706 (executing program) 2025/08/29 10:35:39 fetching corpus: 3000, signal 140216/166328 (executing program) 2025/08/29 10:35:39 fetching corpus: 3050, signal 140710/166868 (executing program) 2025/08/29 10:35:39 fetching corpus: 3100, signal 141519/167491 (executing program) 2025/08/29 10:35:39 fetching corpus: 3150, signal 142132/168149 (executing program) 2025/08/29 10:35:39 fetching corpus: 3200, signal 142672/168745 (executing program) 2025/08/29 10:35:39 fetching corpus: 3249, signal 143178/169255 (executing program) 2025/08/29 10:35:39 fetching corpus: 3299, signal 143793/169801 (executing program) 2025/08/29 10:35:39 fetching corpus: 3349, signal 144368/170333 (executing program) 2025/08/29 10:35:40 fetching corpus: 3399, signal 146091/171089 (executing program) 2025/08/29 10:35:40 fetching corpus: 3449, signal 146560/171562 (executing program) 2025/08/29 10:35:40 fetching corpus: 3499, signal 147436/172086 (executing program) 2025/08/29 10:35:40 fetching corpus: 3549, signal 148016/172542 (executing program) 2025/08/29 10:35:40 fetching corpus: 3599, signal 148656/172990 (executing program) 2025/08/29 10:35:40 fetching corpus: 3649, signal 149292/173463 (executing program) 2025/08/29 10:35:40 fetching corpus: 3699, signal 149731/173845 (executing program) 2025/08/29 10:35:40 fetching corpus: 3749, signal 150627/174396 (executing program) 2025/08/29 10:35:40 fetching corpus: 3799, signal 151144/174754 (executing program) 2025/08/29 10:35:40 fetching corpus: 3849, signal 151537/175108 (executing program) 2025/08/29 10:35:41 fetching corpus: 3899, signal 152083/175456 (executing program) 2025/08/29 10:35:41 fetching corpus: 3949, signal 152866/175800 (executing program) 2025/08/29 10:35:41 fetching corpus: 3999, signal 153504/176143 (executing program) 2025/08/29 10:35:41 fetching corpus: 4049, signal 153954/176436 (executing program) 2025/08/29 10:35:41 fetching corpus: 4099, signal 154696/176822 (executing program) 2025/08/29 10:35:41 fetching corpus: 4149, signal 155255/177117 (executing program) 2025/08/29 10:35:41 fetching corpus: 4199, signal 155615/177382 (executing program) 2025/08/29 10:35:41 fetching corpus: 4249, signal 155973/177642 (executing program) 2025/08/29 10:35:41 fetching corpus: 4299, signal 156643/177713 (executing program) 2025/08/29 10:35:41 fetching corpus: 4349, signal 157071/177728 (executing program) 2025/08/29 10:35:42 fetching corpus: 4399, signal 157544/177729 (executing program) 2025/08/29 10:35:42 fetching corpus: 4449, signal 158256/177735 (executing program) 2025/08/29 10:35:42 fetching corpus: 4499, signal 158616/177770 (executing program) 2025/08/29 10:35:42 fetching corpus: 4549, signal 159008/177779 (executing program) 2025/08/29 10:35:42 fetching corpus: 4599, signal 159701/177796 (executing program) 2025/08/29 10:35:42 fetching corpus: 4649, signal 160020/177831 (executing program) 2025/08/29 10:35:42 fetching corpus: 4699, signal 160373/177841 (executing program) 2025/08/29 10:35:42 fetching corpus: 4749, signal 160752/177842 (executing program) 2025/08/29 10:35:42 fetching corpus: 4799, signal 161367/177847 (executing program) 2025/08/29 10:35:42 fetching corpus: 4849, signal 161932/177858 (executing program) 2025/08/29 10:35:42 fetching corpus: 4899, signal 162230/177863 (executing program) 2025/08/29 10:35:42 fetching corpus: 4949, signal 162505/177894 (executing program) 2025/08/29 10:35:43 fetching corpus: 4999, signal 163130/177901 (executing program) 2025/08/29 10:35:43 fetching corpus: 5049, signal 163657/177905 (executing program) 2025/08/29 10:35:43 fetching corpus: 5099, signal 163960/177922 (executing program) 2025/08/29 10:35:43 fetching corpus: 5149, signal 164402/177928 (executing program) 2025/08/29 10:35:43 fetching corpus: 5199, signal 164931/177935 (executing program) 2025/08/29 10:35:43 fetching corpus: 5249, signal 165507/177943 (executing program) 2025/08/29 10:35:43 fetching corpus: 5299, signal 165957/177962 (executing program) 2025/08/29 10:35:43 fetching corpus: 5349, signal 166220/177989 (executing program) 2025/08/29 10:35:43 fetching corpus: 5399, signal 166663/178018 (executing program) 2025/08/29 10:35:43 fetching corpus: 5449, signal 167162/178106 (executing program) 2025/08/29 10:35:43 fetching corpus: 5499, signal 167587/178107 (executing program) 2025/08/29 10:35:44 fetching corpus: 5549, signal 167881/178118 (executing program) 2025/08/29 10:35:44 fetching corpus: 5599, signal 168152/178121 (executing program) 2025/08/29 10:35:44 fetching corpus: 5649, signal 168421/178126 (executing program) 2025/08/29 10:35:44 fetching corpus: 5699, signal 168863/178152 (executing program) 2025/08/29 10:35:44 fetching corpus: 5749, signal 169262/178160 (executing program) 2025/08/29 10:35:44 fetching corpus: 5799, signal 169651/178171 (executing program) 2025/08/29 10:35:44 fetching corpus: 5849, signal 170108/178184 (executing program) 2025/08/29 10:35:44 fetching corpus: 5899, signal 170404/178193 (executing program) 2025/08/29 10:35:44 fetching corpus: 5949, signal 170698/178201 (executing program) 2025/08/29 10:35:44 fetching corpus: 5999, signal 171059/178256 (executing program) 2025/08/29 10:35:44 fetching corpus: 6049, signal 171562/178257 (executing program) 2025/08/29 10:35:45 fetching corpus: 6099, signal 171831/178268 (executing program) 2025/08/29 10:35:45 fetching corpus: 6149, signal 172252/178270 (executing program) 2025/08/29 10:35:45 fetching corpus: 6199, signal 172632/178274 (executing program) 2025/08/29 10:35:45 fetching corpus: 6249, signal 173031/178278 (executing program) 2025/08/29 10:35:45 fetching corpus: 6299, signal 173242/178297 (executing program) 2025/08/29 10:35:45 fetching corpus: 6349, signal 173559/178326 (executing program) 2025/08/29 10:35:45 fetching corpus: 6399, signal 173794/178329 (executing program) 2025/08/29 10:35:45 fetching corpus: 6449, signal 174371/178332 (executing program) 2025/08/29 10:35:45 fetching corpus: 6499, signal 174654/178336 (executing program) 2025/08/29 10:35:45 fetching corpus: 6549, signal 174878/178336 (executing program) 2025/08/29 10:35:46 fetching corpus: 6599, signal 175395/178367 (executing program) 2025/08/29 10:35:46 fetching corpus: 6649, signal 175624/178387 (executing program) 2025/08/29 10:35:46 fetching corpus: 6664, signal 175718/178387 (executing program) 