Warning: Permanently added '[localhost]:10892' (ECDSA) to the list of known hosts.
2025/08/29 09:39:39 fuzzer started
2025/08/29 09:39:39 dialing manager at localhost:43077
syzkaller login: [ 56.979049] cgroup: Unknown subsys name 'net'
[ 57.167340] cgroup: Unknown subsys name 'cpuset'
[ 57.234208] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:39:50 syscalls: 2214
2025/08/29 09:39:50 code coverage: enabled
2025/08/29 09:39:50 comparison tracing: enabled
2025/08/29 09:39:50 extra coverage: enabled
2025/08/29 09:39:50 setuid sandbox: enabled
2025/08/29 09:39:50 namespace sandbox: enabled
2025/08/29 09:39:50 Android sandbox: enabled
2025/08/29 09:39:50 fault injection: enabled
2025/08/29 09:39:50 leak checking: enabled
2025/08/29 09:39:50 net packet injection: enabled
2025/08/29 09:39:50 net device setup: enabled
2025/08/29 09:39:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:39:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:39:50 USB emulation: enabled
2025/08/29 09:39:50 hci packet injection: enabled
2025/08/29 09:39:50 wifi device emulation: enabled
2025/08/29 09:39:50 802.15.4 emulation: enabled
2025/08/29 09:39:50 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:39:50 fetching corpus: 50, signal 22388/25835 (executing program)
2025/08/29 09:39:50 fetching corpus: 100, signal 35467/40100 (executing program)
2025/08/29 09:39:50 fetching corpus: 150, signal 44536/50258 (executing program)
2025/08/29 09:39:50 fetching corpus: 200, signal 53055/59634 (executing program)
2025/08/29 09:39:50 fetching corpus: 250, signal 56765/64375 (executing program)
2025/08/29 09:39:51 fetching corpus: 300, signal 61121/69622 (executing program)
2025/08/29 09:39:51 fetching corpus: 350, signal 65126/74482 (executing program)
2025/08/29 09:39:51 fetching corpus: 400, signal 67747/77960 (executing program)
2025/08/29 09:39:51 fetching corpus: 450, signal 69621/80743 (executing program)
2025/08/29 09:39:51 fetching corpus: 500, signal 73281/84990 (executing program)
2025/08/29 09:39:51 fetching corpus: 550, signal 75427/87875 (executing program)
2025/08/29 09:39:51 fetching corpus: 600, signal 77588/90712 (executing program)
2025/08/29 09:39:51 fetching corpus: 650, signal 80966/94472 (executing program)
2025/08/29 09:39:51 fetching corpus: 700, signal 83295/97298 (executing program)
2025/08/29 09:39:51 fetching corpus: 750, signal 85172/99722 (executing program)
2025/08/29 09:39:52 fetching corpus: 800, signal 87871/102708 (executing program)
2025/08/29 09:39:52 fetching corpus: 850, signal 89307/104618 (executing program)
2025/08/29 09:39:52 fetching corpus: 900, signal 90899/106654 (executing program)
2025/08/29 09:39:52 fetching corpus: 950, signal 93894/109753 (executing program)
2025/08/29 09:39:52 fetching corpus: 1000, signal 96198/112209 (executing program)
2025/08/29 09:39:52 fetching corpus: 1050, signal 97998/114250 (executing program)
2025/08/29 09:39:53 fetching corpus: 1100, signal 99473/116038 (executing program)
2025/08/29 09:39:53 fetching corpus: 1150, signal 100585/117547 (executing program)
2025/08/29 09:39:53 fetching corpus: 1200, signal 101766/119028 (executing program)
2025/08/29 09:39:53 fetching corpus: 1250, signal 102832/120418 (executing program)
2025/08/29 09:39:53 fetching corpus: 1300, signal 104077/121908 (executing program)
2025/08/29 09:39:53 fetching corpus: 1350, signal 105219/123360 (executing program)
2025/08/29 09:39:53 fetching corpus: 1400, signal 107117/125181 (executing program)
2025/08/29 09:39:53 fetching corpus: 1450, signal 108020/126422 (executing program)
2025/08/29 09:39:53 fetching corpus: 1500, signal 109541/127942 (executing program)
2025/08/29 09:39:53 fetching corpus: 1550, signal 111086/129501 (executing program)
2025/08/29 09:39:54 fetching corpus: 1600, signal 113037/131254 (executing program)
2025/08/29 09:39:54 fetching corpus: 1650, signal 114350/132538 (executing program)
2025/08/29 09:39:54 fetching corpus: 1700, signal 115231/133540 (executing program)
2025/08/29 09:39:54 fetching corpus: 1750, signal 117186/135105 (executing program)
2025/08/29 09:39:54 fetching corpus: 1800, signal 118580/136377 (executing program)
2025/08/29 09:39:54 fetching corpus: 1850, signal 119714/137440 (executing program)
2025/08/29 09:39:54 fetching corpus: 1900, signal 120569/138362 (executing program)
2025/08/29 09:39:54 fetching corpus: 1950, signal 122407/139704 (executing program)
2025/08/29 09:39:54 fetching corpus: 2000, signal 123323/140522 (executing program)
2025/08/29 09:39:54 fetching corpus: 2050, signal 123959/141236 (executing program)
2025/08/29 09:39:55 fetching corpus: 2100, signal 124709/141975 (executing program)
2025/08/29 09:39:55 fetching corpus: 2150, signal 126475/143308 (executing program)
2025/08/29 09:39:55 fetching corpus: 2200, signal 128047/144615 (executing program)
2025/08/29 09:39:55 fetching corpus: 2250, signal 128796/145238 (executing program)
2025/08/29 09:39:55 fetching corpus: 2300, signal 129265/145728 (executing program)
