Warning: Permanently added '[localhost]:33319' (ECDSA) to the list of known hosts. 2025/08/29 11:50:34 fuzzer started 2025/08/29 11:50:34 dialing manager at localhost:43077 syzkaller login: [ 50.085432] cgroup: Unknown subsys name 'net' [ 50.143737] cgroup: Unknown subsys name 'cpuset' [ 50.160815] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:50:45 syscalls: 2214 2025/08/29 11:50:45 code coverage: enabled 2025/08/29 11:50:45 comparison tracing: enabled 2025/08/29 11:50:45 extra coverage: enabled 2025/08/29 11:50:45 setuid sandbox: enabled 2025/08/29 11:50:45 namespace sandbox: enabled 2025/08/29 11:50:45 Android sandbox: enabled 2025/08/29 11:50:45 fault injection: enabled 2025/08/29 11:50:45 leak checking: enabled 2025/08/29 11:50:45 net packet injection: enabled 2025/08/29 11:50:45 net device setup: enabled 2025/08/29 11:50:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:50:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:50:45 USB emulation: enabled 2025/08/29 11:50:45 hci packet injection: enabled 2025/08/29 11:50:45 wifi device emulation: enabled 2025/08/29 11:50:45 802.15.4 emulation: enabled 2025/08/29 11:50:45 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:50:45 fetching corpus: 50, signal 22971/26448 (executing program) 2025/08/29 11:50:45 fetching corpus: 100, signal 31947/36894 (executing program) 2025/08/29 11:50:45 fetching corpus: 150, signal 45454/51479 (executing program) 2025/08/29 11:50:45 fetching corpus: 200, signal 52072/59268 (executing program) 2025/08/29 11:50:45 fetching corpus: 250, signal 56477/64866 (executing program) 2025/08/29 11:50:45 fetching corpus: 300, signal 60207/69718 (executing program) 2025/08/29 11:50:45 fetching corpus: 350, signal 66232/76561 (executing program) 2025/08/29 11:50:46 fetching corpus: 400, signal 70925/82147 (executing program) 2025/08/29 11:50:46 fetching corpus: 450, signal 73308/85526 (executing program) 2025/08/29 11:50:46 fetching corpus: 500, signal 76156/89278 (executing program) 2025/08/29 11:50:46 fetching corpus: 550, signal 79125/93075 (executing program) 2025/08/29 11:50:46 fetching corpus: 600, signal 81048/95931 (executing program) 2025/08/29 11:50:46 fetching corpus: 650, signal 83927/99620 (executing program) 2025/08/29 11:50:46 fetching corpus: 700, signal 87704/103929 (executing program) 2025/08/29 11:50:46 fetching corpus: 750, signal 90516/107361 (executing program) 2025/08/29 11:50:46 fetching corpus: 800, signal 91859/109557 (executing program) 2025/08/29 11:50:46 fetching corpus: 850, signal 93730/112251 (executing program) 2025/08/29 11:50:46 fetching corpus: 900, signal 96083/115190 (executing program) 2025/08/29 11:50:46 fetching corpus: 950, signal 97833/117568 (executing program) 2025/08/29 11:50:47 fetching corpus: 1000, signal 99072/119476 (executing program) 2025/08/29 11:50:47 fetching corpus: 1050, signal 101063/121970 (executing program) 2025/08/29 11:50:47 fetching corpus: 1100, signal 102934/124334 (executing program) 2025/08/29 11:50:47 fetching corpus: 1150, signal 105180/126949 (executing program) 2025/08/29 11:50:47 fetching corpus: 1200, signal 106569/128877 (executing program) 2025/08/29 11:50:47 fetching corpus: 1250, signal 107876/130732 (executing program) 2025/08/29 11:50:47 fetching corpus: 1300, signal 109160/132543 (executing program) 2025/08/29 11:50:47 fetching corpus: 1350, signal 111170/134771 (executing program) 2025/08/29 11:50:47 fetching corpus: 1399, signal 112407/136490 (executing program) 2025/08/29 11:50:47 fetching corpus: 1449, signal 113599/138132 (executing program) 2025/08/29 11:50:47 fetching corpus: 1499, signal 114649/139647 (executing program) 2025/08/29 11:50:48 fetching corpus: 1549, signal 115624/141102 (executing program) 2025/08/29 11:50:48 fetching corpus: 1599, signal 117147/142872 (executing program) 2025/08/29 11:50:48 fetching corpus: 1649, signal 118215/144388 (executing program) 2025/08/29 11:50:48 fetching corpus: 1699, signal 119119/145747 (executing program) 2025/08/29 11:50:48 fetching corpus: 1749, signal 119792/147000 (executing program) 2025/08/29 11:50:48 fetching corpus: 1799, signal 120758/148304 (executing program) 2025/08/29 11:50:48 fetching corpus: 1849, signal 121569/149547 (executing program) 2025/08/29 11:50:48 fetching corpus: 1899, signal 122565/150913 (executing program) 2025/08/29 11:50:48 fetching corpus: 1949, signal 123504/152135 (executing program) 2025/08/29 11:50:48 fetching corpus: 1999, signal 124125/153232 (executing program) 2025/08/29 11:50:48 fetching corpus: 2049, signal 124674/154254 (executing program) 2025/08/29 11:50:48 fetching corpus: 2098, signal 125642/155503 (executing program) 2025/08/29 11:50:49 fetching corpus: 2148, signal 126387/156650 (executing program) 2025/08/29 11:50:49 fetching corpus: 2198, signal 126908/157606 (executing program) 2025/08/29 11:50:49 fetching corpus: 2248, signal 127673/158684 (executing program) 2025/08/29 11:50:49 fetching corpus: 2298, signal 128348/159778 (executing program) 2025/08/29 11:50:49 fetching corpus: 2347, signal 129078/160772 (executing program) 2025/08/29 11:50:49 fetching corpus: 2397, signal 129615/161694 (executing program) 2025/08/29 11:50:49 fetching corpus: 2446, signal 130685/162910 (executing program) 2025/08/29 11:50:49 fetching corpus: 2496, signal 131733/163983 (executing program) 2025/08/29 11:50:49 fetching corpus: 2546, signal 132922/165149 (executing program) 2025/08/29 11:50:49 fetching corpus: 2596, signal 133636/166120 (executing program) 2025/08/29 11:50:49 fetching corpus: 2646, signal 134822/167223 (executing program) 2025/08/29 11:50:49 fetching corpus: 2696, signal 135287/168098 (executing program) 2025/08/29 11:50:50 fetching corpus: 2746, signal 136244/169139 (executing program) 2025/08/29 11:50:50 fetching corpus: 2796, signal 137406/170214 (executing program) 2025/08/29 11:50:50 fetching corpus: 2846, signal 138046/171004 (executing program) 2025/08/29 11:50:50 fetching corpus: 2895, signal 138822/171901 (executing program) 2025/08/29 11:50:50 fetching corpus: 2945, signal 139313/172669 (executing program) 2025/08/29 11:50:50 fetching corpus: 2995, signal 140051/173469 (executing program) 2025/08/29 11:50:50 fetching corpus: 3045, signal 140462/174202 (executing program) 2025/08/29 11:50:50 fetching corpus: 3095, signal 141208/174970 (executing program) 2025/08/29 11:50:50 fetching corpus: 3145, signal 141982/175757 (executing program) 2025/08/29 11:50:50 fetching corpus: 3195, signal 142516/176463 (executing program) 2025/08/29 11:50:50 fetching corpus: 3245, signal 143139/177174 (executing program) 2025/08/29 11:50:50 fetching corpus: 3295, signal 143910/177953 (executing program) 2025/08/29 11:50:51 fetching corpus: 3345, signal 144467/178648 (executing program) 2025/08/29 11:50:51 fetching corpus: 3395, signal 145351/179360 (executing program) 2025/08/29 11:50:51 fetching corpus: 3445, signal 146456/180135 (executing program) 2025/08/29 11:50:51 fetching corpus: 3495, signal 147001/180808 (executing program) 2025/08/29 11:50:51 fetching corpus: 3545, signal 147482/181396 (executing program) 2025/08/29 11:50:51 fetching corpus: 3595, signal 148275/182028 (executing program) 2025/08/29 11:50:51 fetching corpus: 3645, signal 148886/182620 (executing program) 2025/08/29 11:50:51 fetching corpus: 3695, signal 149475/183190 (executing program) 2025/08/29 11:50:51 fetching corpus: 3745, signal 150147/183764 (executing program) 2025/08/29 11:50:51 fetching corpus: 3795, signal 150726/184272 (executing program) 2025/08/29 11:50:52 fetching corpus: 3845, signal 151156/184831 (executing program) 2025/08/29 11:50:52 fetching corpus: 3895, signal 151669/185327 (executing program) 2025/08/29 11:50:52 fetching corpus: 3945, signal 152258/185916 (executing program) 2025/08/29 11:50:52 fetching corpus: 3995, signal 152793/186398 (executing program) 2025/08/29 11:50:52 fetching corpus: 4045, signal 153271/186881 (executing program) 2025/08/29 11:50:52 fetching corpus: 4095, signal 153661/187319 (executing program) 2025/08/29 11:50:52 fetching corpus: 4145, signal 154128/187788 (executing program) 2025/08/29 11:50:52 fetching corpus: 4195, signal 154866/188275 (executing program) 2025/08/29 11:50:52 fetching corpus: 4245, signal 155222/188754 (executing program) 2025/08/29 11:50:52 fetching corpus: 4295, signal 155659/189227 (executing program) 2025/08/29 11:50:52 fetching corpus: 4345, signal 156344/189754 (executing program) 2025/08/29 11:50:53 fetching corpus: 4395, signal 156904/190173 (executing program) 2025/08/29 11:50:53 fetching corpus: 4445, signal 157361/190595 (executing program) 2025/08/29 11:50:53 fetching corpus: 4495, signal 157914/190998 (executing program) 2025/08/29 11:50:53 fetching corpus: 4545, signal 158409/191377 (executing program) 2025/08/29 11:50:53 fetching corpus: 4595, signal 159064/191742 (executing program) 2025/08/29 11:50:53 fetching corpus: 4645, signal 159410/191938 (executing program) 2025/08/29 11:50:53 fetching corpus: 4695, signal 159933/191956 (executing program) 2025/08/29 11:50:53 fetching corpus: 4745, signal 160415/191982 (executing program) 2025/08/29 11:50:53 fetching corpus: 4795, signal 160988/192008 (executing program) 2025/08/29 11:50:54 fetching corpus: 4845, signal 161613/192016 (executing program) 2025/08/29 11:50:54 fetching corpus: 4895, signal 161984/192090 (executing program) 2025/08/29 11:50:54 fetching corpus: 4945, signal 162550/192090 (executing program) 2025/08/29 11:50:54 fetching corpus: 4995, signal 162908/192099 (executing program) 2025/08/29 11:50:54 fetching corpus: 5045, signal 163338/192101 (executing program) 2025/08/29 11:50:54 fetching corpus: 5095, signal 163718/192180 (executing program) 2025/08/29 11:50:54 fetching corpus: 5145, signal 164106/192204 (executing program) 2025/08/29 11:50:54 fetching corpus: 5195, signal 164602/192210 (executing program) 2025/08/29 11:50:54 fetching corpus: 5245, signal 164938/192217 (executing program) 2025/08/29 11:50:54 fetching corpus: 5295, signal 165313/192224 (executing program) 2025/08/29 11:50:54 fetching corpus: 5345, signal 165651/192226 (executing program) 2025/08/29 11:50:55 fetching corpus: 5395, signal 166132/192228 (executing program) 2025/08/29 11:50:55 fetching corpus: 5445, signal 166736/192233 (executing program) 2025/08/29 11:50:55 fetching corpus: 5495, signal 167298/192249 (executing program) 2025/08/29 11:50:55 fetching corpus: 5545, signal 167613/192253 (executing program) 2025/08/29 11:50:55 fetching corpus: 5595, signal 168016/192263 (executing program) 2025/08/29 11:50:55 fetching corpus: 5645, signal 168321/192273 (executing program) 2025/08/29 11:50:55 fetching corpus: 5695, signal 168969/192273 (executing program) 2025/08/29 11:50:55 fetching corpus: 5745, signal 169336/192274 (executing program) 2025/08/29 11:50:55 fetching corpus: 5795, signal 169797/192310 (executing program) 2025/08/29 11:50:55 fetching corpus: 5845, signal 170145/192310 (executing program) 2025/08/29 11:50:55 fetching corpus: 5895, signal 170517/192323 (executing program) 2025/08/29 11:50:55 fetching corpus: 5945, signal 170850/192345 (executing program) 2025/08/29 11:50:56 fetching corpus: 5995, signal 171184/192348 (executing program) 2025/08/29 11:50:56 fetching corpus: 6045, signal 171428/192380 (executing program) 2025/08/29 11:50:56 fetching corpus: 6095, signal 171816/192407 (executing program) 2025/08/29 11:50:56 fetching corpus: 6145, signal 172100/192469 (executing program) 2025/08/29 11:50:56 fetching corpus: 6195, signal 172644/192486 (executing program) 2025/08/29 11:50:56 fetching corpus: 6245, signal 172894/192496 (executing program) 2025/08/29 11:50:56 fetching corpus: 6295, signal 173263/192501 (executing program) 2025/08/29 11:50:56 fetching corpus: 6345, signal 173601/192533 (executing program) 