2025/08/29 10:35:46 fetching corpus: 6664, signal 175718/178387 (executing program) 2025/08/29 10:35:48 starting 8 fuzzer processes 10:35:48 executing program 0: ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sync_file_range(0xffffffffffffffff, 0x0, 0xfffffffffffffeff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:35:48 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) tee(r0, 0xffffffffffffffff, 0x8, 0x0) 10:35:48 executing program 2: socket$inet(0x2, 0xa, 0x8) syz_emit_ethernet(0x8a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@end]}}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "20937c4ce6bf53324e3fd3ca2707a8092a2ff5d42eb31a661cc3cd6ea6d0133c", "c538df2eabede21c2be8aa0d3df877a7", {"fc0a2e74062eace7149ae53eb80191d1", "97a696bb38fed5ea32b2238a3fe9ac2f"}}}}}}}, 0x0) 10:35:48 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89b0, &(0x7f0000000cc0)={'wlan1\x00'}) 10:35:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff}) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 76.481211] audit: type=1400 audit(1756463748.476:7): avc: denied { execmem } for pid=272 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:35:48 executing program 4: syz_emit_ethernet(0x7f, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000010", 0x49, 0x3a, 0xff, @remote, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x7, "599d9e112609bc812a950591e92d3de17ad7352edb2e415af6a47a9a6d28721ddbb876b778207c183c221b7d14dba06f3083ff19d64d69"}]}}}}}}, 0x0) 10:35:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:35:48 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24084005) [ 77.589881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.592206] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.594625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.600796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.606095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.708175] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.710287] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.711966] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.716639] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.719514] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.740683] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.751077] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.759049] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.774680] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.778042] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.785475] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.788486] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.795480] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.797652] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.799791] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.801156] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.802612] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.804996] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.806343] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.806565] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.810318] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.811787] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.819071] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.822696] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.824117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.832247] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.833436] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.837413] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.839244] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.861429] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.871224] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.889441] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.898895] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.914918] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.919072] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.684384] Bluetooth: hci0: command tx timeout [ 79.747908] Bluetooth: hci1: command tx timeout [ 79.811900] Bluetooth: hci2: command tx timeout [ 79.874849] Bluetooth: hci4: command tx timeout [ 79.938837] Bluetooth: hci3: command tx timeout [ 79.939618] Bluetooth: hci5: command tx timeout [ 79.940602] Bluetooth: hci6: command tx timeout [ 80.003852] Bluetooth: hci7: command tx timeout [ 81.732942] Bluetooth: hci0: command tx timeout [ 81.795812] Bluetooth: hci1: command tx timeout [ 81.859911] Bluetooth: hci2: command tx timeout [ 81.924012] Bluetooth: hci4: command tx timeout [ 81.986986] Bluetooth: hci6: command tx timeout [ 81.987396] Bluetooth: hci5: command tx timeout [ 81.987851] Bluetooth: hci3: command tx timeout [ 82.051806] Bluetooth: hci7: command tx timeout [ 83.780790] Bluetooth: hci0: command tx timeout [ 83.842922] Bluetooth: hci1: command tx timeout [ 83.906967] Bluetooth: hci2: command tx timeout [ 83.971776] Bluetooth: hci4: command tx timeout [ 84.034963] Bluetooth: hci5: command tx timeout [ 84.035094] Bluetooth: hci3: command tx timeout [ 84.035368] Bluetooth: hci6: command tx timeout [ 84.098787] Bluetooth: hci7: command tx timeout [ 85.828842] Bluetooth: hci0: command tx timeout [ 85.891899] Bluetooth: hci1: command tx timeout [ 85.954795] Bluetooth: hci2: command tx timeout [ 86.018838] Bluetooth: hci4: command tx timeout [ 86.084520] Bluetooth: hci3: command tx timeout [ 86.084545] Bluetooth: hci5: command tx timeout [ 86.084942] Bluetooth: hci6: command tx timeout [ 86.147911] Bluetooth: hci7: command tx timeout [ 113.547698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.548402] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.741263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.741908] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:36:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff}) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 114.252405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.253227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:36:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff}) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 