Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:24871' (ECDSA) to the list of known hosts. 2025/08/29 09:16:57 fuzzer started 2025/08/29 09:16:57 dialing manager at localhost:43077 syzkaller login: [ 52.481487] cgroup: Unknown subsys name 'net' [ 52.546031] cgroup: Unknown subsys name 'cpuset' [ 52.562546] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:17:08 syscalls: 2214 2025/08/29 09:17:08 code coverage: enabled 2025/08/29 09:17:08 comparison tracing: enabled 2025/08/29 09:17:08 extra coverage: enabled 2025/08/29 09:17:08 setuid sandbox: enabled 2025/08/29 09:17:08 namespace sandbox: enabled 2025/08/29 09:17:08 Android sandbox: enabled 2025/08/29 09:17:08 fault injection: enabled 2025/08/29 09:17:08 leak checking: enabled 2025/08/29 09:17:08 net packet injection: enabled 2025/08/29 09:17:08 net device setup: enabled 2025/08/29 09:17:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:17:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:17:08 USB emulation: enabled 2025/08/29 09:17:08 hci packet injection: enabled 2025/08/29 09:17:08 wifi device emulation: enabled 2025/08/29 09:17:08 802.15.4 emulation: enabled 2025/08/29 09:17:08 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:17:08 fetching corpus: 33, signal 14305/17907 (executing program) 2025/08/29 09:17:08 fetching corpus: 83, signal 30826/35596 (executing program) 2025/08/29 09:17:08 fetching corpus: 133, signal 40654/46435 (executing program) 2025/08/29 09:17:08 fetching corpus: 183, signal 48665/55319 (executing program) 2025/08/29 09:17:08 fetching corpus: 233, signal 52909/60540 (executing program) 2025/08/29 09:17:08 fetching corpus: 283, signal 61614/69676 (executing program) 2025/08/29 09:17:08 fetching corpus: 333, signal 66466/75195 (executing program) 2025/08/29 09:17:09 fetching corpus: 383, signal 69890/79274 (executing program) 2025/08/29 09:17:09 fetching corpus: 433, signal 73220/83224 (executing program) 2025/08/29 09:17:09 fetching corpus: 483, signal 75812/86469 (executing program) 2025/08/29 09:17:09 fetching corpus: 533, signal 78152/89385 (executing program) 2025/08/29 09:17:09 fetching corpus: 583, signal 80140/92000 (executing program) 2025/08/29 09:17:09 fetching corpus: 633, signal 82559/94891 (executing program) 2025/08/29 09:17:09 fetching corpus: 683, signal 84722/97523 (executing program) 2025/08/29 09:17:09 fetching corpus: 733, signal 86500/99848 (executing program) 2025/08/29 09:17:09 fetching corpus: 783, signal 88177/101998 (executing program) 2025/08/29 09:17:09 fetching corpus: 833, signal 91151/105042 (executing program) 2025/08/29 09:17:10 fetching corpus: 883, signal 92745/106974 (executing program) 2025/08/29 09:17:10 fetching corpus: 933, signal 94008/108669 (executing program) 2025/08/29 09:17:10 fetching corpus: 983, signal 95725/110579 (executing program) 2025/08/29 09:17:10 fetching corpus: 1033, signal 97688/112757 (executing program) 2025/08/29 09:17:10 fetching corpus: 1083, signal 100931/115612 (executing program) 2025/08/29 09:17:10 fetching corpus: 1133, signal 103279/117890 (executing program) 2025/08/29 09:17:11 fetching corpus: 1183, signal 105378/119888 (executing program) 2025/08/29 09:17:11 fetching corpus: 1233, signal 106135/120951 (executing program) 2025/08/29 09:17:11 fetching corpus: 1283, signal 107921/122662 (executing program) 2025/08/29 09:17:11 fetching corpus: 1333, signal 108772/123750 (executing program) 2025/08/29 09:17:11 fetching corpus: 1383, signal 110132/125079 (executing program) 2025/08/29 09:17:11 fetching corpus: 1433, signal 111319/126304 (executing program) 2025/08/29 09:17:12 fetching corpus: 1483, signal 112630/127607 (executing program) 2025/08/29 09:17:12 fetching corpus: 1533, signal 113969/128816 (executing program) 2025/08/29 09:17:12 fetching corpus: 1583, signal 115097/129922 (executing program) 2025/08/29 09:17:12 fetching corpus: 1633, signal 116624/131153 (executing program) 2025/08/29 09:17:12 fetching corpus: 1683, signal 117415/131959 (executing program) 2025/08/29 09:17:12 fetching corpus: 1733, signal 119111/133242 (executing program) 2025/08/29 09:17:12 fetching corpus: 1783, signal 120248/134247 (executing program) 2025/08/29 09:17:12 fetching corpus: 1833, signal 121399/135206 (executing program) 2025/08/29 09:17:13 fetching corpus: 1883, signal 122247/135995 (executing program) 2025/08/29 09:17:13 fetching corpus: 1933, signal 122942/136653 (executing program) 2025/08/29 09:17:13 fetching corpus: 1983, signal 123778/137343 (executing program) 2025/08/29 09:17:13 fetching corpus: 2033, signal 124783/138126 (executing program) 2025/08/29 09:17:13 fetching corpus: 2083, signal 125606/138774 (executing program) 2025/08/29 09:17:13 fetching corpus: 2133, signal 126217/139341 (executing program) 2025/08/29 09:17:13 fetching corpus: 2183, signal 127078/140023 (executing program) 2025/08/29 09:17:13 fetching corpus: 2233, signal 127973/140641 (executing program) 2025/08/29 09:17:14 fetching corpus: 2283, signal 128437/141113 (executing program) 2025/08/29 09:17:14 fetching corpus: 2333, signal 129492/141805 (executing program) 2025/08/29 09:17:14 fetching corpus: 2383, signal 130541/142410 (executing program) 2025/08/29 09:17:14 fetching corpus: 2433, signal 131617/142971 (executing program) 2025/08/29 09:17:14 fetching corpus: 2483, signal 132369/143387 (executing program) 2025/08/29 09:17:14 fetching corpus: 2533, signal 133079/143914 (executing program) 2025/08/29 09:17:14 fetching corpus: 2583, signal 133838/144304 (executing program) 2025/08/29 09:17:14 fetching corpus: 2633, signal 134594/144683 (executing program) 2025/08/29 09:17:14 fetching corpus: 2683, signal 135374/145067 (executing program) 2025/08/29 09:17:15 fetching corpus: 2733, signal 135971/145384 (executing program) 2025/08/29 09:17:15 fetching corpus: 2783, signal 136687/145729 (executing program) 2025/08/29 09:17:15 fetching corpus: 2833, signal 137178/145992 (executing program) 2025/08/29 09:17:15 fetching corpus: 2883, signal 137951/146302 (executing program) 2025/08/29 09:17:15 fetching corpus: 2933, signal 138550/146549 (executing program) 2025/08/29 09:17:15 fetching corpus: 2983, signal 139508/146828 (executing program) 2025/08/29 09:17:15 fetching corpus: 3033, signal 140114/147057 (executing program) 2025/08/29 09:17:15 fetching corpus: 3083, signal 140787/147239 (executing program) 2025/08/29 09:17:16 fetching corpus: 3133, signal 141630/147424 (executing program) 2025/08/29 09:17:16 fetching corpus: 3183, signal 142377/147603 (executing program) 2025/08/29 09:17:16 fetching corpus: 3233, signal 142919/147727 (executing program) 2025/08/29 09:17:16 fetching corpus: 3283, signal 143417/147886 (executing program) 2025/08/29 09:17:16 fetching corpus: 3333, signal 143885/147987 (executing program) 2025/08/29 09:17:16 fetching corpus: 3383, signal 144622/148073 (executing program) 2025/08/29 09:17:16 fetching corpus: 3433, signal 145099/148138 (executing program) 2025/08/29 09:17:16 fetching corpus: 3483, signal 145932/148201 (executing program) 2025/08/29 09:17:16 fetching corpus: 3495, signal 146030/148234 (executing program) 2025/08/29 09:17:16 fetching corpus: 3495, signal 146030/148234 (executing program) 2025/08/29 09:17:18 starting 8 fuzzer processes 09:17:18 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) creat(&(0x7f00000003c0)='./file0\x00', 0x0) chmod(&(0x7f0000000040)='./file0\x00', 0x0) 09:17:18 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000040)) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x5) close_range(r0, 0xffffffffffffffff, 0x0) 09:17:18 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:17:18 executing program 7: semtimedop(0x0, &(0x7f0000000340)=[{0x0, 0x3, 0x1800}, {}], 0x2, &(0x7f0000000380)) [ 72.819657] audit: type=1400 audit(1756459038.876:7): avc: denied { execmem } for pid=276 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:17:18 executing program 3: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x42132, 0xffffffffffffffff, 0x0) 09:17:18 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000001180)='/proc/self/attr/keycreate\x00', 0x2, 0x0) fcntl$setlease(r0, 0x400, 0x1) fchown(r0, 0xee01, 0x0) 09:17:18 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000240)={0x0, "77b1a369993c02fbf2c9cbe5119a8d6b3cd89916abbe60b4390d67b06aab738a3ddb5a33ea4d0c97bf5c542184e96b80adc2ee0526e68f289a5f8f91ec35ac88"}, 0x48, r0) request_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)='{*]#\x00', r1) 09:17:18 executing program 6: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) io_submit(r0, 0x2, &(0x7f0000002940)=[&(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x7}, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) [ 73.930802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.932684] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.933979] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.936259] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.938954] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.004836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.008472] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.009647] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.019488] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.021265] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.075235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.076188] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.077106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.079620] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.080903] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.083913] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.084904] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.085934] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.088379] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.089953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.120324] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.131478] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.158646] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.162545] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.166076] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.173924] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.179563] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.182812] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.189008] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.190509] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.194442] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.196105] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.197887] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.198671] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.205489] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.207010] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.223306] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.229556] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.237084] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.253034] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.969873] Bluetooth: hci0: command tx timeout [ 76.033344] Bluetooth: hci1: command tx timeout [ 76.097355] Bluetooth: hci3: command tx timeout [ 76.161441] Bluetooth: hci2: command tx timeout [ 76.225443] Bluetooth: hci4: command tx timeout [ 76.289504] Bluetooth: hci6: command tx timeout [ 76.289550] Bluetooth: hci5: command tx timeout [ 76.354549] Bluetooth: hci7: command tx timeout [ 78.017276] Bluetooth: hci0: command tx timeout [ 78.081303] Bluetooth: hci1: command tx timeout [ 78.145420] Bluetooth: hci3: command tx timeout [ 78.209264] Bluetooth: hci2: command tx timeout [ 78.273542] Bluetooth: hci4: command tx timeout [ 78.337343] Bluetooth: hci6: command tx timeout [ 78.338403] Bluetooth: hci5: command tx timeout [ 78.401292] Bluetooth: hci7: command tx timeout [ 80.065488] Bluetooth: hci0: command tx timeout [ 80.129443] Bluetooth: hci1: command tx timeout [ 80.193309] Bluetooth: hci3: command tx timeout [ 80.259275] Bluetooth: hci2: command tx timeout [ 80.321429] Bluetooth: hci4: command tx timeout [ 80.385496] Bluetooth: hci5: command tx timeout [ 80.386153] Bluetooth: hci6: command tx timeout [ 80.449470] Bluetooth: hci7: command tx timeout [ 82.113320] Bluetooth: hci0: command tx timeout [ 82.177625] Bluetooth: hci1: command tx timeout [ 82.241291] Bluetooth: hci3: command tx timeout [ 82.305482] Bluetooth: hci2: command tx timeout [ 82.369346] Bluetooth: hci4: command tx timeout [ 82.433608] Bluetooth: hci6: command tx timeout [ 82.434517] Bluetooth: hci5: command tx timeout [ 82.497446] Bluetooth: hci7: command tx timeout [ 111.897471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.898145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.030934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.031577] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.475175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.475827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.677807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.678998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:17:58 executing program 6: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) io_submit(r0, 0x2, &(0x7f0000002940)=[&(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x7}, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) [ 112.807889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.809146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:17:58 executing program 6: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) io_submit(r0, 0x2, &(0x7f0000002940)=[&(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x7}, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) [ 112.919455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.920051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:17:59 executing program 6: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) io_submit(r0, 0x2, &(0x7f0000002940)=[&(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x7}, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) 09:17:59 executing program 6: r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x11, &(0x7f0000000580)=[{0x0}], 0x1) [ 113.382601] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.383200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:17:59 executing program 6: r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x11, &(0x7f0000000580)=[{0x0}], 