2025/08/29 11:50:56 fetching corpus: 6395, signal 173934/192547 (executing program) 2025/08/29 11:50:56 fetching corpus: 6445, signal 174302/192551 (executing program) 2025/08/29 11:50:56 fetching corpus: 6495, signal 174756/192594 (executing program) 2025/08/29 11:50:56 fetching corpus: 6545, signal 175130/192624 (executing program) 2025/08/29 11:50:57 fetching corpus: 6595, signal 175486/192632 (executing program) 2025/08/29 11:50:57 fetching corpus: 6645, signal 176474/192652 (executing program) 2025/08/29 11:50:57 fetching corpus: 6695, signal 176741/192663 (executing program) 2025/08/29 11:50:57 fetching corpus: 6745, signal 177032/192693 (executing program) 2025/08/29 11:50:57 fetching corpus: 6795, signal 177463/192700 (executing program) 2025/08/29 11:50:57 fetching corpus: 6845, signal 177698/192703 (executing program) 2025/08/29 11:50:57 fetching corpus: 6895, signal 177939/192715 (executing program) 2025/08/29 11:50:57 fetching corpus: 6945, signal 178176/192720 (executing program) 2025/08/29 11:50:57 fetching corpus: 6995, signal 178578/192755 (executing program) 2025/08/29 11:50:57 fetching corpus: 7045, signal 179110/192761 (executing program) 2025/08/29 11:50:57 fetching corpus: 7095, signal 179355/192768 (executing program) 2025/08/29 11:50:57 fetching corpus: 7145, signal 179616/192840 (executing program) 2025/08/29 11:50:58 fetching corpus: 7195, signal 179853/192854 (executing program) 2025/08/29 11:50:58 fetching corpus: 7245, signal 180170/192865 (executing program) 2025/08/29 11:50:58 fetching corpus: 7295, signal 180430/192870 (executing program) 2025/08/29 11:50:58 fetching corpus: 7345, signal 180688/192873 (executing program) 2025/08/29 11:50:58 fetching corpus: 7395, signal 180951/192882 (executing program) 2025/08/29 11:50:58 fetching corpus: 7445, signal 181223/192883 (executing program) 2025/08/29 11:50:58 fetching corpus: 7495, signal 181543/192893 (executing program) 2025/08/29 11:50:58 fetching corpus: 7545, signal 181921/192900 (executing program) 2025/08/29 11:50:58 fetching corpus: 7595, signal 182281/192972 (executing program) 2025/08/29 11:50:58 fetching corpus: 7645, signal 182548/192972 (executing program) 2025/08/29 11:50:58 fetching corpus: 7695, signal 182795/192975 (executing program) 2025/08/29 11:50:58 fetching corpus: 7745, signal 183004/192985 (executing program) 2025/08/29 11:50:59 fetching corpus: 7795, signal 183243/193002 (executing program) 2025/08/29 11:50:59 fetching corpus: 7845, signal 183569/193032 (executing program) 2025/08/29 11:50:59 fetching corpus: 7895, signal 183816/193035 (executing program) 2025/08/29 11:50:59 fetching corpus: 7945, signal 184346/193045 (executing program) 2025/08/29 11:50:59 fetching corpus: 7995, signal 184534/193046 (executing program) 2025/08/29 11:50:59 fetching corpus: 8045, signal 184823/193053 (executing program) 2025/08/29 11:50:59 fetching corpus: 8095, signal 185208/193143 (executing program) 2025/08/29 11:50:59 fetching corpus: 8145, signal 185563/193147 (executing program) 2025/08/29 11:50:59 fetching corpus: 8195, signal 185761/193149 (executing program) 2025/08/29 11:50:59 fetching corpus: 8245, signal 186169/193150 (executing program) 2025/08/29 11:51:00 fetching corpus: 8295, signal 186511/193198 (executing program) 2025/08/29 11:51:00 fetching corpus: 8345, signal 186673/193211 (executing program) 2025/08/29 11:51:00 fetching corpus: 8395, signal 187179/193217 (executing program) 2025/08/29 11:51:00 fetching corpus: 8445, signal 187427/193220 (executing program) 2025/08/29 11:51:00 fetching corpus: 8495, signal 187759/193233 (executing program) 2025/08/29 11:51:00 fetching corpus: 8545, signal 187967/193243 (executing program) 2025/08/29 11:51:00 fetching corpus: 8595, signal 188398/193248 (executing program) 2025/08/29 11:51:00 fetching corpus: 8645, signal 188634/193261 (executing program) 2025/08/29 11:51:00 fetching corpus: 8695, signal 188934/193273 (executing program) 2025/08/29 11:51:00 fetching corpus: 8745, signal 189231/193278 (executing program) 2025/08/29 11:51:00 fetching corpus: 8795, signal 189554/193281 (executing program) 2025/08/29 11:51:00 fetching corpus: 8845, signal 189880/193290 (executing program) 2025/08/29 11:51:00 fetching corpus: 8846, signal 189883/193290 (executing program) 2025/08/29 11:51:00 fetching corpus: 8846, signal 189883/193290 (executing program) 2025/08/29 11:51:03 starting 8 fuzzer processes 11:51:03 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:51:03 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) kexec_load(0x0, 0x4f, 0x0, 0x0) 11:51:03 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) 11:51:03 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) membarrier(0x0, 0x0) [ 78.806367] audit: type=1400 audit(1756468263.211:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:51:03 executing program 3: setresuid(0x0, 0xee01, 0x0) syslog(0x0, 0x0, 0x0) 11:51:03 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:03 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00') readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/232, 0xe8}], 0x1) 11:51:03 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="06c9", 0x2}], 0x1}, 0x40011) recvmmsg(r1, &(0x7f0000006680)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000080)=""/137, 0x89}], 0x1}}], 0x1, 0x2, 0x0) [ 