Warning: Permanently added '[localhost]:65053' (ECDSA) to the list of known hosts. 2025/08/29 08:47:45 fuzzer started 2025/08/29 08:47:45 dialing manager at localhost:43077 syzkaller login: [ 51.887585] cgroup: Unknown subsys name 'net' [ 52.034587] cgroup: Unknown subsys name 'cpuset' [ 52.054673] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:47:56 syscalls: 2214 2025/08/29 08:47:56 code coverage: enabled 2025/08/29 08:47:56 comparison tracing: enabled 2025/08/29 08:47:56 extra coverage: enabled 2025/08/29 08:47:56 setuid sandbox: enabled 2025/08/29 08:47:56 namespace sandbox: enabled 2025/08/29 08:47:56 Android sandbox: enabled 2025/08/29 08:47:56 fault injection: enabled 2025/08/29 08:47:56 leak checking: enabled 2025/08/29 08:47:56 net packet injection: enabled 2025/08/29 08:47:56 net device setup: enabled 2025/08/29 08:47:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:47:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:47:56 USB emulation: enabled 2025/08/29 08:47:56 hci packet injection: enabled 2025/08/29 08:47:56 wifi device emulation: enabled 2025/08/29 08:47:56 802.15.4 emulation: enabled 2025/08/29 08:47:56 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:47:56 fetching corpus: 49, signal 25199/28319 (executing program) 2025/08/29 08:47:56 fetching corpus: 99, signal 35278/39457 (executing program) 2025/08/29 08:47:57 fetching corpus: 149, signal 42314/47406 (executing program) 2025/08/29 08:47:57 fetching corpus: 199, signal 48025/53884 (executing program) 2025/08/29 08:47:57 fetching corpus: 249, signal 54270/60750 (executing program) 2025/08/29 08:47:57 fetching corpus: 299, signal 60627/67437 (executing program) 2025/08/29 08:47:57 fetching corpus: 349, signal 64724/71903 (executing program) 2025/08/29 08:47:57 fetching corpus: 399, signal 66610/74440 (executing program) 2025/08/29 08:47:57 fetching corpus: 449, signal 69701/77874 (executing program) 2025/08/29 08:47:57 fetching corpus: 499, signal 73736/81940 (executing program) 2025/08/29 08:47:58 fetching corpus: 549, signal 77007/85351 (executing program) 2025/08/29 08:47:58 fetching corpus: 599, signal 79437/87973 (executing program) 2025/08/29 08:47:58 fetching corpus: 649, signal 82315/90759 (executing program) 2025/08/29 08:47:58 fetching corpus: 699, signal 85506/93764 (executing program) 2025/08/29 08:47:58 fetching corpus: 749, signal 87326/95630 (executing program) 2025/08/29 08:47:58 fetching corpus: 799, signal 89086/97421 (executing program) 2025/08/29 08:47:58 fetching corpus: 849, signal 91061/99306 (executing program) 2025/08/29 08:47:59 fetching corpus: 899, signal 92831/101059 (executing program) 2025/08/29 08:47:59 fetching corpus: 949, signal 94845/102845 (executing program) 2025/08/29 08:47:59 fetching corpus: 999, signal 97210/104752 (executing program) 2025/08/29 08:47:59 fetching corpus: 1049, signal 98396/105812 (executing program) 2025/08/29 08:47:59 fetching corpus: 1099, signal 99875/107058 (executing program) 2025/08/29 08:47:59 fetching corpus: 1149, signal 102375/108846 (executing program) 2025/08/29 08:47:59 fetching corpus: 1199, signal 103818/109959 (executing program) 2025/08/29 08:47:59 fetching corpus: 1249, signal 104886/110802 (executing program) 2025/08/29 08:48:00 fetching corpus: 1299, signal 106064/111829 (executing program) 2025/08/29 08:48:00 fetching corpus: 1349, signal 108908/113761 (executing program) 2025/08/29 08:48:00 fetching corpus: 1399, signal 110481/114743 (executing program) 2025/08/29 08:48:00 fetching corpus: 1449, signal 111478/115390 (executing program) 2025/08/29 08:48:00 fetching corpus: 1499, signal 112670/116135 (executing program) 2025/08/29 08:48:00 fetching corpus: 1549, signal 113870/116915 (executing program) 2025/08/29 08:48:00 fetching corpus: 1599, signal 114862/117438 (executing program) 2025/08/29 08:48:00 fetching corpus: 1649, signal 115866/117940 (executing program) 2025/08/29 08:48:01 fetching corpus: 1699, signal 116908/118405 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118516 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118556 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118594 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118627 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118664 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118702 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118740 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118775 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118813 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118852 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118898 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118952 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/118985 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119028 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119061 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119096 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119133 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119171 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119201 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119244 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119277 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119313 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119345 (executing program) 2025/08/29 08:48:01 fetching corpus: 1706, signal 117064/119345 (executing program) 2025/08/29 08:48:03 starting 8 fuzzer processes 08:48:03 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 08:48:03 executing program 1: move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 08:48:03 executing program 3: r0 = getpgid(0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f00000000c0)) sched_setattr(r0, &(0x7f0000000980)={0x38}, 