114.349438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.350106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:36:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff}) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 10:36:26 executing program 3: unshare(0x40000000) 10:36:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89b0, &(0x7f0000000cc0)={'wlan1\x00'}) 10:36:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89b0, &(0x7f0000000cc0)={'wlan1\x00'}) 10:36:26 executing program 3: unshare(0x40000000) 10:36:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89b0, &(0x7f0000000cc0)={'wlan1\x00'}) [ 115.058152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.058812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.146560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.147182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.518076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.518723] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.659805] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.660413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.838414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.839158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.961878] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) [ 116.000868] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.001493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.364660] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.365787] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.411976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.412633] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.443194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.443827] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.496950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.497585] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.530820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.531442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.578619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.579297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.624777] audit: type=1400 audit(1756463788.617:8): avc: denied { open } for pid=3906 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.626537] audit: type=1400 audit(1756463788.617:9): avc: denied { kernel } for pid=3906 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:36:28 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:36:28 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) tee(r0, 0xffffffffffffffff, 0x8, 0x0) 10:36:28 executing program 3: unshare(0x40000000) 10:36:28 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) 10:36:28 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24084005) 10:36:28 executing program 2: socket$inet(0x2, 0xa, 0x8) syz_emit_ethernet(0x8a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@end]}}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "20937c4ce6bf53324e3fd3ca2707a8092a2ff5d42eb31a661cc3cd6ea6d0133c", "c538df2eabede21c2be8aa0d3df877a7", {"fc0a2e74062eace7149ae53eb80191d1", "97a696bb38fed5ea32b2238a3fe9ac2f"}}}}}}}, 0x0) 10:36:28 executing program 4: syz_emit_ethernet(0x7f, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000010", 0x49, 0x3a, 0xff, @remote, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x7, "599d9e112609bc812a950591e92d3de17ad7352edb2e415af6a47a9a6d28721ddbb876b778207c183c221b7d14dba06f3083ff19d64d69"}]}}}}}}, 0x0) 10:36:28 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:36:28 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24084005) [ 116.844860] audit: type=1400 audit(1756463788.837:10): avc: denied { write } for pid=3919 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:36:28 executing program 2: socket$inet(0x2, 0xa, 0x8) syz_emit_ethernet(0x8a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@end]}}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "20937c4ce6bf53324e3fd3ca2707a8092a2ff5d42eb31a661cc3cd6ea6d0133c", "c538df2eabede21c2be8aa0d3df877a7", {"fc0a2e74062eace7149ae53eb80191d1", "97a696bb38fed5ea32b2238a3fe9ac2f"}}}}}}}, 0x0) 10:36:28 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) tee(r0, 0xffffffffffffffff, 0x8, 0x0) 10:36:28 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:36:28 executing program 4: syz_emit_ethernet(0x7f, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000010", 0x49, 0x3a, 0xff, @remote, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x7, "599d9e112609bc812a950591e92d3de17ad7352edb2e415af6a47a9a6d28721ddbb876b778207c183c221b7d14dba06f3083ff19d64d69"}]}}}}}}, 0x0) 10:36:28 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) 10:36:29 executing program 2: socket$inet(0x2, 0xa, 0x8) syz_emit_ethernet(0x8a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev, {[@end]}}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "20937c4ce6bf53324e3fd3ca2707a8092a2ff5d42eb31a661cc3cd6ea6d0133c", "c538df2eabede21c2be8aa0d3df877a7", {"fc0a2e74062eace7149ae53eb80191d1", "97a696bb38fed5ea32b2238a3fe9ac2f"}}}}}}}, 0x0) 10:36:29 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24084005) 10:36:29 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) tee(r0, 0xffffffffffffffff, 0x8, 0x0) 10:36:29 executing program 3: unshare(0x40000000) 10:36:29 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:36:29 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:36:29 executing program 4: syz_emit_ethernet(0x7f, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000010", 0x49, 0x3a, 0xff, @remote, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x7, "599d9e112609bc812a950591e92d3de17ad7352edb2e415af6a47a9a6d28721ddbb876b778207c183c221b7d14dba06f3083ff19d64d69"}]}}}}}}, 0x0) 10:36:29 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) 10:36:29 executing program 6: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {0x0}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb03000000130000002300", 0x2a, 0x7e0}, {&(0x7f0000010160)="ffff05000c000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e", 0x416, 0xc00}, {&(0x7f0000010ce0)="00000000000000000000000000000000000000000000000000000000c99b0000ed410000000400009f09c75f9f09c75f9f09c75f00000000000003000200000000000800000000000af301000400000000000000000000000100000004", 0x5d, 0x8c60}, {0x0}], 0x0, &(0x7f0000000780)) getdents(r0, &(0x7f0000000040)=""/25, 0x19) [ 