79.957757] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.960006] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.964060] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.967541] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.970258] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.018218] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.022027] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.026560] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.031944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.034932] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.038196] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.039397] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.041524] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.051010] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.052931] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.105437] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.107197] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.112063] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.122647] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.158720] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.161604] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.161636] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.165972] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.166159] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.169235] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.171148] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.177984] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.179967] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.190732] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.192106] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.194350] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.195660] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.197607] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.200262] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.207037] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.214010] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.218626] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.220162] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.232614] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.236060] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.993063] Bluetooth: hci0: command tx timeout [ 82.055081] Bluetooth: hci1: command tx timeout [ 82.119118] Bluetooth: hci2: command tx timeout [ 82.181927] Bluetooth: hci4: command tx timeout [ 82.246026] Bluetooth: hci3: command tx timeout [ 82.310069] Bluetooth: hci7: command tx timeout [ 82.312085] Bluetooth: hci5: command tx timeout [ 82.313838] Bluetooth: hci6: command tx timeout [ 84.038374] Bluetooth: hci0: command tx timeout [ 84.102442] Bluetooth: hci1: command tx timeout [ 84.166108] Bluetooth: hci2: command tx timeout [ 84.231984] Bluetooth: hci4: command tx timeout [ 84.293956] Bluetooth: hci3: command tx timeout [ 84.357927] Bluetooth: hci7: command tx timeout [ 84.358676] Bluetooth: hci5: command tx timeout [ 84.359496] Bluetooth: hci6: command tx timeout [ 86.085957] Bluetooth: hci0: command tx timeout [ 86.149883] Bluetooth: hci1: command tx timeout [ 86.213894] Bluetooth: hci2: command tx timeout [ 86.278712] Bluetooth: hci4: command tx timeout [ 86.341982] Bluetooth: hci3: command tx timeout [ 86.406836] Bluetooth: hci5: command tx timeout [ 86.407275] Bluetooth: hci6: command tx timeout [ 86.407656] Bluetooth: hci7: command tx timeout [ 88.134010] Bluetooth: hci0: command tx timeout [ 88.197986] Bluetooth: hci1: command tx timeout [ 88.261965] Bluetooth: hci2: command tx timeout [ 88.326112] Bluetooth: hci4: command tx timeout [ 88.390072] Bluetooth: hci3: command tx timeout [ 88.454840] Bluetooth: hci7: command tx timeout [ 88.455649] Bluetooth: hci6: command tx timeout [ 88.456622] Bluetooth: hci5: command tx timeout [ 118.176901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.177556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.371464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.372164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.477070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.477668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.543618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.545087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.938836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.939463] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.000911] audit: type=1400 audit(1756468303.402:8): avc: denied { open } for pid=3814 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:51:43 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xe, 0x0, &(0x7f0000000100)) [ 119.008834] audit: type=1400 audit(1756468303.402:9): avc: denied { kernel } for pid=3814 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.029246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.030175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.067012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.067604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.208649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.209356] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.751576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.752402] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.822097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.822692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.877088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.877666] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.895326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.896449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.983047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.983640] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.038954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.039562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.148401] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.149407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.206302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.206921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:51:44 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:51:44 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xe, 0x0, &(0x7f0000000100)) 11:51:44 