0x0) 08:48:03 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100), 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000001740)={0x1, &(0x7f0000001700)=[{}]}, 0x10) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000340)={{0x1}}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) 08:48:03 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x5, 0x1, 0x5}, 0x14}}, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, 0xf, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_INDEX={0x6}, @IPSET_ATTR_INDEX={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40050) 08:48:03 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5409, &(0x7f0000000140)) [ 69.465409] audit: type=1400 audit(1756457283.929:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:48:03 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@loopback, r2}, 0x14) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 08:48:04 executing program 6: openat$snapshot(0xffffffffffffff9c, &(0x7f00000019c0), 0x0, 0x0) [ 70.734044] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.739729] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.742303] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.746742] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.749492] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.757346] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.760793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.762804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.771661] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.775286] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.778703] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.778863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.782819] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.784625] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.784646] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.789146] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.790851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.794691] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.807584] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.814526] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.884799] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.899584] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.906963] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.906980] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.913482] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 70.917184] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.920361] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 70.922944] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.929621] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.932521] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.937718] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.941601] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.949498] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.970825] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.971970] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.974120] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.983232] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.011994] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.045407] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.060528] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.818723] Bluetooth: hci1: command tx timeout [ 72.819322] Bluetooth: hci2: command tx timeout [ 72.819776] Bluetooth: hci3: command tx timeout [ 72.882155] Bluetooth: hci0: command tx timeout [ 73.010245] Bluetooth: hci4: command tx timeout [ 73.075175] Bluetooth: hci6: command tx timeout [ 73.075732] Bluetooth: hci5: command tx timeout [ 73.204912] Bluetooth: hci7: command tx timeout [ 74.866279] Bluetooth: hci3: command tx timeout [ 74.866747] Bluetooth: hci2: command tx timeout [ 74.867232] Bluetooth: hci1: command tx timeout [ 74.931324] Bluetooth: hci0: command tx timeout [ 75.058224] Bluetooth: hci4: command tx timeout [ 75.123641] Bluetooth: hci6: command tx timeout [ 75.124053] Bluetooth: hci5: command tx timeout [ 75.251149] Bluetooth: hci7: command tx timeout [ 76.914213] Bluetooth: hci1: command tx timeout [ 76.914684] Bluetooth: hci3: command tx timeout [ 76.915063] Bluetooth: hci2: command tx timeout [ 76.979154] Bluetooth: hci0: command tx timeout [ 77.108180] Bluetooth: hci4: command tx timeout [ 77.171177] Bluetooth: hci5: command tx timeout [ 77.171605] Bluetooth: hci6: command tx timeout [ 77.298245] Bluetooth: hci7: command tx timeout [ 78.962413] Bluetooth: hci2: command tx timeout [ 78.962881] Bluetooth: hci3: command tx timeout [ 78.964126] Bluetooth: hci1: command tx timeout [ 79.026170] Bluetooth: hci0: command tx timeout [ 79.154176] Bluetooth: hci4: command tx timeout [ 79.219318] Bluetooth: hci6: command tx timeout [ 79.219728] Bluetooth: hci5: command tx timeout [ 79.346181] Bluetooth: hci7: command tx timeout [ 107.310738] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.311784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.543374] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.544004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.942143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.942770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.084881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.086217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.355229] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure 08:48:42 executing program 3: r0 = getpgid(0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f00000000c0)) sched_setattr(r0, &(0x7f0000000980)={0x38}, 0x0) 08:48:42 executing program 3: r0 = getpgid(0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f00000000c0)) sched_setattr(r0, &(0x7f0000000980)={0x38}, 0x0) 08:48:43 executing program 3: r0 = getpgid(0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f00000000c0)) sched_setattr(r0, &(0x7f0000000980)={0x38}, 0x0) 08:48:43 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) [ 108.846482] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 108.847307] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 108.858419] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 108.867766] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 108.877150] Bluetooth: hci0: Opcode 0x0406 failed: -4 08:48:43 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) [ 108.888130] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 108.893254] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 108.895164] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 108.898363] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 108.906983] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 108.915385] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 108.919598] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 108.922034] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 108.926185] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 108.931693] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 108.940495] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 108.940980] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 108.953863] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 108.963746] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 108.964283] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 108.969038] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 108.976265] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 108.976777] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 108.986475] Bluetooth: hci7: Opcode 0x0406 failed: -4 08:48:43 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) 08:48:43 executing program 6: openat$snapshot(0xffffffffffffff9c, &(0x7f00000019c0), 0x0, 0x0) 08:48:43 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) [ 109.161553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.162197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.282728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.283494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.941621] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 109.942351] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 109.943008] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 109.943659] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 109.944509] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 109.945146] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 109.945736] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 109.946532] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 110.016133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.016753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.059628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.060277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.129974] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.130968] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.182966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.184059] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.223804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.224801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.310912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.311565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.364976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.365812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.394705] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.395491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.460751] audit: type=1400 audit(1756457324.925:8): avc: denied { open } for pid=3905 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.462436] audit: type=1400 audit(1756457324.925:9): avc: denied { kernel } for pid=3905 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.462937] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.464583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.491947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.492563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:48:45 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x5, 0x1, 0x5}, 0x14}}, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, 0xf, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_INDEX={0x6}, @IPSET_ATTR_INDEX={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40050) 08:48:45 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@loopback, r2}, 0x14) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 08:48:45 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 08:48:45 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5409, &(0x7f0000000140)) 08:48:45 executing program 1: move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 08:48:45 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100), 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000001740)={0x1, &(0x7f0000001700)=[{}]}, 0x10) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000340)={{0x1}}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) 08:48:45 executing program 6: openat$snapshot(0xffffffffffffff9c, &(0x7f00000019c0), 0x0, 0x0) 08:48:45 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) 08:48:45 executing program 1: move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 08:48:45 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@loopback, r2}, 0x14) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 08:48:45 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) 