0x1) [ 113.464413] audit: type=1400 audit(1756459079.519:8): avc: denied { setattr } for pid=3848 comm="syz-executor.5" name="keycreate" dev="proc" ino=5215 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1 09:17:59 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x0) 09:17:59 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000140)={0x2}) 09:17:59 executing program 6: r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x11, &(0x7f0000000580)=[{0x0}], 0x1) [ 113.598297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.599640] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.605460] audit: type=1400 audit(1756459079.659:9): avc: denied { open } for pid=3860 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 113.615299] audit: type=1400 audit(1756459079.660:10): avc: denied { kernel } for pid=3860 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 113.958344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.958967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.071113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.072316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.137407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.138560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.222546] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.223160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.347062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.347709] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.392064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.392687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.424766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.425750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.568969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.570091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:18:00 executing program 3: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x42132, 0xffffffffffffffff, 0x0) 09:18:00 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000140)={0x2}) 09:18:00 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x0) 09:18:00 executing program 6: r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x11, &(0x7f0000000580)=[{0x0}], 0x1) 09:18:00 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000240)={0x0, "77b1a369993c02fbf2c9cbe5119a8d6b3cd89916abbe60b4390d67b06aab738a3ddb5a33ea4d0c97bf5c542184e96b80adc2ee0526e68f289a5f8f91ec35ac88"}, 0x48, r0) request_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)='{*]#\x00', r1) 09:18:00 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000040)) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x5) close_range(r0, 0xffffffffffffffff, 0x0) 09:18:00 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) creat(&(0x7f00000003c0)='./file0\x00', 0x0) chmod(&(0x7f0000000040)='./file0\x00', 0x0) 09:18:00 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 3: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x42132, 0xffffffffffffffff, 0x0) 09:18:01 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000140)={0x2}) 09:18:01 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000040)) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x5) close_range(r0, 0xffffffffffffffff, 0x0) 09:18:01 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) creat(&(0x7f00000003c0)='./file0\x00', 0x0) chmod(&(0x7f0000000040)='./file0\x00', 0x0) 09:18:01 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x0) 09:18:01 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000240)={0x0, "77b1a369993c02fbf2c9cbe5119a8d6b3cd89916abbe60b4390d67b06aab738a3ddb5a33ea4d0c97bf5c542184e96b80adc2ee0526e68f289a5f8f91ec35ac88"}, 0x48, r0) request_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)='{*]#\x00', r1) [ 115.302153] kmemleak: Found object by alias at 0x607f1a638ba4 [ 115.302174] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.302192] Tainted: [W]=WARN [ 115.302195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.302206] Call Trace: [ 115.302211] [ 115.302215] dump_stack_lvl+0xca/0x120 [ 115.302240] __lookup_object+0x94/0xb0 [ 115.302257] delete_object_full+0x27/0x70 [ 115.302272] free_percpu+0x30/0x1160 [ 115.302289] ? arch_uprobe_clear_state+0x16/0x140 [ 115.302309] futex_hash_free+0x38/0xc0 [ 115.302323] mmput+0x2d3/0x390 [ 115.302342] do_exit+0x79d/0x2970 [ 115.302360] ? __pfx_do_exit+0x10/0x10 [ 115.302374] ? find_held_lock+0x2b/0x80 [ 115.302392] ? get_signal+0x835/0x2340 [ 115.302412] do_group_exit+0xd3/0x2a0 [ 115.302427] get_signal+0x2315/0x2340 [ 115.302444] ? put_task_stack+0xd2/0x240 [ 115.302459] ? __pfx_get_signal+0x10/0x10 [ 115.302475] ? __schedule+0xe91/0x3590 [ 115.302496] arch_do_signal_or_restart+0x80/0x790 [ 115.302513] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 115.302529] ? __x64_sys_futex+0x1c9/0x4d0 [ 115.302541] ? __x64_sys_futex+0x1d2/0x4d0 [ 115.302556] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.302570] ? ksys_mmap_pgoff+0x85/0x520 [ 115.302589] exit_to_user_mode_loop+0x8b/0x110 [ 115.302602] do_syscall_64+0x2f7/0x360 [ 115.302614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.302626] RIP: 0033:0x7f7b67939b19 [ 115.302635] Code: Unable to access opcode bytes at 0x7f7b67939aef. [ 115.302640] RSP: 002b:00007f7b64eaf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.302652] RAX: 0000000000000001 RBX: 00007f7b67a4cf68 RCX: 00007f7b67939b19 [ 115.302659] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7b67a4cf6c [ 115.302666] RBP: 00007f7b67a4cf60 R08: 0000000000000016 R09: 0000000000000000 [ 115.302672] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f7b67a4cf6c [ 115.302679] R13: 00007ffe70bca77f R14: 00007f7b64eaf300 R15: 0000000000022000 [ 115.302696] [ 115.302700] kmemleak: Object (percpu) 0x607f1a638ba0 (size 8): [ 115.302706] kmemleak: comm "syz-executor.7", pid 3956, jiffies 4294782048 [ 115.302713] kmemleak: min_count = 1 [ 115.302717] kmemleak: count = 0 [ 115.302720] kmemleak: flags = 0x21 [ 115.302724] kmemleak: checksum = 0 [ 115.302727] kmemleak: backtrace: [ 115.302731] pcpu_alloc_noprof+0x87a/0x1170 [ 115.302746] perf_trace_event_init+0x366/0xa10 [ 115.302759] perf_trace_init+0x1a4/0x2f0 [ 115.302770] perf_tp_event_init+0xa6/0x120 [ 115.302785] perf_try_init_event+0x140/0x9f0 [ 115.302798] perf_event_alloc.part.0+0x118e/0x45f0 [ 115.302813] __do_sys_perf_event_open+0x719/0x2c20 [ 115.302825] do_syscall_64+0xbf/0x360 [ 115.302834] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:18:01 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x0) 09:18:01 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) creat(&(0x7f00000003c0)='./file0\x00', 0x0) chmod(&(0x7f0000000040)='./file0\x00', 0x0) 09:18:01 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000240)={0x0, "77b1a369993c02fbf2c9cbe5119a8d6b3cd89916abbe60b4390d67b06aab738a3ddb5a33ea4d0c97bf5c542184e96b80adc2ee0526e68f289a5f8f91ec35ac88"}, 0x48, r0) request_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)='{*]#\x00', r1) 09:18:01 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000040)) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x5) close_range(r0, 0xffffffffffffffff, 0x0) 09:18:01 executing program 3: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x42132, 0xffffffffffffffff, 0x0) 09:18:01 executing program 4: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 3: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000140)={0x2}) 09:18:01 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 0: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) 09:18:01 executing program 5: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x12f1) clone3(&(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) fork() r1 = gettid() getpriority(0x2, r1) ptrace(0x4207, r1) r2 = memfd_secret(0x0) sync_file_range(0xffffffffffffffff, 0xb, 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) dup(r0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) [ 115.613827] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 115.614768] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 115.615461] CPU: 1 UID: 0 PID: 3979 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.616402] Tainted: [W]=WARN [ 115.617197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.619032] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.620127] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.624247] RSP: 0018:ffff88804446f780 EFLAGS: 00010012 [ 115.625395] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.625942] RDX: ffff8880440f8000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 115.626510] RBP: ffff88804446f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15ba0 [ 115.627060] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.627608] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.628155] FS: 000055557bd8f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.628773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.629222] CR2: 000055557bd90c18 CR3: 000000000c987000 CR4: 0000000000350ef0 [ 115.629773] Call Trace: [ 115.629977] [ 115.630173] ? __pfx_perf_tp_event+0x10/0x10 [ 115.630523] ? perf_trace_lock+0xb5/0x5d0 [ 115.630850] ? arch_scale_cpu_capacity+0x17/0xa0 [ 115.631229] ? cpu_util.constprop.0+0x17d/0x340 [ 115.631600] ? __asan_memset+0x24/0x50 [ 115.631907] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 115.632335] ? perf_trace_lock+0xb5/0x5d0 [ 115.632665] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.633057] perf_trace_run_bpf_submit+0xef/0x180 [ 115.633437] perf_trace_preemptirq_template+0x259/0x430 [ 