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:44 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) kexec_load(0x0, 0x4f, 0x0, 0x0) 11:51:44 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x23, &(0x7f00000000c0)="ad87cf5ea909a7e9bee7180d28ca29c2c959c7156a0ee64ea5b4a5b273289e684fbefaa14925fc65fcd33d52e8b2e499deb52b5b06528ffd7e14f5902cd78d84a04b7c20767be5036c5e1474894b07b7c5af031b5a73c425dc38e089f3ce586012193dc5ef27785d70943b7aad9cf2d3feef2a3391bb9614e32b33932acd9efaaab343ff8b5f0ffe2d803eb415d81e8063667543e3c38ee8425102d357c971aa71ef597bb4f78443", 0xa8) 11:51:44 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x2c, 0x1, 0x4, 0x201, 0x0, 0x0, {}, [@NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x2a63}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x2c}}, 0x0) 11:51:44 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00') readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/232, 0xe8}], 0x1) 11:51:44 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/disk', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/4096, 0x1000) 11:51:44 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:44 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) kexec_load(0x0, 0x4f, 0x0, 0x0) 11:51:44 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:44 executing program 6: ioprio_set$pid(0x2, 0x0, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$binfmt_elf64(r0, 0x0, 0x0) 11:51:44 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) migrate_pages(0x0, 0x2, 0x0, &(0x7f0000000180)=0x9) 11:51:44 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xe, 0x0, &(0x7f0000000100)) 11:51:44 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00') readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/232, 0xe8}], 0x1) 11:51:44 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 120.567833] kmemleak: Found object by alias at 0x607f1a638f04 [ 120.567852] CPU: 0 UID: 0 PID: 3928 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.567870] Tainted: [W]=WARN [ 120.567873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.567881] Call Trace: [ 120.567885] [ 120.567890] dump_stack_lvl+0xca/0x120 [ 120.567911] __lookup_object+0x94/0xb0 [ 120.567928] delete_object_full+0x27/0x70 [ 120.567944] free_percpu+0x30/0x1160 [ 120.567960] ? arch_uprobe_clear_state+0x16/0x140 [ 120.567979] futex_hash_free+0x38/0xc0 [ 120.567992] mmput+0x2d3/0x390 [ 120.568010] do_exit+0x79d/0x2970 [ 120.568023] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 120.568044] ? __pfx_do_exit+0x10/0x10 [ 120.568058] ? find_held_lock+0x2b/0x80 [ 120.568076] ? get_signal+0x835/0x2340 [ 120.568096] do_group_exit+0xd3/0x2a0 [ 120.568110] get_signal+0x2315/0x2340 [ 120.568132] ? __pfx_get_signal+0x10/0x10 [ 120.568154] arch_do_signal_or_restart+0x80/0x790 [ 120.568171] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 120.568188] ? mmput+0x4f/0x390 [ 120.568204] ? kernel_migrate_pages+0x8c/0x730 [ 120.568223] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 120.568241] ? syscall_user_dispatch+0x78/0x140 [ 120.568257] exit_to_user_mode_loop+0x8b/0x110 [ 120.568269] do_syscall_64+0x2f7/0x360 [ 120.568280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.568291] RIP: 0033:0x7f75df0a3b19 [ 120.568300] Code: Unable to access opcode bytes at 0x7f75df0a3aef. [ 120.568306] RSP: 002b:00007f75dc619188 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 120.568319] RAX: 0000000000000000 RBX: 00007f75df1b6f60 RCX: 00007f75df0a3b19 [ 120.568327] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 120.568335] RBP: 00007f75df0fdf6d R08: 0000000000000000 R09: 0000000000000000 [ 120.568342] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000000 [ 120.568349] R13: 00007fff4586d7ff R14: 00007f75dc619300 R15: 0000000000022000 [ 120.568365] [ 120.568368] kmemleak: Object (percpu) 0x607f1a638f00 (size 8): [ 120.568375] kmemleak: comm "syz-executor.0", pid 3937, jiffies 4294787375 [ 120.568382] kmemleak: min_count = 1 [ 120.568386] kmemleak: count = 0 [ 120.568390] kmemleak: flags = 0x21 [ 120.568393] kmemleak: checksum = 0 [ 120.568397] kmemleak: backtrace: [ 120.568401] pcpu_alloc_noprof+0x87a/0x1170 [ 120.568415] alloc_trace_uprobe+0xab/0x390 [ 120.568426] create_local_trace_uprobe+0x104/0x570 [ 120.568438] perf_uprobe_init+0x13a/0x220 [ 120.568451] perf_uprobe_event_init+0x103/0x190 [ 120.568466] perf_try_init_event+0x140/0x9f0 [ 120.568479] perf_event_alloc.part.0+0x118e/0x45f0 [ 120.568499] __do_sys_perf_event_open+0x719/0x2c20 [ 120.568512] do_syscall_64+0xbf/0x360 [ 120.568520] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:51:45 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:45 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x4}]}, 0x28}}, 0x0) 11:51:45 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000002c00)='net/snmp\x00') pread64(r0, &(0x7f0000000080)=""/203, 0xcb, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x1c, 0x1a, 0x1, 0x0, 0x0, "", [@generic="02a50043e29664b1c6"]}, 0x1c}], 0x1}, 0x0) 11:51:45 executing program 6: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x22a000, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, 0x0) 11:51:45 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00') readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/232, 0xe8}], 0x1) [ 120.645044] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 120.645981] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 120.646659] CPU: 0 UID: 0 PID: 3941 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.649401] Tainted: [W]=WARN [ 120.650101] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.652205] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.653165] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.655878] RSP: 0018:ffff88801862f800 EFLAGS: 00010212 [ 120.656298] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 120.656856] RDX: ffff88800fa0d280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.657413] RBP: ffff88801862fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15f00 [ 120.657973] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.658528] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 120.659080] FS: 000055556b51b400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 120.659713] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.660170] CR2: 00007fb7f24a5e40 CR3: 000000000bec9000 CR4: 0000000000350ef0 [ 120.660731] Call Trace: [ 120.660938] [ 120.661126] ? perf_trace_lock+0xb5/0x5d0 [ 120.661459] ? __pfx_perf_tp_event+0x10/0x10 [ 120.661818] ? lock_acquire+0x15e/0x2f0 [ 120.662138] ? __is_insn_slot_addr+0x2e/0x290 [ 120.662502] ? find_held_lock+0x2b/0x80 [ 120.662826] ? __is_insn_slot_addr+0x136/0x290 [ 120.663201] ? lock_release+0xc8/0x290 [ 120.663531] ? __is_insn_slot_addr+0x140/0x290 [ 120.663902] ? kernel_text_address+0x5b/0xc0 [ 120.664257] ? __kernel_text_address+0xd/0x40 [ 120.664618] ? unwind_get_return_address+0x59/0xa0 [ 120.665016] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 120.665443] ? arch_stack_walk+0x9c/0xf0 [ 120.665775] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.666172] perf_trace_run_bpf_submit+0xef/0x180 [ 120.666566] perf_trace_lock+0x337/0x5d0 [ 120.666896] ? __pfx_perf_trace_lock+0x10/0x10 [ 120.667271] ? lock_acquire+0x15e/0x2f0 [ 120.667588] ? futex_ref_get+0x48/0x300 [ 120.667902] ? futex_ref_get+0x114/0x300 [ 120.668223] ? futex_hash+0x15c/0x390 [ 120.668526] lock_release+0x1ab/0x290 [ 120.668833] ? futex_hash+0x15c/0x390 [ 120.669136] futex_ref_get+0x119/0x300 [ 120.669446] ? futex_hash+0x15c/0x390 [ 120.669749] futex_hash+0x70/0x390 [ 120.670046] futex_wake+0x143/0x540 [ 120.670344] ? lock_release+0xc8/0x290 [ 120.670657] ? __pfx_futex_wake+0x10/0x10 [ 120.670995] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 120.671416] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 120.671851] do_futex+0x26d/0x370 [ 120.672132] ? __pfx_do_futex+0x10/0x10 [ 120.672452] ? __pfx_perf_trace_lock+0x10/0x10 [ 120.672826] __x64_sys_futex+0x1c9/0x4d0 [ 120.673155] ? __pfx___x64_sys_futex+0x10/0x10 [ 120.673519] ? lock_release+0xc8/0x290 [ 120.673833] ? do_raw_spin_unlock+0x53/0x220 [ 120.674188] ? _raw_spin_unlock+0x1e/0x40 [ 120.674520] ? file_close_fd+0x63/0x80 [ 120.674836] do_syscall_64+0xbf/0x360 [ 120.675142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.675556] RIP: 0033:0x7f75df0a3b19 [ 120.675852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.677266] RSP: 002b:00007fff4586d878 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.677861] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f75df0a3b19 [ 120.678419] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75df1b6f68 [ 120.678974] RBP: 00007f75df1b6f60 R08: 0000001b2ce223a8 R09: 0000000000000000 [ 120.679546] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75df1bb060 [ 120.680106] R13: 00007fff4586d980 R14: 00007f75df1b6f60 R15: 000000000001d6c6 [ 120.680676] [ 120.680863] Modules linked in: [ 120.681268] ---[ end trace 0000000000000000 ]--- [ 120.681643] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.682096] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.683606] RSP: 0018:ffff88801862f800 EFLAGS: 00010212 [ 120.684043] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 120.684600] RDX: ffff88800fa0d280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.685177] RBP: ffff88801862fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15f00 [ 120.685763] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.686357] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 120.686948] FS: 000055556b51b400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 120.687605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.688102] CR2: 00007fb7f24a5e40 CR3: 000000000bec9000 CR4: 0000000000350ef0 [ 120.688698] note: syz-executor.2[3941] exited with preempt_count 1 [ 120.689231] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 120.689975] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3941, name: syz-executor.2 [ 120.690662] preempt_count: 0, expected: 0 [ 120.691016] RCU nest depth: 2, expected: 0 [ 120.691364] INFO: lockdep is turned off. [ 120.691693] CPU: 0 UID: 0 PID: 3941 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.691711] Tainted: [D]=DIE, [W]=WARN [ 120.691715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.691722] Call Trace: [ 120.691725] [ 120.691729] dump_stack_lvl+0xfa/0x120 [ 120.691749] __might_resched+0x2f3/0x510 [ 120.691763] exit_signals+0x25/0x940 [ 120.691784] do_exit+0x2db/0x2970 [ 120.691797] ? _printk+0xbe/0xf0 [ 120.691809] ? __pfx__printk+0x10/0x10 [ 120.691822] ? __pfx_do_exit+0x10/0x10 [ 120.691834] ? do_raw_spin_unlock+0x53/0x220 [ 120.691849] ? _raw_spin_unlock+0x1e/0x40 [ 120.691863] make_task_dead+0x174/0x3b0 [ 120.691875] ? do_syscall_64+0xbf/0x360 [ 120.691885] rewind_stack_and_make_dead+0x16/0x20 [ 120.691900] RIP: 0033:0x7f75df0a3b19 [ 120.691908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.691918] RSP: 002b:00007fff4586d878 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.691929] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f75df0a3b19 [ 120.691936] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75df1b6f68 [ 120.691943] RBP: 00007f75df1b6f60 R08: 0000001b2ce223a8 R09: 0000000000000000 [ 120.691950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75df1bb060 [ 120.691957] R13: 00007fff4586d980 R14: 00007f75df1b6f60 R15: 000000000001d6c6 [ 120.691967] 11:51:45 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x9, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:51:45 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) kexec_load(0x0, 0x4f, 0x0, 0x0) 11:51:45 executing program 6: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x22a000, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, 0x0) 11:51:45 