117.083975] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 117.084883] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 117.085486] CPU: 0 UID: 0 PID: 3953 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.086728] Tainted: [W]=WARN [ 117.087276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.089142] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.090106] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.094006] RSP: 0018:ffff888046cd7800 EFLAGS: 00010212 [ 117.095086] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000b043000 [ 117.095646] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.096210] RBP: ffff888046cd7a70 R08: ffff88806ce31340 R09: ffffe8ffffc160f8 [ 117.096767] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.097326] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.097881] FS: 00007fc7ca536700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.098508] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.098981] CR2: 00007fc7cd0d4018 CR3: 0000000046c2a000 CR4: 0000000000350ef0 [ 117.099540] Call Trace: [ 117.099747] [ 117.099934] ? __netif_receive_skb_one_core+0x135/0x1e0 [ 117.100363] ? __pfx_perf_tp_event+0x10/0x10 [ 117.100720] ? find_held_lock+0x2b/0x80 [ 117.101046] ? netif_receive_skb+0x150/0x720 [ 117.101407] ? lock_release+0xc8/0x290 [ 117.101723] ? netif_receive_skb+0x1ae/0x720 [ 117.102077] ? __pfx_netif_receive_skb+0x10/0x10 [ 117.102464] ? perf_trace_lock+0xb5/0x5d0 [ 117.102815] ? tun_rx_batched.isra.0+0x472/0x710 [ 117.103203] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.103568] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 117.103977] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.104375] perf_trace_run_bpf_submit+0xef/0x180 [ 117.104769] perf_trace_lock+0x337/0x5d0 [ 117.105100] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.105471] ? lock_acquire+0x15e/0x2f0 [ 117.105789] ? futex_ref_get+0x48/0x300 [ 117.106104] ? futex_ref_get+0x114/0x300 [ 117.106433] ? futex_hash+0x15c/0x390 [ 117.106753] lock_release+0x1ab/0x290 [ 117.107064] ? futex_hash+0x15c/0x390 [ 117.107366] futex_ref_get+0x119/0x300 [ 117.107675] ? futex_hash+0x15c/0x390 [ 117.107978] futex_hash+0x70/0x390 [ 117.108264] futex_wake+0x143/0x540 [ 117.108563] ? lock_is_held_type+0x9e/0x120 [ 117.108911] ? __pfx_futex_wake+0x10/0x10 [ 117.109252] ? vfs_write+0x169/0x1150 [ 117.109561] do_futex+0x26d/0x370 [ 117.109844] ? __pfx_do_futex+0x10/0x10 [ 117.110167] __x64_sys_futex+0x1c9/0x4d0 [ 117.110493] ? fput+0x6a/0x100 [ 117.110780] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.111146] ? ksys_write+0x1a3/0x240 [ 117.111456] ? __pfx_ksys_write+0x10/0x10 [ 117.111783] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.112198] do_syscall_64+0xbf/0x360 [ 117.112506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.112911] RIP: 0033:0x7fc7ccfc0b19 [ 117.113208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.114621] RSP: 002b:00007fc7ca536218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.115212] RAX: ffffffffffffffda RBX: 00007fc7cd0d3f68 RCX: 00007fc7ccfc0b19 [ 117.115764] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7cd0d3f6c [ 117.116317] RBP: 00007fc7cd0d3f60 R08: 000000000000000e R09: 0000000000000000 [ 117.116870] R10: 000000000000007f R11: 0000000000000246 R12: 00007fc7cd0d3f6c [ 117.117426] R13: 00007ffe1cbaadcf R14: 00007fc7ca536300 R15: 0000000000022000 [ 117.117992] [ 117.118179] Modules linked in: [ 117.118524] ---[ end trace 0000000000000000 ]--- [ 117.118941] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.119313] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.120758] RSP: 0018:ffff888046cd7800 EFLAGS: 00010212 [ 117.121175] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000b043000 [ 117.121732] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.122302] RBP: ffff888046cd7a70 R08: ffff88806ce31340 R09: ffffe8ffffc160f8 [ 117.122914] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.123475] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.124068] FS: 00007fc7ca536700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.124712] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.125197] CR2: 00007fc7cd0d4018 CR3: 0000000046c2a000 CR4: 0000000000350ef0 [ 117.125787] note: syz-executor.4[3953] exited with preempt_count 1 [ 117.126292] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 117.127016] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3953, name: syz-executor.4 [ 117.127677] preempt_count: 0, expected: 0 [ 117.128009] RCU nest depth: 2, expected: 0 [ 117.128339] INFO: lockdep is turned off. [ 117.128659] CPU: 0 UID: 0 PID: 3953 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.128677] Tainted: [D]=DIE, [W]=WARN [ 117.128681] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.128687] Call Trace: [ 117.128691] [ 117.128695] dump_stack_lvl+0xfa/0x120 [ 117.128715] __might_resched+0x2f3/0x510 [ 117.128729] exit_signals+0x25/0x940 [ 117.128750] do_exit+0x2db/0x2970 [ 117.128764] ? _printk+0xbe/0xf0 [ 117.128776] ? __pfx__printk+0x10/0x10 [ 117.128788] ? fput+0x6a/0x100 [ 117.128802] ? __pfx_do_exit+0x10/0x10 [ 117.128814] ? __pfx_ksys_write+0x10/0x10 [ 117.128827] make_task_dead+0x174/0x3b0 [ 117.128839] ? do_syscall_64+0xbf/0x360 [ 117.128849] rewind_stack_and_make_dead+0x16/0x20 [ 117.128864] RIP: 0033:0x7fc7ccfc0b19 [ 117.128872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.128882] RSP: 002b:00007fc7ca536218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.128893] RAX: ffffffffffffffda RBX: 00007fc7cd0d3f68 RCX: 00007fc7ccfc0b19 [ 117.128901] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7cd0d3f6c [ 117.128908] RBP: 00007fc7cd0d3f60 R08: 000000000000000e R09: 0000000000000000 [ 117.128915] R10: 000000000000007f R11: 0000000000000246 R12: 00007fc7cd0d3f6c [ 117.128922] R13: 00007ffe1cbaadcf R14: 00007fc7ca536300 R15: 0000000000022000 [ 117.128932] [ 117.140540] kmemleak: Found object by alias at 0x607f1a6390fc [ 117.140551] CPU: 0 UID: 0 PID: 3944 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.140568] Tainted: [D]=DIE, [W]=WARN [ 117.140572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.140578] Call Trace: [ 117.140581] [ 117.140585] dump_stack_lvl+0xca/0x120 [ 117.140602] __lookup_object+0x94/0xb0 [ 117.140616] delete_object_full+0x27/0x70 [ 117.140631] free_percpu+0x30/0x1160 [ 117.140647] ? arch_uprobe_clear_state+0x16/0x140 [ 117.140664] futex_hash_free+0x38/0xc0 [ 117.140676] mmput+0x2d3/0x390 [ 117.140693] do_exit+0x79d/0x2970 [ 117.140706] ? __pfx_do_exit+0x10/0x10 [ 117.140719] ? find_held_lock+0x2b/0x80 [ 117.140739] ? get_signal+0x835/0x2340 [ 117.140756] do_group_exit+0xd3/0x2a0 [ 117.140769] get_signal+0x2315/0x2340 [ 117.140785] ? put_task_stack+0xd2/0x240 [ 117.140797] ? __pfx_get_signal+0x10/0x10 [ 117.140814] ? __schedule+0xe91/0x3590 [ 117.140830] arch_do_signal_or_restart+0x80/0x790 [ 117.140847] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.140863] ? __x64_sys_futex+0x1c9/0x4d0 [ 117.140876] ? __x64_sys_futex+0x1d2/0x4d0 [ 117.140889] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.140905] exit_to_user_mode_loop+0x8b/0x110 [ 117.140918] do_syscall_64+0x2f7/0x360 [ 117.140928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.140939] RIP: 0033:0x7f2535d7bb19 [ 117.140948] Code: Unable to access opcode bytes at 0x7f2535d7baef. [ 117.140953] RSP: 002b:00007f25332f1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.140963] RAX: 0000000000000001 RBX: 00007f2535e8ef68 RCX: 00007f2535d7bb19 [ 117.140971] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2535e8ef6c [ 117.140978] RBP: 00007f2535e8ef60 R08: 000000000000000e R09: 0000000000000000 [ 117.140986] R10: 0000000000000014 R11: 0000000000000246 R12: 00007f2535e8ef6c [ 117.140993] R13: 00007fffc58fe52f R14: 00007f25332f1300 R15: 0000000000022000 [ 117.141004] [ 117.141008] kmemleak: Object (percpu) 0x607f1a6390f8 (size 8): [ 117.141016] kmemleak: comm "syz-executor.7", pid 3955, jiffies 4294783704 [ 117.141024] kmemleak: min_count = 1 [ 117.141028] kmemleak: count = 0 [ 117.141032] kmemleak: flags = 0x21 [ 117.141036] kmemleak: checksum = 0 [ 117.141040] kmemleak: backtrace: [ 117.141045] pcpu_alloc_noprof+0x87a/0x1170 [ 117.141060] perf_trace_event_init+0x366/0xa10 [ 117.141074] perf_trace_init+0x1a4/0x2f0 [ 117.141086] perf_tp_event_init+0xa6/0x120 [ 117.141102] perf_try_init_event+0x140/0x9f0 [ 117.141116] perf_event_alloc.part.0+0x118e/0x45f0 [ 117.141133] __do_sys_perf_event_open+0x719/0x2c20 [ 117.141145] do_syscall_64+0xbf/0x360 [ 117.141154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.173675] kmemleak: Cannot insert 0x607f1a6390fc into the object search tree (overlaps existing) [ 117.173689] CPU: 0 UID: 0 PID: 3949 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.173709] Tainted: [D]=DIE, [W]=WARN [ 117.173714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.173723] Call Trace: [ 117.173726] [ 117.173730] dump_stack_lvl+0xca/0x120 [ 117.173754] __link_object+0x190/0x210 [ 117.173770] __create_object+0x48/0x80 [ 117.173787] pcpu_alloc_noprof+0x87a/0x1170 [ 117.173806] alloc_netdev_mqs+0x131/0x1360 [ 117.173821] ? __pfx_ipip6_tunnel_setup+0x10/0x10 [ 117.173842] sit_init_net+0x19e/0x630 [ 117.173854] ? __pfx_sit_init_net+0x10/0x10 [ 117.173864] ops_init+0x1e1/0x650 [ 117.173883] setup_net+0x10d/0x320 [ 117.173900] ? lockdep_init_map_type+0x4b/0x240 [ 117.173913] ? __pfx_setup_net+0x10/0x10 [ 117.173932] ? debug_mutex_init+0x37/0x70 [ 117.173950] copy_net_ns+0x2e3/0x650 [ 117.173962] create_new_namespaces+0x3f6/0xab0 [ 117.173982] unshare_nsproxy_namespaces+0xc0/0x200 [ 117.174001] ksys_unshare+0x468/0xa10 [ 117.174014] ? __pfx_ksys_unshare+0x10/0x10 [ 117.174027] ? lock_release+0xc8/0x290 [ 117.174042] __x64_sys_unshare+0x31/0x40 [ 117.174054] do_syscall_64+0xbf/0x360 [ 117.174065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.174077] RIP: 0033:0x7f43c4e99b19 [ 117.174085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.174096] RSP: 002b:00007f43c240f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 117.174108] RAX: ffffffffffffffda RBX: 00007f43c4facf60 RCX: 00007f43c4e99b19 [ 117.174115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 117.174122] RBP: 00007f43c4ef3f6d R08: 0000000000000000 R09: 0000000000000000 [ 117.174130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.174137] R13: 00007ffc320e709f R14: 00007f43c240f300 R15: 0000000000022000 [ 117.174148] [ 117.174156] kmemleak: Kernel memory leak detector disabled [ 117.174160] kmemleak: Object (percpu) 0x607f1a6390f8 (size 8): [ 117.174166] kmemleak: comm "syz-executor.7", pid 3955, jiffies 4294783704 [ 117.174174] kmemleak: min_count = 1 [ 117.174177] kmemleak: count = 0 [ 117.174181] kmemleak: flags = 0x21 [ 117.174185] kmemleak: checksum = 0 [ 117.174189] kmemleak: backtrace: [ 117.174192] pcpu_alloc_noprof+0x87a/0x1170 [ 117.174207] perf_trace_event_init+0x366/0xa10 [ 117.174220] perf_trace_init+0x1a4/0x2f0 [ 117.174232] perf_tp_event_init+0xa6/0x120 [ 117.174247] perf_try_init_event+0x140/0x9f0 [ 117.174260] perf_event_alloc.part.0+0x118e/0x45f0 [ 117.174277] __do_sys_perf_event_open+0x719/0x2c20 [ 117.174290] do_syscall_64+0xbf/0x360 [ 117.174298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.195694] loop6: detected capacity change from 0 to 140 [ 117.198067] Oops: general protection fault, probably for non-canonical address 0xf8001bfff110011a: 0000 [#2] SMP KASAN NOPTI [ 117.198960] KASAN: maybe wild-memory-access in range [0xc000ffff888008d0-0xc000ffff888008d7] [ 117.199617] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.200542] Tainted: [D]=DIE, [W]=WARN [ 117.200843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.201476] RIP: 0010:do_raw_spin_lock+0x5e/0x260 [ 117.201860] Code: ee 74 74 85 48 c1 ed 03 48 c7 44 24 18 00 20 52 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 65 48 8b 0d 9b 0f 32 06 48 89 4c 24 60 31 c9 [ 117.203283] RSP: 0018:ffff88800db97338 EFLAGS: 00010012 [ 117.203697] RAX: dffffc0000000000 RBX: c000ffff888008cd RCX: 0000000000000000 [ 117.204250] RDX: 18001ffff110011a RSI: 0000000000000000 RDI: c000ffff888008d1 [ 117.204805] RBP: 1ffff11001b72e68 R08: 0000000000000001 R09: 0000000000000000 [ 117.205363] R10: ffff888008cd5003 R11: ffff8880168bb210 R12: dffffc0000000000 [ 117.205916] R13: ffff888008cd5000 R14: 0000000000000000 R15: ffff88804632c000 [ 117.206471] FS: 00007f2bd00b8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.207115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.207571] CR2: 00007f2bd00b9000 CR3: 0000000046bad000 CR4: 0000000000350ef0 [ 117.208127] Call Trace: [ 117.208332] [ 