2025/08/29 09:39:55 fetching corpus: 2350, signal 130175/146464 (executing program)
2025/08/29 09:39:55 fetching corpus: 2400, signal 130870/147027 (executing program)
2025/08/29 09:39:55 fetching corpus: 2450, signal 131757/147685 (executing program)
2025/08/29 09:39:55 fetching corpus: 2500, signal 132458/148264 (executing program)
2025/08/29 09:39:55 fetching corpus: 2550, signal 133478/148910 (executing program)
2025/08/29 09:39:55 fetching corpus: 2600, signal 134090/149426 (executing program)
2025/08/29 09:39:55 fetching corpus: 2650, signal 135032/150015 (executing program)
2025/08/29 09:39:56 fetching corpus: 2700, signal 135575/150436 (executing program)
2025/08/29 09:39:56 fetching corpus: 2750, signal 136475/150933 (executing program)
2025/08/29 09:39:56 fetching corpus: 2800, signal 137255/151391 (executing program)
2025/08/29 09:39:56 fetching corpus: 2850, signal 137722/151769 (executing program)
2025/08/29 09:39:56 fetching corpus: 2900, signal 138137/152084 (executing program)
2025/08/29 09:39:56 fetching corpus: 2950, signal 138705/152449 (executing program)
2025/08/29 09:39:56 fetching corpus: 3000, signal 139233/152825 (executing program)
2025/08/29 09:39:56 fetching corpus: 3050, signal 139764/153178 (executing program)
2025/08/29 09:39:56 fetching corpus: 3100, signal 140139/153435 (executing program)
2025/08/29 09:39:56 fetching corpus: 3150, signal 141063/153786 (executing program)
2025/08/29 09:39:56 fetching corpus: 3200, signal 142188/154151 (executing program)
2025/08/29 09:39:57 fetching corpus: 3250, signal 142832/154425 (executing program)
2025/08/29 09:39:57 fetching corpus: 3300, signal 143686/154747 (executing program)
2025/08/29 09:39:57 fetching corpus: 3350, signal 144424/155078 (executing program)
2025/08/29 09:39:57 fetching corpus: 3400, signal 145174/155349 (executing program)
2025/08/29 09:39:57 fetching corpus: 3450, signal 145524/155565 (executing program)
2025/08/29 09:39:57 fetching corpus: 3500, signal 146137/155779 (executing program)
2025/08/29 09:39:57 fetching corpus: 3550, signal 146939/155981 (executing program)
2025/08/29 09:39:57 fetching corpus: 3600, signal 147492/156121 (executing program)
2025/08/29 09:39:57 fetching corpus: 3650, signal 147993/156260 (executing program)
2025/08/29 09:39:57 fetching corpus: 3700, signal 148542/156393 (executing program)
2025/08/29 09:39:58 fetching corpus: 3750, signal 149048/156509 (executing program)
2025/08/29 09:39:58 fetching corpus: 3800, signal 149643/156522 (executing program)
2025/08/29 09:39:58 fetching corpus: 3850, signal 149979/156537 (executing program)
2025/08/29 09:39:58 fetching corpus: 3900, signal 150404/156540 (executing program)
2025/08/29 09:39:58 fetching corpus: 3950, signal 151101/156552 (executing program)
2025/08/29 09:39:58 fetching corpus: 4000, signal 151465/156554 (executing program)
2025/08/29 09:39:58 fetching corpus: 4050, signal 152053/156568 (executing program)
2025/08/29 09:39:58 fetching corpus: 4100, signal 152522/156642 (executing program)
2025/08/29 09:39:58 fetching corpus: 4150, signal 153033/156645 (executing program)
2025/08/29 09:39:58 fetching corpus: 4200, signal 153659/156654 (executing program)
2025/08/29 09:39:59 fetching corpus: 4250, signal 154302/156687 (executing program)
2025/08/29 09:39:59 fetching corpus: 4263, signal 154505/156687 (executing program)
2025/08/29 09:39:59 fetching corpus: 4263, signal 154505/156687 (executing program)
2025/08/29 09:40:01 starting 8 fuzzer processes
09:40:01 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)
09:40:01 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002400f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0)
09:40:01 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={0x0}}, 0x0)
09:40:01 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
lstat(&(0x7f0000000680)='./file1\x00', &(0x7f00000006c0))
09:40:01 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xb, 0x0, 0x0)
[ 78.178260] audit: type=1400 audit(1756460401.319:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:40:01 executing program 4:
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
09:40:01 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r1 = getpid()
write$cgroup_pid(r0, &(0x7f00000000c0)=r1, 0x10)
09:40:01 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
read$usbmon(r1, &(0x7f0000000100)=""/164, 0xa4)