08:48:45 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5409, &(0x7f0000000140)) 08:48:45 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 08:48:45 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100), 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000001740)={0x1, &(0x7f0000001700)=[{}]}, 0x10) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000340)={{0x1}}) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) 08:48:45 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@empty}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@loopback, r2}, 0x14) [ 110.855061] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 110.855994] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 110.856596] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.858654] Tainted: [W]=WARN [ 110.859360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.861070] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.862406] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.866008] RSP: 0018:ffff888043777780 EFLAGS: 00010012 [ 110.866431] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001e04000 [ 110.867006] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 110.867568] RBP: ffff8880437779f0 R08: ffff88806cf31340 R09: ffffe8ffffd15210 [ 110.868134] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.868699] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.869271] FS: 00007f7e108a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.869906] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.870378] CR2: 00007f7e13440018 CR3: 000000000e133000 CR4: 0000000000350ef0 [ 110.870960] Call Trace: [ 110.871173] [ 110.871364] ? __pfx_perf_tp_event+0x10/0x10 [ 110.871733] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 110.872238] ? lock_acquire+0x15e/0x2f0 [ 110.872596] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 110.873142] ? lock_is_held_type+0x9e/0x120 [ 110.873516] ? lock_is_held_type+0x9e/0x120 [ 110.873878] ? ctx_sched_in+0x134/0x9b0 [ 110.874214] ? __lock_acquire+0x694/0x1b70 [ 110.874581] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.875027] ? find_held_lock+0x2b/0x80 [ 110.875370] perf_trace_run_bpf_submit+0xef/0x180 [ 110.875768] perf_trace_preemptirq_template+0x259/0x430 [ 110.876206] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.876692] ? __pfx___smp_call_single_queue+0x10/0x10 [ 110.877133] ? find_held_lock+0x2b/0x80 [ 110.877473] ? try_to_wake_up+0x8ae/0x11d0 [ 110.877839] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 110.878283] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.878707] trace_hardirqs_on+0x26/0x40 [ 110.879042] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 110.879435] try_to_wake_up+0x8ae/0x11d0 [ 110.879768] ? __pfx_try_to_wake_up+0x10/0x10 [ 110.880135] ? plist_del+0x122/0x270 [ 110.880437] ? find_held_lock+0x2b/0x80 [ 110.880760] ? futex_wake+0x474/0x540 [ 110.881074] wake_up_q+0xa1/0x130 [ 110.881360] futex_wake+0x47e/0x540 [ 110.881665] ? __pfx_futex_wake+0x10/0x10 [ 110.882000] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 110.882407] ? lock_release+0xc8/0x290 [ 110.882722] do_futex+0x26d/0x370 [ 110.883014] ? __pfx_do_futex+0x10/0x10 [ 110.883337] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 110.883755] ? find_held_lock+0x2b/0x80 [ 110.884079] __x64_sys_futex+0x1c9/0x4d0 [ 110.884409] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.884882] ? __pfx___x64_sys_futex+0x10/0x10 [ 110.885253] do_syscall_64+0xbf/0x360 [ 110.885556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.885971] RIP: 0033:0x7f7e1332cb19 [ 110.886268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.887701] RSP: 002b:00007f7e108a2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.888297] RAX: ffffffffffffffda RBX: 00007f7e1343ff68 RCX: 00007f7e1332cb19 [ 110.888857] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7e1343ff6c [ 110.889425] RBP: 00007f7e1343ff60 R08: 000000000000000e R09: 0000000000000000 [ 110.889985] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7e1343ff6c [ 110.890545] R13: 00007ffe7839541f R14: 00007f7e108a2300 R15: 0000000000022000 [ 110.891123] [ 110.891312] Modules linked in: [ 110.891573] ---[ end trace 0000000000000000 ]--- [ 110.891946] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.892320] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.893737] RSP: 0018:ffff888043777780 EFLAGS: 00010012 [ 110.894161] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001e04000 [ 110.894719] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 110.895287] RBP: ffff8880437779f0 R08: ffff88806cf31340 R09: ffffe8ffffd15210 [ 110.895850] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.896409] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.896966] FS: 00007f7e108a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.897596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.898052] CR2: 00007f7e13440018 CR3: 000000000e133000 CR4: 0000000000350ef0 [ 110.898615] note: syz-executor.2[3945] exited with irqs disabled [ 110.899147] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 110.900017] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 110.900615] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.901546] Tainted: [D]=DIE, [W]=WARN [ 110.901846] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.902491] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.902864] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.904295] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 110.904711] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 110.905268] RDX: ffff88804207d280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 110.905824] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd15210 [ 110.906382] R10: 0000000000000000 R11: ffff888017c79898 