117.208514] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.208888] ? lock_release+0x1c7/0x290 [ 117.209208] __queue_work+0xb6e/0x1240 [ 117.209525] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.209899] queue_work_on+0xd0/0xe0 [ 117.210201] loop_queue_rq+0x5c8/0x1180 [ 117.210523] __blk_mq_issue_directly+0xd5/0x260 [ 117.210916] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 117.211329] ? blk_mq_put_tag+0x131/0x160 [ 117.211658] blk_mq_request_issue_directly+0x11c/0x1e0 [ 117.212066] blk_mq_issue_direct+0x192/0x640 [ 117.212415] ? __blk_mq_alloc_requests+0xa16/0x15a0 [ 117.212814] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 117.213230] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 117.213593] ? read_tsc+0x9/0x20 [ 117.213870] ? ktime_get+0x16d/0x270 [ 117.214170] ? trace_block_plug+0x149/0x1b0 [ 117.214514] ? blk_add_rq_to_plug+0x234/0x550 [ 117.214889] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 117.215292] ? blk_mq_submit_bio+0x4fd/0x2220 [ 117.215649] __blk_flush_plug+0x25c/0x460 [ 117.215979] ? __pfx___blk_flush_plug+0x10/0x10 [ 117.216344] ? __pfx_css_rstat_updated+0x10/0x10 [ 117.216724] ? lock_release+0x1c7/0x290 [ 117.217043] __submit_bio+0x480/0x5b0 [ 117.217345] ? __pfx___submit_bio+0x10/0x10 [ 117.217683] ? lock_acquire+0x18c/0x2f0 [ 117.218000] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.218411] ? read_tsc+0x9/0x20 [ 117.218703] ? ktime_get+0x16d/0x270 [ 117.219002] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 117.219387] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 117.219811] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 117.220185] ? lock_release+0x1c7/0x290 [ 117.220503] submit_bio_noacct+0x359/0x1350 [ 117.220841] ? __pfx_end_buffer_read_sync+0x10/0x10 [ 117.221234] ext4_read_bh_nowait+0x156/0x240 [ 117.221584] ext4_sb_breadahead_unmovable+0xb5/0xf0 [ 117.221980] ext4_fill_super+0x4f39/0xba20 [ 117.222318] ? snprintf+0xbe/0x100 [ 117.222623] ? __pfx_ext4_fill_super+0x10/0x10 [ 117.222992] ? do_raw_spin_lock+0x123/0x260 [ 117.223334] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.223706] ? set_blocksize+0x1b4/0x470 [ 117.224030] ? lock_release+0x1c7/0x290 [ 117.224347] ? sb_set_blocksize+0x177/0x1c0 [ 117.224684] ? setup_bdev_super+0x31f/0x6e0 [ 117.225032] get_tree_bdev_flags+0x38a/0x620 [ 117.225380] ? __pfx_ext4_fill_super+0x10/0x10 [ 117.225749] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 117.226136] ? cap_capable+0xdb/0x3b0 [ 117.226442] ? security_capable+0x2f/0x90 [ 117.226791] vfs_get_tree+0x93/0x340 [ 117.227093] path_mount+0x132d/0x1dd0 [ 117.227412] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.227822] ? __pfx_path_mount+0x10/0x10 [ 117.228149] ? kmem_cache_free+0x2a1/0x540 [ 117.228482] ? putname.part.0+0x11b/0x160 [ 117.228814] ? getname_flags.part.0+0x1c6/0x540 [ 117.229186] ? putname.part.0+0x11b/0x160 [ 117.229517] __x64_sys_mount+0x27b/0x300 [ 117.229841] ? __pfx___x64_sys_mount+0x10/0x10 [ 117.230207] do_syscall_64+0xbf/0x360 [ 117.230509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.230938] RIP: 0033:0x7f2bd2b4404a [ 117.231230] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.232638] RSP: 002b:00007f2bd00b7fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 117.233228] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f2bd2b4404a [ 117.233782] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2bd00b8000 [ 117.234340] RBP: 00007f2bd00b8040 R08: 00007f2bd00b8040 R09: 0000000020000000 [ 117.234918] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 117.235472] R13: 0000000020000100 R14: 00007f2bd00b8000 R15: 0000000020000780 [ 117.236028] [ 117.236213] Modules linked in: [ 117.236471] ---[ end trace 0000000000000000 ]--- [ 117.236840] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.237211] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.238631] RSP: 0018:ffff888046cd7800 EFLAGS: 00010212 [ 117.239053] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000b043000 [ 117.239606] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.240162] RBP: ffff888046cd7a70 R08: ffff88806ce31340 R09: ffffe8ffffc160f8 [ 117.240715] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.241269] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.241825] FS: 00007f2bd00b8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.242452] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.242928] CR2: 00007f2bd00b9000 CR3: 0000000046bad000 CR4: 0000000000350ef0 [ 117.243486] note: syz-executor.6[3958] exited with irqs disabled [ 117.244046] note: syz-executor.6[3958] exited with preempt_count 2 [ 117.244554] ------------[ cut here ]------------ [ 117.245005] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.6/3958 [ 117.245668] Modules linked in: [ 117.245952] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.246949] Tainted: [D]=DIE, [W]=WARN [ 117.247267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.247957] RIP: 0010:do_exit+0x1c36/0x2970 [ 117.248321] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 bf a4 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 ab a4 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 9d a4 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 117.249801] RSP: 0018:ffff88800db97e40 EFLAGS: 00010246 [ 117.250236] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc90006a20000 [ 117.250845] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff88800ae4ad68 [ 117.251426] RBP: ffff88800ae49b80 R08: 0000000000000001 R09: fffffbfff0f11cd8 [ 117.252023] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 117.252604] R13: 0000000000002710 R14: f8001bfff110011a R15: 0000000000000000 [ 117.253208] FS: 00007f2bd00b8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.253886] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.254357] CR2: 00007f2bd00b9000 CR3: 0000000046bad000 CR4: 0000000000350ef0 [ 117.254979] Call Trace: [ 117.255195] [ 117.255383] ? _printk+0xbe/0xf0 [ 117.255672] ? __pfx__printk+0x10/0x10 [ 117.256019] ? __pfx_do_exit+0x10/0x10 [ 117.256353] make_task_dead+0x174/0x3b0 [ 117.256691] ? do_syscall_64+0xbf/0x360 [ 117.257045] rewind_stack_and_make_dead+0x16/0x20 [ 117.257452] RIP: 0033:0x7f2bd2b4404a [ 117.257786] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.259285] RSP: 002b:00007f2bd00b7fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 