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x80247008, &(0x7f0000000040)) 11:51:48 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x0, &(0x7f0000001980)) 11:51:48 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xe, 0x0, &(0x7f0000000100)) 11:51:48 executing program 4: syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0) 11:51:48 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000000)) 11:51:48 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x80247008, &(0x7f0000000040)) 11:51:48 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x18) getdents64(r0, 0x0, 0x0) 11:51:48 executing program 6: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x22a000, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, 0x0) 11:51:48 executing program 1: r0 = getpid() r1 = pidfd_open(r0, 0x0) pidfd_getfd(r1, 0xffffffffffffffff, 0x0) 11:51:48 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x42, 0x40, 0x1, 0x4, 0x0, 0x1, 0x4, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1000, 0x4, @perf_config_ext={0x6, 0x680}, 0xe707, 0x1, 0x8, 0x0, 0x41498218, 0x1f, 0x6e6f, 0x0, 0x9ce6, 0x0, 0x7ff}, 0x0, 0xb, 0xffffffffffffffff, 0x0) geteuid() r0 = fork() ptrace(0x10, r0) tkill(r0, 0x1a) chroot(&(0x7f0000000100)='./file0\x00') msgctl$IPC_SET(0x0, 0x1, &(0x7f0000001c00)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7cf9}, 0x0, 0x0, 0x5, 0xfff, 0x7f, 0x1, 0x1, 0x100, 0x8, 0x6}) [ 123.702531] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 123.703408] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.704055] CPU: 1 UID: 0 PID: 3972 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.704939] Tainted: [D]=DIE, [W]=WARN [ 123.705227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.705839] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.706203] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.707558] RSP: 0018:ffff888016ca7780 EFLAGS: 00010012 [ 123.707957] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002ff5000 [ 123.708485] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.709012] RBP: ffff888016ca79f0 R08: ffff88806cf31340 R09: ffffe8ffffd15f00 [ 123.709538] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 123.710062] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 123.710594] FS: 00007f75dc619700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.711192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.711635] CR2: 00007f2dfc4b9018 CR3: 000000000d97c000 CR4: 0000000000350ef0 [ 123.712162] Call Trace: [ 123.712361] [ 123.712539] ? __pfx_perf_tp_event+0x10/0x10 [ 123.712878] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 123.713342] ? lock_release+0x1c7/0x290 [ 123.713646] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 123.714126] ? kvm_sched_clock_read+0x16/0x30 [ 123.714471] ? local_clock_noinstr+0xf/0xc0 [ 123.714800] ? ctx_sched_in+0x134/0x9b0 [ 123.715111] ? __kernel_text_address+0xd/0x40 [ 123.715466] ? css_rstat_updated+0x1b8/0x4d0 [ 123.715815] ? __pfx_css_rstat_updated+0x10/0x10 [ 123.716180] ? trace_pelt_se_tp+0xdf/0x130 [ 123.716504] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.716888] perf_trace_run_bpf_submit+0xef/0x180 [ 123.717262] perf_trace_preemptirq_template+0x259/0x430 [ 123.717673] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.718121] ? check_preempt_wakeup_fair+0x406/0x950 [ 123.718510] ? wakeup_preempt+0x140/0x2a0 [ 123.718829] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.719217] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.719613] trace_hardirqs_on+0x26/0x40 [ 123.719924] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.720302] try_to_wake_up+0x8ae/0x11d0 [ 123.720618] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.720969] ? plist_del+0x122/0x270 [ 123.721260] ? __futex_unqueue+0xda/0x1c0 [ 123.721579] wake_up_q+0xa1/0x130 [ 123.721854] futex_wake+0x47e/0x540 [ 123.722139] ? __pfx_futex_wake+0x10/0x10 [ 123.722465] ? lock_release+0x1c7/0x290 [ 123.722771] ? lock_release+0x1c7/0x290 [ 123.723075] ? fd_install+0x1f0/0x660 [ 123.723385] do_futex+0x26d/0x370 [ 123.723656] ? __pfx_do_futex+0x10/0x10 [ 123.723961] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 123.724365] ? count_memcg_events+0x32b/0x420 [ 123.724714] __x64_sys_futex+0x1c9/0x4d0 [ 123.725030] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.725478] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.725828] ? xfd_validate_state+0x55/0x180 [ 123.726174] do_syscall_64+0xbf/0x360 [ 123.726467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.726857] RIP: 0033:0x7f75df0a3b19 [ 123.727138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.728489] RSP: 002b:00007f75dc619218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.729056] RAX: ffffffffffffffda RBX: 00007f75df1b6f68 RCX: 00007f75df0a3b19 [ 123.729591] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75df1b6f6c [ 123.730126] RBP: 00007f75df1b6f60 R08: 000000000000000e R09: 0000000000000000 [ 123.730659] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f75df1b6f6c [ 123.731189] R13: 00007fff4586d7ff R14: 00007f75dc619300 R15: 0000000000022000 [ 123.731733] [ 123.731918] Modules linked in: [ 123.732168] ---[ end trace 0000000000000000 ]--- [ 123.732527] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.732890] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.734226] RSP: 0018:ffff88801862f800 EFLAGS: 00010212 [ 123.734624] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.735155] RDX: ffff88800fa0d280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.735700] RBP: ffff88801862fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15f00 [ 123.736232] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.736765] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.737298] FS: 00007f75dc619700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.737896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.738334] CR2: 00007f2dfc4b9018 