[ 79.302472] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 79.306026] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 79.307968] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 79.313454] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 79.316026] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.442280] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 79.445460] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 79.448533] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 79.451134] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 79.453630] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 79.456558] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 79.460064] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 79.461421] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 79.473394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 79.475011] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 79.480738] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 79.482175] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 79.486114] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 79.487509] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 79.496808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 79.531779] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 79.545671] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 79.555523] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 79.559307] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 79.561091] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 79.566020] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 79.567248] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 79.570308] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 79.571653] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 79.574681] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 79.576730] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 79.579656] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 79.581291] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 79.584755] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 79.587746] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 79.592349] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 79.603753] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 79.605742] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 79.612263] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 79.614317] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 81.333371] Bluetooth: hci0: command tx timeout
[ 81.525135] Bluetooth: hci3: command tx timeout
[ 81.525840] Bluetooth: hci1: command tx timeout
[ 81.589017] Bluetooth: hci2: command tx timeout
[ 81.653953] Bluetooth: hci4: command tx timeout
[ 81.654554] Bluetooth: hci7: command tx timeout
[ 81.655545] Bluetooth: hci6: command tx timeout
[ 81.715980] Bluetooth: hci5: command tx timeout
[ 83.381530] Bluetooth: hci0: command tx timeout
[ 83.572178] Bluetooth: hci1: command tx timeout
[ 83.572783] Bluetooth: hci3: command tx timeout
[ 83.635999] Bluetooth: hci2: command tx timeout
[ 83.700963] Bluetooth: hci6: command tx timeout
[ 83.701401] Bluetooth: hci7: command tx timeout
[ 83.701798] Bluetooth: hci4: command tx timeout
[ 83.764961] Bluetooth: hci5: command tx timeout
[ 85.428950] Bluetooth: hci0: command tx timeout
[ 85.622215] Bluetooth: hci1: command tx timeout
[ 85.622680] Bluetooth: hci3: command tx timeout
[ 85.684991] Bluetooth: hci2: command tx timeout
[ 85.748022] Bluetooth: hci6: command tx timeout
[ 85.748577] Bluetooth: hci4: command tx timeout
[ 85.749114] Bluetooth: hci7: command tx timeout
[ 85.813184] Bluetooth: hci5: command tx timeout
[ 87.476143] Bluetooth: hci0: command tx timeout
[ 87.668033] Bluetooth: hci1: command tx timeout
[ 87.668758] Bluetooth: hci3: command tx timeout
[ 87.731980] Bluetooth: hci2: command tx timeout
[ 87.796008] Bluetooth: hci7: command tx timeout
[ 87.796649] Bluetooth: hci4: command tx timeout
[ 87.797265] Bluetooth: hci6: command tx timeout
[ 87.859960] Bluetooth: hci5: command tx timeout
[ 120.682218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.682831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.887007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.887577] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.205138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.205751] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.229338] audit: type=1400 audit(1756460444.370:8): avc: denied { open } for pid=3795 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 121.233568] audit: type=1400 audit(1756460444.370:9): avc: denied { kernel } for pid=3795 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 121.295232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.295799] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:40:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)={0x0, 0xffffffff7fffffff})
09:40:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)={0x0, 0xffffffff7fffffff})
09:40:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)={0x0, 0xffffffff7fffffff})
[ 121.431452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.432065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:40:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)={0x0, 0xffffffff7fffffff})
[ 121.574551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.575130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:40:44 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1a, &(0x7f0000000140), 0x4)
09:40:44 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1a, &(0x7f0000000140), 0x4)