R12: dffffc0000000000 [ 110.906945] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 110.907503] FS: 00007f7e108a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.908134] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.908595] CR2: 00007f7e13440018 CR3: 000000000e133000 CR4: 0000000000350ef0 [ 110.909159] Call Trace: [ 110.909365] [ 110.909544] ? __pfx_perf_tp_event+0x10/0x10 [ 110.909901] ? enqueue_task_fair+0xded/0x1e00 [ 110.910267] ? check_preempt_wakeup_fair+0x6e/0x950 [ 110.910669] ? wakeup_preempt+0x140/0x2a0 [ 110.911005] ? lock_release+0x1c7/0x290 [ 110.911321] ? lock_release+0x1c7/0x290 [ 110.911640] ? do_raw_spin_unlock+0x53/0x220 [ 110.912000] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 110.912405] ? try_to_wake_up+0x8ae/0x11d0 [ 110.912747] ? do_raw_spin_lock+0x123/0x260 [ 110.913092] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.913470] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.913869] perf_trace_run_bpf_submit+0xef/0x180 [ 110.914258] perf_trace_preemptirq_template+0x259/0x430 [ 110.914685] ? read_tsc+0x9/0x20 [ 110.914970] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.915440] ? clockevents_program_event+0x135/0x360 [ 110.915847] ? tick_program_event+0xac/0x140 [ 110.916206] ? handle_softirqs+0x16e/0x770 [ 110.916550] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.916952] trace_hardirqs_on+0x26/0x40 [ 110.917278] handle_softirqs+0x16e/0x770 [ 110.917611] __irq_exit_rcu+0xc4/0x100 [ 110.917928] irq_exit_rcu+0x9/0x20 [ 110.918215] sysvec_apic_timer_interrupt+0x70/0x80 [ 110.918608] [ 110.918788] [ 110.918979] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 110.919402] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 110.919774] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 110.921192] RSP: 0018:ffff888043777f28 EFLAGS: 00000246 [ 110.921609] RAX: 0000000000000001 RBX: ffff88804207d280 RCX: ffffffff817c2b86 [ 110.922179] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 110.922735] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 110.923301] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88804207d280 [ 110.923859] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 110.924417] ? trace_irq_enable.constprop.0+0x26/0x100 [ 110.924832] ? make_task_dead+0x214/0x3b0 [ 110.925164] ? make_task_dead+0x214/0x3b0 [ 110.925496] ? do_syscall_64+0xbf/0x360 [ 110.925812] rewind_stack_and_make_dead+0x16/0x20 [ 110.926196] RIP: 0033:0x7f7e1332cb19 [ 110.926492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.927909] RSP: 002b:00007f7e108a2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.928511] RAX: ffffffffffffffda RBX: 00007f7e1343ff68 RCX: 00007f7e1332cb19 [ 110.929065] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7e1343ff6c [ 110.929621] RBP: 00007f7e1343ff60 R08: 000000000000000e R09: 0000000000000000 [ 110.930182] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7e1343ff6c [ 110.930743] R13: 00007ffe7839541f R14: 00007f7e108a2300 R15: 0000000000022000 [ 110.931316] [ 110.931503] Modules linked in: [ 110.931760] ---[ end trace 0000000000000000 ]--- [ 110.931761] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 110.932138] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.932995] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 110.933348] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.934012] CPU: 0 UID: 0 PID: 3941 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.935424] RSP: 0018:ffff888043777780 EFLAGS: 00010012 [ 110.936335] Tainted: [D]=DIE, [W]=WARN [ 110.936745] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001e04000 [ 110.937042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.937597] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 110.938229] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.938780] RBP: ffff8880437779f0 R08: ffff88806cf31340 R09: ffffe8ffffd15210 [ 110.939147] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.939699] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.941097] RSP: 0018:ffff88804424f780 EFLAGS: 00010012 [ 110.941644] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.942051] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 110.942602] FS: 00007f7e108a2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.943158] RDX: ffff88801660d280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.943778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.944325] RBP: ffff88804424f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15210 [ 110.944774] CR2: 00007f7e13440018 CR3: 000000000e133000 CR4: 0000000000350ef0 [ 110.945319] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 110.945873] Kernel panic - not syncing: Fatal exception in interrupt [ 110.947150] Kernel Offset: disabled [ 110.947434] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:48:45 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888042079b80 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804377f8d8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556992d400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7e134385ec CR3=000000000e133000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7e134137c000007f7e134137c8 XMM02=00007f7e134137e000007f7e134137c0 XMM03=00007f7e134137c800007f7e134137c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888043777070 R8 =0000000000000000 R9 =ffffed100171c046 R10=0000000000000037 R11=0000000065646f43 R12=0000000000000037 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7e108a2700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7e13440018 CR3=000000000e133000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7e134137c000007f7e134137c8 XMM02=00007f7e134137e000007f7e134137c0 XMM03=00007f7e134137c800007f7e134137c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000