115.633857] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.634254] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.634615] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.635074] ? update_curr+0x39e/0x500 [ 115.635382] ? find_held_lock+0x2b/0x80 [ 115.635705] ? try_to_wake_up+0x8ae/0x11d0 [ 115.636040] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 115.636434] trace_irq_enable.constprop.0+0xa6/0x100 [ 115.636824] trace_hardirqs_on+0x26/0x40 [ 115.637136] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 115.637515] try_to_wake_up+0x8ae/0x11d0 [ 115.637833] ? __pfx_try_to_wake_up+0x10/0x10 [ 115.638193] ? plist_del+0x122/0x270 [ 115.638484] ? find_held_lock+0x2b/0x80 [ 115.638798] ? futex_wake+0x474/0x540 [ 115.639099] wake_up_q+0xa1/0x130 [ 115.639377] futex_wake+0x47e/0x540 [ 115.639667] ? __pfx_futex_wake+0x10/0x10 [ 115.639990] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.640389] ? finish_task_switch.isra.0+0x206/0x840 [ 115.640786] do_futex+0x26d/0x370 [ 115.641059] ? __pfx_do_futex+0x10/0x10 [ 115.641370] ? __pfx___schedule+0x10/0x10 [ 115.641694] __x64_sys_futex+0x1c9/0x4d0 [ 115.642008] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.642469] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.642823] ? xfd_validate_state+0x55/0x180 [ 115.643173] do_syscall_64+0xbf/0x360 [ 115.643469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.643867] RIP: 0033:0x7f7b67939b19 [ 115.644154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.645520] RSP: 002b:00007ffe70bca7f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.646102] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7b67939b19 [ 115.646645] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7b67a4cf68 [ 115.647187] RBP: 00007f7b67a4cf60 R08: 00007f7b64eaf700 R09: 0000000000000000 [ 115.647729] R10: 00007f7b64eaf700 R11: 0000000000000246 R12: 00007f7b67a51060 [ 115.648271] R13: 00007ffe70bca900 R14: 00007f7b67a4cf60 R15: 000000000001c2b7 [ 115.648815] [ 115.648999] Modules linked in: [ 115.649253] ---[ end trace 0000000000000000 ]--- [ 115.649256] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 115.649610] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.650464] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.650814] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.651379] CPU: 0 UID: 0 PID: 3988 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.652730] RSP: 0018:ffff88804446f780 EFLAGS: 00010012 [ 115.653610] Tainted: [D]=DIE, [W]=WARN [ 115.654004] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.654297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.654827] RDX: ffff8880440f8000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 115.655436] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.655969] RBP: ffff88804446f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15ba0 [ 115.656315] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.656846] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.658200] RSP: 0018:ffff88804631f780 EFLAGS: 00010012 [ 115.658732] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.658743] FS: 000055557bd8f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.659136] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000a7f1000 [ 115.659670] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.660260] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.660799] CR2: 000055557bd90c18 CR3: 000000000c987000 CR4: 0000000000350ef0 [ 115.661229] RBP: ffff88804631f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15ba0 [ 115.661765] note: syz-executor.3[3979] exited with irqs disabled [ 115.662298] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 115.663807] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.664346] FS: 00007fa06a5c2700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.664962] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.665402] CR2: 00007fa06d160018 CR3: 0000000044afc000 CR4: 0000000000350ef0 [ 115.665939] Call Trace: [ 115.666146] [ 115.666322] ? unwind_next_frame+0x3b2/0x2540 [ 115.666680] ? __pfx_perf_tp_event+0x10/0x10 [ 115.667024] ? perf_trace_lock+0xb5/0x5d0 [ 115.667345] ? perf_trace_lock+0xb5/0x5d0 [ 115.667666] ? perf_trace_lock+0xb5/0x5d0 [ 115.667985] ? perf_trace_lock+0xb5/0x5d0 [ 115.668305] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.668664] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.669018] ? unwind_next_frame+0x3b2/0x2540 [ 115.669370] ? lock_release+0x1c7/0x290 [ 115.669678] ? __is_insn_slot_addr+0x136/0x290 [ 115.670043] ? lock_release+0x1c7/0x290 [ 115.670351] ? __is_insn_slot_addr+0x140/0x290 [ 115.670709] ? kernel_text_address+0x5b/0xc0 [ 115.671054] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.671440] perf_trace_run_bpf_submit+0xef/0x180 [ 115.671818] perf_trace_preemptirq_template+0x259/0x430 [ 