[ 121.711228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.711825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:40:44 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1a, &(0x7f0000000140), 0x4)
09:40:44 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1a, &(0x7f0000000140), 0x4)
[ 121.826706] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.827340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.959022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.959597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.063845] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 122.068192] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 122.073951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.074511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.182007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.182615] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.214265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.214848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.245812] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.248090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.298685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.299287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.788423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.789599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.880294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.880862] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:40:46 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={0x0}}, 0x0)
09:40:46 executing program 4:
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
09:40:46 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
lstat(&(0x7f0000000680)='./file1\x00', &(0x7f00000006c0))
09:40:46 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xb, 0x0, 0x0)
09:40:46 executing program 5:
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @local, @multicast1}, @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}, 0x0)
09:40:46 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)
09:40:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002400f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0)
09:40:46 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
read$usbmon(r1, &(0x7f0000000100)=""/164, 0xa4)
[ 123.027521] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
09:40:46 executing program 5:
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @local, @multicast1}, @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}, 0x0)
09:40:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002400f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0)
09:40:46 executing program 4:
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
09:40:46 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
read$usbmon(r1, &(0x7f0000000100)=""/164, 0xa4)
09:40:46 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xb, 0x0, 0x0)
09:40:46 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)
09:40:46 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
lstat(&(0x7f0000000680)='./file1\x00', &(0x7f00000006c0))
[ 123.151050] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
09:40:46 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={0x0}}, 0x0)
09:40:46 executing program 5:
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @local, @multicast1}, @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}, 0x0)
09:40:46 executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xb, 0x0, 0x0)
09:40:46 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
read$usbmon(r1, &(0x7f0000000100)=""/164, 0xa4)
09:40:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002400f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0)
09:40:46 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
lstat(&(0x7f0000000680)='./file1\x00', &(0x7f00000006c0))
09:40:46 executing program 4:
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
09:40:46 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)
[ 123.268499] BUG: unable to handle page fault for address: ffffed10212c9106
[ 123.269105] #PF: supervisor read access in kernel mode
[ 123.269512] #PF: error_code(0x0000) - not-present page
[ 123.269928] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 123.270373] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[ 123.271238] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 123.274149] Tainted: [W]=WARN
[ 123.274904] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 123.277356] RIP: 0010:perf_tp_event+0x175/0xe70
[ 123.278419] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 123.280677] RSP: 0018:ffff88800fa3f780 EFLAGS: 00010016
[ 123.281097] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: ffffc9000341b000
[ 123.281650] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109648830
[ 123.282210] RBP: ffff88800fa3f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15b08