117.259920] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f2bd2b4404a [ 117.260498] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2bd00b8000 [ 117.261098] RBP: 00007f2bd00b8040 R08: 00007f2bd00b8040 R09: 0000000020000000 [ 117.261678] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 117.262275] R13: 0000000020000100 R14: 00007f2bd00b8000 R15: 0000000020000780 [ 117.262890] [ 117.263089] irq event stamp: 0 [ 117.263350] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 117.263880] hardirqs last disabled at (0): [] copy_process+0x1e08/0x73c0 [ 117.264554] softirqs last enabled at (0): [] copy_process+0x1e58/0x73c0 [ 117.265522] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 117.266321] ---[ end trace 0000000000000000 ]--- [ 117.486951] kmemleak: Automatic memory scanning thread ended 10:36:30 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c010000190001000000000000000000ac1414aa000000000000000000000000ac1e000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000840005"], 0x13c}}, 0x0) 10:36:30 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r1) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x309, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 10:36:30 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000100)=@ethtool_per_queue_op={0x4b, 0xf}}) 10:36:30 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) 10:36:30 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x99) 10:36:30 executing program 3: mlock(&(0x7f0000873000/0x4000)=nil, 0x4000) pkey_mprotect(&(0x7f0000871000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000876000/0x3000)=nil, 0x3000, 0x0) mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) 10:36:30 executing program 6: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {0x0}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb03000000130000002300", 0x2a, 0x7e0}, {&(0x7f0000010160)="ffff05000c000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e", 0x416, 0xc00}, {&(0x7f0000010ce0)="00000000000000000000000000000000000000000000000000000000c99b0000ed410000000400009f09c75f9f09c75f9f09c75f00000000000003000200000000000800000000000af301000400000000000000000000000100000004", 0x5d, 0x8c60}, {0x0}], 0x0, &(0x7f0000000780)) getdents(r0, &(0x7f0000000040)=""/25, 0x19) 10:36:30 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) [ 118.088351] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 118.089914] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 118.090930] CPU: 1 UID: 0 PID: 3970 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.092507] Tainted: [D]=DIE, [W]=WARN [ 118.093017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.094108] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.094764] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.097160] RSP: 0018:ffff88801ecb7780 EFLAGS: 00010012 [ 118.097862] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 118.098828] RDX: ffff8880167c9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.099776] RBP: ffff88801ecb79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16910 [ 118.100731] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 118.101691] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.102761] FS: 0000555586d49400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.103810] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.104577] CR2: 00007f2bd2c52000 CR3: 000000001f733000 CR4: 0000000000350ef0 [ 118.105520] Call Trace: [ 118.105869] [ 118.106182] ? __pfx_perf_tp_event+0x10/0x10 [ 118.106791] ? trace_mm_page_alloc+0xfc/0x150 [ 118.107392] ? __alloc_frozen_pages_noprof+0x296/0x1f20 [ 118.108106] ? xas_set_mark+0x127/0x2f0 [ 118.108648] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 118.109389] ? css_rstat_updated+0x1b8/0x4d0 [ 118.109983] ? __pfx_css_rstat_updated+0x10/0x10 [ 118.110636] ? trace_pelt_se_tp+0xdf/0x130 [ 118.111203] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.111871] perf_trace_run_bpf_submit+0xef/0x180 [ 118.112519] perf_trace_preemptirq_template+0x259/0x430 [ 118.113238] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.114015] ? check_preempt_wakeup_fair+0x406/0x950 [ 118.114700] ? wakeup_preempt+0x140/0x2a0 [ 118.115255] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 118.115927] trace_irq_enable.constprop.0+0xa6/0x100 [ 118.116596] trace_hardirqs_on+0x26/0x40 [ 118.117136] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 118.117793] try_to_wake_up+0x8ae/0x11d0 [ 118.118346] ? __pfx_try_to_wake_up+0x10/0x10 [ 118.118960] ? plist_del+0x122/0x270 [ 118.119471] ? __futex_unqueue+0xda/0x1c0 [ 118.120031] wake_up_q+0xa1/0x130 [ 118.120510] futex_wake+0x47e/0x540 [ 118.121007] ? __pfx_futex_wake+0x10/0x10 [ 118.121573] ? __handle_mm_fault+0x753/0x3260 [ 118.122189] ? vma_start_read+0x25e/0x8e0 [ 118.122756] ? vma_start_read+0x304/0x8e0 [ 118.123314] ? __pfx___handle_mm_fault+0x10/0x10 [ 118.123957] do_futex+0x26d/0x370 [ 118.124432] ? __pfx_do_futex+0x10/0x10 [ 118.124968] ? count_memcg_events+0x32b/0x420 [ 118.125577] __x64_sys_futex+0x1c9/0x4d0 [ 118.126122] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.126918] ? __pfx___x64_sys_futex+0x10/0x10 [ 118.127542] do_syscall_64+0xbf/0x360 [ 118.128052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.128733] RIP: 0033:0x7f2bd2b42b19 [ 118.129230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.131627] RSP: 002b:00007ffd00472548 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.132632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2bd2b42b19 [ 118.133577] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2bd2c55f68 [ 118.134515] RBP: 00007f2bd2c55f60 R08: 00007f2bd2c520a0 R09: 0000000000000000 [ 118.135457] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2bd2c5a9e8 [ 118.136389] R13: 00007ffd00472650 R14: 00007f2bd2c55f60 R15: 000000000001cc77 [ 118.137335] [ 118.137653] Modules linked in: [ 118.138086] ---[ end trace 0000000000000000 ]--- [ 118.138715] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.139347] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.141756] RSP: 0018:ffff888046cd7800 EFLAGS: 00010212 [ 118.142471] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000b043000 [ 118.143424] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.144375] RBP: ffff888046cd7a70 R08: ffff88806ce31340 R09: ffffe8ffffc160f8 [ 118.145323] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.146276] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 118.147227] FS: 0000555586d49400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.148291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.149071] CR2: 00007f2bd2c52000 CR3: 000000001f733000 CR4: 0000000000350ef0 [ 118.150021] note: syz-executor.6[3970] exited with irqs disabled [ 118.150976] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 118.152470] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 118.153481] CPU: 1 UID: 0 PID: 3970 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.155088] Tainted: [D]=DIE, [W]=WARN [ 118.155605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.156700] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.157342] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.159760] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 118.160476] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 118.161427] RDX: ffff8880167c9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.162378] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16910 [ 118.163341] R10: 0000000000000000 R11: ffff888016498898 R12: dffffc0000000000 [ 118.164301] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 118.165268] FS: 0000555586d49400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.166351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.167142] CR2: 00007f2bd2c52000 CR3: 000000001f733000 CR4: 0000000000350ef0 [ 118.168098] Call Trace: [ 118.168454] [ 118.168763] ? __pfx_perf_tp_event+0x10/0x10 [ 118.169385] ? enqueue_task_fair+0xded/0x1e00 [ 118.170010] ? check_preempt_wakeup_fair+0x6e/0x950 [ 118.170701] ? wakeup_preempt+0x140/0x2a0 [ 118.171270] ? lock_release+0x1c7/0x290 [ 118.171816] ? lock_release+0x1c7/0x290 [ 118.172361] ? do_raw_spin_unlock+0x53/0x220 [ 118.172973] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 118.173670] ? try_to_wake_up+0x8ae/0x11d0 [ 118.174261] ? do_raw_spin_lock+0x123/0x260 [ 118.175068] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.175894] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.176744] perf_trace_run_bpf_submit+0xef/0x180 [ 118.177574] perf_trace_preemptirq_template+0x259/0x430 [ 118.178500] ? read_tsc+0x9/0x20 [ 118.179109] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.180012] ? clockevents_program_event+0x135/0x360 [ 118.180779] ? tick_program_event+0xac/0x140 [ 118.181446] ? handle_softirqs+0x16e/0x770 [ 118.182096] trace_irq_enable.constprop.0+0xa6/0x100 [ 118.182864] trace_hardirqs_on+0x26/0x40 [ 118.183475] handle_softirqs+0x16e/0x770 [ 118.184102] __irq_exit_rcu+0xc4/0x100 [ 118.184705] irq_exit_rcu+0x9/0x20 [ 118.185246] sysvec_apic_timer_interrupt+0x70/0x80 [ 118.185994] [ 118.186344] [ 118.186701] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 118.187491] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 118.188201] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 118.190904] RSP: 0018:ffff88801ecb7f28 EFLAGS: 00000246 [ 118.191716] RAX: 0000000000000001 RBX: ffff8880167c9b80 RCX: ffffffff817c2b86 [ 118.192796] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 118.193855] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 118.194919] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880167c9b80 [ 118.195992] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 118.197063] ? trace_irq_enable.constprop.0+0x26/0x100 [ 118.197854] ? make_task_dead+0x214/0x3b0 [ 118.198487] ? make_task_dead+0x214/0x3b0 [ 118.199125] ? do_syscall_64+0xbf/0x360 [ 118.199731] rewind_stack_and_make_dead+0x16/0x20 [ 118.200467] RIP: 0033:0x7f2bd2b42b19 [ 118.201038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.203871] RSP: 002b:00007ffd00472548 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.205040] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2bd2b42b19 [ 118.206126] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2bd2c55f68 [ 118.207231] RBP: 00007f2bd2c55f60 R08: 00007f2bd2c520a0 R09: 0000000000000000 [ 118.208316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2bd2c5a9e8 [ 118.209407] R13: 00007ffd00472650 R14: 00007f2bd2c55f60 R15: 000000000001cc77 [ 118.210514] [ 118.210886] Modules linked in: [ 118.211400] ---[ end trace 0000000000000000 ]--- [ 118.212116] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.212859] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.215664] RSP: 0018:ffff888046cd7800 EFLAGS: 00010212 [ 118.216487] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000b043000 [ 118.217585] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.218684] RBP: ffff888046cd7a70 R08: ffff88806ce31340 R09: ffffe8ffffc160f8 [ 118.219775] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.220866] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 118.221972] FS: 0000555586d49400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.223211] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.224111] CR2: 00007f2bd2c52000 CR3: 000000001f733000 CR4: 0000000000350ef0 [ 118.225200] Kernel panic - not syncing: Fatal exception in interrupt [ 118.226292] Kernel Offset: disabled [ 118.226864] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:36:29 Registers: info registers vcpu 0 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888046cd70f0 R8 =0000000000000000 R9 =ffffed1001391046 R10=0000000000000064 R11=0000000065646f43 R12=0000000000000064 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc7ca536700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc7cd0d4018 CR3=0000000046c2a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc7cd0a77c000007fc7cd0a77c8 XMM02=00007fc7cd0a77e000007fc7cd0a77c0 XMM03=00007fc7cd0a77c800007fc7cd0a77c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff888016fdd280 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88800d6bf988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556db53400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe3b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d022000 CR3=000000000aca0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffff8185463bffffffff812c8313 XMM01=ffffffff8185463bffffffff812c8313 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f5f234e37c800007f5f234e37c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000