115.672233] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.672586] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.672940] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.673392] ? __pfx___resched_curr+0x10/0x10 [ 115.673745] ? try_to_wake_up+0x8ae/0x11d0 [ 115.674081] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 115.674473] trace_irq_enable.constprop.0+0xa6/0x100 [ 115.674859] trace_hardirqs_on+0x26/0x40 [ 115.675169] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 115.675548] try_to_wake_up+0x8ae/0x11d0 [ 115.675867] ? __pfx_try_to_wake_up+0x10/0x10 [ 115.676218] ? plist_del+0x122/0x270 [ 115.676509] ? futex_wake+0x474/0x540 [ 115.676809] wake_up_q+0xa1/0x130 [ 115.677084] futex_wake+0x47e/0x540 [ 115.677371] ? __pfx_futex_wake+0x10/0x10 [ 115.677694] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 115.678120] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.678516] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 115.678952] do_futex+0x26d/0x370 [ 115.679225] ? __pfx_do_futex+0x10/0x10 [ 115.679534] ? __fput+0x67b/0xb50 [ 115.679809] __x64_sys_futex+0x1c9/0x4d0 [ 115.680131] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.680590] ? fput_close_sync+0x114/0x240 [ 115.680927] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.681287] ? __pfx_fput_close_sync+0x10/0x10 [ 115.681646] ? dnotify_flush+0x79/0x4c0 [ 115.681960] do_syscall_64+0xbf/0x360 [ 115.682268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.682670] RIP: 0033:0x7fa06d04cb19 [ 115.682960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.684339] RSP: 002b:00007fa06a5c2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.684922] RAX: ffffffffffffffda RBX: 00007fa06d15ff68 RCX: 00007fa06d04cb19 [ 115.685472] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa06d15ff6c [ 115.686011] RBP: 00007fa06d15ff60 R08: 000000000000000e R09: 0000000000000000 [ 115.686560] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fa06d15ff6c [ 115.687098] R13: 00007ffe217aed4f R14: 00007fa06a5c2300 R15: 0000000000022000 [ 115.687644] [ 115.687829] Modules linked in: [ 115.688083] ---[ end trace 0000000000000000 ]--- [ 115.688085] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 115.688438] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.689288] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 115.689634] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.690297] CPU: 1 UID: 0 PID: 3979 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.691652] RSP: 0018:ffff88804446f780 EFLAGS: 00010012 [ 115.692545] Tainted: [D]=DIE, [W]=WARN [ 115.692939] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.693233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.693768] RDX: ffff8880440f8000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 115.694395] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.694930] RBP: ffff88804446f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15ba0 [ 115.695280] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.695812] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.697177] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 115.697707] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.697718] FS: 00007fa06a5c2700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.698117] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.698652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.699252] RDX: ffff8880440f8000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 115.699783] CR2: 00007fa06d160018 CR3: 0000000044afc000 CR4: 0000000000350ef0 [ 115.700218] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd15ba0 [ 115.700753] note: syz-executor.5[3988] exited with irqs disabled [ 115.701291] R10: 0000000000000000 R11: ffff888018f47c98 R12: dffffc0000000000 [ 115.702826] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 115.703371] FS: 000055557bd8f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.703986] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.704432] CR2: 000055557bd90c18 CR3: 000000000c987000 CR4: 0000000000350ef0 [ 115.704978] Call Trace: [ 115.705181] [ 115.705358] ? __pfx_perf_tp_event+0x10/0x10 [ 115.705710] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.706078] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.706437] ? check_preempt_wakeup_fair+0x6e/0x950 [ 115.706828] ? try_to_wake_up+0x8ae/0x11d0 [ 115.707162] ? lock_release+0x1c7/0x290 [ 115.707473] ? lock_release+0x1c7/0x290 [ 115.707786] ? do_raw_spin_unlock+0x53/0x220 [ 115.708137] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 115.708537] ? try_to_wake_up+0x8ae/0x11d0 [ 115.708874] ? perf_trace_lock+0xb5/0x5d0 [ 115.709198] ? do_raw_spin_lock+0x123/0x260 [ 115.709538] ? __pfx_perf_trace_lock+0x10/0x10 [ 115.709899] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.710298] perf_trace_run_bpf_submit+0xef/0x180 [ 