[ 123.282762] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 123.283311] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 123.283861] FS: 00007f1c2fd82700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 123.284482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 123.284936] CR2: ffffed10212c9106 CR3: 0000000044b5d000 CR4: 0000000000350ef0
[ 123.285486] Call Trace:
[ 123.285692]
[ 123.285883] ? __pfx_perf_tp_event+0x10/0x10
[ 123.286239] ? __asan_memcpy+0x3d/0x60
[ 123.286548] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 123.287031] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 123.287530] ? lock_is_held_type+0x9e/0x120
[ 123.287879] ? ctx_sched_in+0x134/0x9b0
[ 123.288189] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 123.288581] ? perf_swevent_event+0x63/0x3f0
[ 123.288932] ? perf_tp_event+0x807/0xe70
[ 123.289254] ? perf_trace_run_bpf_submit+0xef/0x180
[ 123.289651] ? perf_trace_run_bpf_submit+0xef/0x180
[ 123.290052] perf_trace_run_bpf_submit+0xef/0x180
[ 123.290438] perf_trace_preemptirq_template+0x259/0x430
[ 123.290862] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 123.291300] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 123.291766] ? __pfx___resched_curr+0x10/0x10
[ 123.292129] ? find_held_lock+0x2b/0x80
[ 123.292450] ? try_to_wake_up+0x8ae/0x11d0
[ 123.292790] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 123.293191] trace_irq_enable.constprop.0+0xa6/0x100
[ 123.293587] trace_hardirqs_on+0x26/0x40
[ 123.293918] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 123.294309] try_to_wake_up+0x8ae/0x11d0
[ 123.294642] ? __pfx_try_to_wake_up+0x10/0x10
[ 123.295000] ? plist_del+0x122/0x270
[ 123.295300] ? find_held_lock+0x2b/0x80
[ 123.295620] ? futex_wake+0x474/0x540
[ 123.295929] wake_up_q+0xa1/0x130
[ 123.296212] futex_wake+0x47e/0x540
[ 123.296507] ? __pfx_futex_wake+0x10/0x10
[ 123.296838] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 123.297236] ? lock_release+0xc8/0x290
[ 123.297547] do_futex+0x26d/0x370
[ 123.297833] ? __pfx_do_futex+0x10/0x10
[ 123.298161] __x64_sys_futex+0x1c9/0x4d0
[ 123.298485] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 123.298955] ? __pfx___x64_sys_futex+0x10/0x10
[ 123.299320] do_syscall_64+0xbf/0x360
[ 123.299621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 123.300027] RIP: 0033:0x7f1c3280cb19
[ 123.300320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 123.301725] RSP: 002b:00007f1c2fd82218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 123.302326] RAX: ffffffffffffffda RBX: 00007f1c3291ff68 RCX: 00007f1c3280cb19
[ 123.302881] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1c3291ff6c
[ 123.303435] RBP: 00007f1c3291ff60 R08: 000000000000000e R09: 0000000000000000
[ 123.303987] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1c3291ff6c
[ 123.304539] R13: 00007ffc2692d42f R14: 00007f1c2fd82300 R15: 0000000000022000
[ 123.305097]
[ 123.305284] Modules linked in:
[ 123.305540] CR2: ffffed10212c9106
[ 123.305814] ---[ end trace 0000000000000000 ]---
[ 123.306187] RIP: 0010:perf_tp_event+0x175/0xe70
[ 123.306558] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 123.307959] RSP: 0018:ffff88800fa3f780 EFLAGS: 00010016
[ 123.308373] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: ffffc9000341b000
[ 123.308928] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109648830
[ 123.309481] RBP: ffff88800fa3f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15b08
[ 123.310040] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 123.310592] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 123.311146] FS: 00007f1c2fd82700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 123.311773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 123.312227] CR2: ffffed10212c9106 CR3: 0000000044b5d000 CR4: 0000000000350ef0
[ 123.312787] note: syz-executor.1[3959] exited with irqs disabled
[ 123.313304] BUG: unable to handle page fault for address: ffffed10212c9106
[ 123.313848] #PF: supervisor read access in kernel mode
[ 123.314267] #PF: error_code(0x0000) - not-present page
[ 123.314679] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 123.315123] Oops: Oops: 0000 [#2] SMP KASAN NOPTI
[ 123.315507] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 123.316443] Tainted: [D]=DIE, [W]=WARN
[ 123.316745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 123.317389] RIP: 0010:perf_tp_event+0x175/0xe70
[ 123.317766] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 123.319184] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010016
[ 123.319604] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: 0000000000000002
[ 123.320161] RDX: ffff88801a689b80 RSI: ffffffff818995b7 RDI: ffff888109648830
[ 123.320720] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15b08
[ 123.321277] R10: 0000000000000000 R11: ffff88801a649898 R12: dffffc0000000000
[ 123.321837] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 123.322406] FS: 00007f1c2fd82700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 123.323038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 123.323494] CR2: ffffed10212c9106 CR3: 0000000044b5d000 CR4: 0000000000350ef0