CR3: 000000000d97c000 CR4: 0000000000350ef0 [ 123.738870] note: syz-executor.2[3972] exited with irqs disabled [ 123.739386] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 123.740203] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 123.740843] CPU: 1 UID: 0 PID: 3972 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 123.741715] Tainted: [D]=DIE, [W]=WARN [ 123.742003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.742608] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.742964] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.744295] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 123.744692] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.745218] RDX: ffff888017548000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.745741] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd15f00 [ 123.746267] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 123.746792] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 123.747324] FS: 00007f75dc619700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.747918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.748355] CR2: 00007f2dfc4b9018 CR3: 000000000d97c000 CR4: 0000000000350ef0 [ 123.748881] Call Trace: [ 123.749079] [ 123.749257] ? __pfx_perf_tp_event+0x10/0x10 [ 123.749594] ? trace_pelt_se_tp+0xdf/0x130 [ 123.749914] ? __update_load_avg_cfs_rq+0x636/0x950 [ 123.750298] ? do_raw_spin_lock+0x123/0x260 [ 123.750626] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.750982] ? lock_acquire+0x18c/0x2f0 [ 123.751295] ? update_cfs_group+0x11d/0x260 [ 123.751622] ? lock_release+0x1c7/0x290 [ 123.751928] ? do_raw_spin_unlock+0x53/0x220 [ 123.752267] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 123.752651] ? try_to_wake_up+0x128/0x11d0 [ 123.752977] ? do_raw_spin_lock+0x123/0x260 [ 123.753306] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.753662] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.754042] perf_trace_run_bpf_submit+0xef/0x180 [ 123.754416] perf_trace_preemptirq_template+0x259/0x430 [ 123.754820] ? read_tsc+0x9/0x20 [ 123.755090] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.755542] ? clockevents_program_event+0x135/0x360 [ 123.755933] ? tick_program_event+0xac/0x140 [ 123.756265] ? handle_softirqs+0x16e/0x770 [ 123.756598] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.756978] trace_hardirqs_on+0x26/0x40 [ 123.757283] handle_softirqs+0x16e/0x770 [ 123.757607] __irq_exit_rcu+0xc4/0x100 [ 123.757908] irq_exit_rcu+0x9/0x20 [ 123.758179] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.758550] [ 123.758726] [ 123.758901] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.759308] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.759661] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 123.760987] RSP: 0018:ffff888016ca7f28 EFLAGS: 00000246 [ 123.761384] RAX: 0000000000000001 RBX: ffff888017548000 RCX: ffffffff817c2b86 [ 123.761909] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.762431] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 123.762955] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888017548000 [ 123.763496] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 123.764025] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.764416] ? make_task_dead+0x214/0x3b0 [ 123.764733] ? make_task_dead+0x214/0x3b0 [ 123.765051] ? do_syscall_64+0xbf/0x360 [ 123.765352] rewind_stack_and_make_dead+0x16/0x20 [ 123.765722] RIP: 0033:0x7f75df0a3b19 [ 123.766003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.767332] RSP: 002b:00007f75dc619218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.768008] RAX: ffffffffffffffda RBX: 00007f75df1b6f68 RCX: 00007f75df0a3b19 [ 123.768645] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75df1b6f6c [ 123.769276] RBP: 00007f75df1b6f60 R08: 000000000000000e R09: 0000000000000000 [ 123.769913] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f75df1b6f6c [ 123.770554] R13: 00007fff4586d7ff R14: 00007f75dc619300 R15: 0000000000022000 [ 123.771192] [ 123.771418] Modules linked in: [ 123.771712] ---[ end trace 0000000000000000 ]--- [ 123.772130] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.772553] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.774157] RSP: 0018:ffff88801862f800 EFLAGS: 00010212 [ 123.774633] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 123.775283] RDX: ffff88800fa0d280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 123.775916] RBP: ffff88801862fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15f00 [ 123.776551] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.777187] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.777822] FS: 00007f75dc619700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 123.778537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.779057] CR2: 00007f2dfc4b9018 CR3: 000000000d97c000 CR4: 0000000000350ef0 [ 123.779699] Kernel panic - not syncing: Fatal exception in interrupt [ 123.780391] Kernel Offset: disabled [ 123.780716] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:51:45 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801862f198 R8 =0000000000000000 R9 =ffffed100165f046 R10=0000000000000020 R11=6572617764726148 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556b51b400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb7f24a5e40 CR3=000000000bec9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000ff000000ff0000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f75df18a7c800007f75df18a7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff88801bf13700 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804806f988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555889c3400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055557ab93c18 CR3=0000000046bcd000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f992be667c800007f992be667c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000