115.710677] perf_trace_preemptirq_template+0x259/0x430 [ 115.711100] ? read_tsc+0x9/0x20 [ 115.711375] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.711836] ? clockevents_program_event+0x135/0x360 [ 115.712231] ? tick_program_event+0xac/0x140 [ 115.712576] ? handle_softirqs+0x16e/0x770 [ 115.712910] trace_irq_enable.constprop.0+0xa6/0x100 [ 115.713302] trace_hardirqs_on+0x26/0x40 [ 115.713617] handle_softirqs+0x16e/0x770 [ 115.713945] __irq_exit_rcu+0xc4/0x100 [ 115.714267] irq_exit_rcu+0x9/0x20 [ 115.714548] sysvec_apic_timer_interrupt+0x70/0x80 [ 115.714940] [ 115.715120] [ 115.715297] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.715706] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 115.716074] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 115.717454] RSP: 0018:ffff88804446ff28 EFLAGS: 00000246 [ 115.717865] RAX: 0000000000000001 RBX: ffff8880440f8000 RCX: ffffffff817c2b86 [ 115.718421] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 115.718965] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 115.719512] R10: ffffffff8643ac57 R11: 3838666666662052 R12: ffff8880440f8000 [ 115.720056] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 115.720606] ? trace_irq_enable.constprop.0+0x26/0x100 [ 115.721010] ? make_task_dead+0x214/0x3b0 [ 115.721338] ? make_task_dead+0x214/0x3b0 [ 115.721662] ? do_syscall_64+0xbf/0x360 [ 115.721975] rewind_stack_and_make_dead+0x16/0x20 [ 115.722362] RIP: 0033:0x7f7b67939b19 [ 115.722653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.724054] RSP: 002b:00007ffe70bca7f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.724660] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7b67939b19 [ 115.725221] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7b67a4cf68 [ 115.725788] RBP: 00007f7b67a4cf60 R08: 00007f7b64eaf700 R09: 0000000000000000 [ 115.726362] R10: 00007f7b64eaf700 R11: 0000000000000246 R12: 00007f7b67a51060 [ 115.726927] R13: 00007ffe70bca900 R14: 00007f7b67a4cf60 R15: 000000000001c2b7 [ 115.727502] [ 115.727691] Modules linked in: [ 115.727957] ---[ end trace 0000000000000000 ]--- [ 115.727958] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 115.728328] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.729185] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.729550] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.730142] CPU: 0 UID: 0 PID: 3988 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.731551] RSP: 0018:ffff88804446f780 EFLAGS: 00010012 [ 115.732460] Tainted: [D]=DIE, [W]=WARN [ 115.732872] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 115.733170] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.733727] RDX: ffff8880440f8000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 115.734366] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.734921] RBP: ffff88804446f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15ba0 [ 115.735283] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.735842] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.737238] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 115.737793] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.737805] FS: 000055557bd8f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 115.738214] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.738772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.739385] RDX: ffff88804322b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.739940] CR2: 000055557bd90c18 CR3: 000000000c987000 CR4: 0000000000350ef0 [ 115.740386] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15ba0 [ 115.740947] Kernel panic - not syncing: Fatal exception in interrupt [ 116.786536] Shutting down cpus with NMI [ 116.788206] Kernel Offset: disabled [ 116.788505] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:18:01 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff88804631f530 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11008c63ea7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff88804631f568 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa06a5c2700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa06d160018 CR3=0000000044afc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fa06d1337c000007fa06d1337c8 XMM02=00007fa06d1337e000007fa06d1337c0 XMM03=00007fa06d1337c800007fa06d1337c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804446f0f0 R8 =0000000000000000 R9 =ffffed1001531046 R10=0000000000000066 R11=313030203a505352 R12=0000000000000066 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557bd8f400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055557bd90c18 CR3=000000000c987000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7b67a207c000007f7b67a207c8 XMM02=00007f7b67a207e000007f7b67a207c0 XMM03=00007f7b67a207c800007f7b67a207c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000