[ 123.324056] Call Trace:
[ 123.324263]
[ 123.324442] ? __pfx_perf_tp_event+0x10/0x10
[ 123.324799] ? trace_pelt_se_tp+0xdf/0x130
[ 123.325140] ? do_raw_spin_lock+0x123/0x260
[ 123.325488] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 123.325865] ? lock_acquire+0x18c/0x2f0
[ 123.326197] ? update_cfs_group+0x11d/0x260
[ 123.326541] ? lock_release+0x1c7/0x290
[ 123.326860] ? do_raw_spin_unlock+0x53/0x220
[ 123.327215] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 123.327618] ? try_to_wake_up+0x128/0x11d0
[ 123.327952] ? do_raw_spin_lock+0x123/0x260
[ 123.328293] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 123.328664] ? perf_trace_run_bpf_submit+0xef/0x180
[ 123.329064] perf_trace_run_bpf_submit+0xef/0x180
[ 123.329446] perf_trace_preemptirq_template+0x259/0x430
[ 123.329874] ? read_tsc+0x9/0x20
[ 123.330152] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 123.330614] ? clockevents_program_event+0x135/0x360
[ 123.331014] ? tick_program_event+0xac/0x140
[ 123.331356] ? handle_softirqs+0x16e/0x770
[ 123.331696] trace_irq_enable.constprop.0+0xa6/0x100
[ 123.332090] trace_hardirqs_on+0x26/0x40
[ 123.332406] handle_softirqs+0x16e/0x770
[ 123.332739] __irq_exit_rcu+0xc4/0x100
[ 123.333051] irq_exit_rcu+0x9/0x20
[ 123.333330] sysvec_apic_timer_interrupt+0x70/0x80
[ 123.333723]
[ 123.333912]
[ 123.334092] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 123.334499] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 123.334868] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 123.336255] RSP: 0018:ffff88800fa3ff28 EFLAGS: 00000246
[ 123.336666] RAX: 0000000000000001 RBX: ffff88801a689b80 RCX: ffffffff817c2b86
[ 123.337213] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 123.337759] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 123.338313] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88801a689b80
[ 123.338860] R13: 0000000000000009 R14: ffff88800fa3f760 R15: 0000000000000000
[ 123.339409] ? trace_irq_enable.constprop.0+0x26/0x100
[ 123.339815] ? make_task_dead+0x214/0x3b0
[ 123.340141] ? make_task_dead+0x214/0x3b0
[ 123.340468] ? do_syscall_64+0xbf/0x360
[ 123.340777] rewind_stack_and_make_dead+0x16/0x20
[ 123.341160] RIP: 0033:0x7f1c3280cb19
[ 123.341450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 123.342838] RSP: 002b:00007f1c2fd82218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 123.343418] RAX: ffffffffffffffda RBX: 00007f1c3291ff68 RCX: 00007f1c3280cb19
[ 123.343965] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1c3291ff6c
[ 123.344508] RBP: 00007f1c3291ff60 R08: 000000000000000e R09: 0000000000000000
[ 123.345052] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1c3291ff6c
[ 123.345601] R13: 00007ffc2692d42f R14: 00007f1c2fd82300 R15: 0000000000022000
[ 123.346155]
[ 123.346343] Modules linked in:
[ 123.346596] CR2: ffffed10212c9106
[ 123.346866] ---[ end trace 0000000000000000 ]---
[ 123.347229] RIP: 0010:perf_tp_event+0x175/0xe70
[ 123.347596] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 123.348989] RSP: 0018:ffff88800fa3f780 EFLAGS: 00010016
[ 123.349399] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: ffffc9000341b000
[ 123.349954] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888109648830
[ 123.350502] RBP: ffff88800fa3f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15b08
[ 123.351051] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 123.351597] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 123.352144] FS: 00007f1c2fd82700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 123.352758] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 123.353207] CR2: ffffed10212c9106 CR3: 0000000044b5d000 CR4: 0000000000350ef0
[ 123.353755] Kernel panic - not syncing: Fatal exception in interrupt
[ 123.354437] Kernel Offset: disabled
[ 123.354721] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:40:46 Registers:
info registers vcpu 0
RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88800fa3efc8
R8 =0000000000000000 R9 =ffffed1001655046 R10=0000000000000061 R11=6572617764726148
R12=0000000000000061 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f1c2fd82700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed10212c9106 CR3=0000000044b5d000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f1c328f37c000007f1c328f37c8
XMM02=00007f1c328f37e000007f1c328f37c0 XMM03=00007f1c328f37c800007f1c328f37c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000001fd29 RBX=ffff88806ce3de00 RCX=ffffc90004624000 RDX=0000000000040000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888046b0f5a8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f33017a6700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5800000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000000 CR3=0000000044af7000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f33043177c000007f33043177c8
XMM02=00007f33043177e000007f33043177c0 XMM03=00007f33043177c800007f33043177c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000