Warning: Permanently added '[localhost]:62092' (ECDSA) to the list of known hosts.
2025/08/29 09:02:33 fuzzer started
2025/08/29 09:02:33 dialing manager at localhost:43077
syzkaller login: [ 58.874406] cgroup: Unknown subsys name 'net'
[ 58.941907] cgroup: Unknown subsys name 'cpuset'
[ 58.960868] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:02:44 syscalls: 2214
2025/08/29 09:02:44 code coverage: enabled
2025/08/29 09:02:44 comparison tracing: enabled
2025/08/29 09:02:44 extra coverage: enabled
2025/08/29 09:02:44 setuid sandbox: enabled
2025/08/29 09:02:44 namespace sandbox: enabled
2025/08/29 09:02:44 Android sandbox: enabled
2025/08/29 09:02:44 fault injection: enabled
2025/08/29 09:02:44 leak checking: enabled
2025/08/29 09:02:44 net packet injection: enabled
2025/08/29 09:02:44 net device setup: enabled
2025/08/29 09:02:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:02:44 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:02:44 USB emulation: enabled
2025/08/29 09:02:44 hci packet injection: enabled
2025/08/29 09:02:44 wifi device emulation: enabled
2025/08/29 09:02:44 802.15.4 emulation: enabled
2025/08/29 09:02:44 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:02:44 fetching corpus: 50, signal 23237/26524 (executing program)
2025/08/29 09:02:44 fetching corpus: 100, signal 40280/44383 (executing program)
2025/08/29 09:02:44 fetching corpus: 150, signal 49410/54364 (executing program)
2025/08/29 09:02:44 fetching corpus: 200, signal 54052/59853 (executing program)
2025/08/29 09:02:44 fetching corpus: 250, signal 58902/65374 (executing program)
2025/08/29 09:02:44 fetching corpus: 300, signal 62408/69591 (executing program)
2025/08/29 09:02:45 fetching corpus: 350, signal 66238/74046 (executing program)
2025/08/29 09:02:45 fetching corpus: 400, signal 68605/77072 (executing program)
2025/08/29 09:02:45 fetching corpus: 450, signal 72838/81652 (executing program)
2025/08/29 09:02:45 fetching corpus: 500, signal 74967/84282 (executing program)
2025/08/29 09:02:45 fetching corpus: 550, signal 78649/88129 (executing program)
2025/08/29 09:02:45 fetching corpus: 600, signal 81164/90888 (executing program)
2025/08/29 09:02:45 fetching corpus: 650, signal 83599/93515 (executing program)
2025/08/29 09:02:45 fetching corpus: 700, signal 85710/95854 (executing program)
2025/08/29 09:02:45 fetching corpus: 750, signal 89527/99459 (executing program)
2025/08/29 09:02:46 fetching corpus: 800, signal 91766/101855 (executing program)
2025/08/29 09:02:46 fetching corpus: 850, signal 93309/103567 (executing program)
2025/08/29 09:02:46 fetching corpus: 900, signal 96065/106109 (executing program)
2025/08/29 09:02:46 fetching corpus: 950, signal 97661/107700 (executing program)
2025/08/29 09:02:46 fetching corpus: 1000, signal 99137/109216 (executing program)
2025/08/29 09:02:46 fetching corpus: 1050, signal 101020/110993 (executing program)
2025/08/29 09:02:46 fetching corpus: 1100, signal 102137/112190 (executing program)
2025/08/29 09:02:46 fetching corpus: 1150, signal 103137/113322 (executing program)
2025/08/29 09:02:47 fetching corpus: 1200, signal 104732/114847 (executing program)
2025/08/29 09:02:47 fetching corpus: 1250, signal 106932/116616 (executing program)
2025/08/29 09:02:47 fetching corpus: 1300, signal 108106/117695 (executing program)
2025/08/29 09:02:47 fetching corpus: 1350, signal 109667/118945 (executing program)
2025/08/29 09:02:47 fetching corpus: 1400, signal 111083/120121 (executing program)
2025/08/29 09:02:47 fetching corpus: 1450, signal 112713/121630 (executing program)
2025/08/29 09:02:48 fetching corpus: 1500, signal 113613/122411 (executing program)
2025/08/29 09:02:48 fetching corpus: 1550, signal 114687/123284 (executing program)
2025/08/29 09:02:48 fetching corpus: 1600, signal 115817/124145 (executing program)
2025/08/29 09:02:48 fetching corpus: 1650, signal 116716/124832 (executing program)
2025/08/29 09:02:48 fetching corpus: 1700, signal 117906/125620 (executing program)
2025/08/29 09:02:48 fetching corpus: 1750, signal 119055/126377 (executing program)
2025/08/29 09:02:48 fetching corpus: 1800, signal 119832/126919 (executing program)
2025/08/29 09:02:48 fetching corpus: 1850, signal 120893/127523 (executing program)
2025/08/29 09:02:49 fetching corpus: 1900, signal 122039/128201 (executing program)
2025/08/29 09:02:49 fetching corpus: 1950, signal 122834/128698 (executing program)
2025/08/29 09:02:49 fetching corpus: 2000, signal 123572/129092 (executing program)
2025/08/29 09:02:49 fetching corpus: 2050, signal 124334/129501 (executing program)
2025/08/29 09:02:49 fetching corpus: 2100, signal 125183/129888 (executing program)
2025/08/29 09:02:49 fetching corpus: 2150, signal 126124/130301 (executing program)
2025/08/29 09:02:49 fetching corpus: 2200, signal 127017/130669 (executing program)
2025/08/29 09:02:49 fetching corpus: 2250, signal 127859/131029 (executing program)
2025/08/29 09:02:49 fetching corpus: 2300, signal 128726/131363 (executing program)
2025/08/29 09:02:50 fetching corpus: 2350, signal 129486/131637 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/131853 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/131891 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/131928 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/131958 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/131995 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132022 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132055 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132093 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132128 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132153 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132193 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132239 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132282 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132320 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132356 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132400 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132400 (executing program)
2025/08/29 09:02:50 fetching corpus: 2391, signal 130029/132400 (executing program)
2025/08/29 09:02:52 starting 8 fuzzer processes
09:02:52 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)
09:02:52 executing program 7:
sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0), 0xc, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x60b55ac5f08e85a8}, 0x40001)
r0 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000500), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000700), 0xffffffffffffffff)
socketpair(0x21, 0x4, 0x7, &(0x7f0000000880))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_LISTALL(r1, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x40, r0, 0x0, 0x0, 0x25dfdbfc, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xf}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x40}}, 0x0)
09:02:52 executing program 1:
r0 = socket(0xa, 0x3, 0x6)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0)
09:02:52 executing program 2:
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
finit_module(r0, 0x0, 0x0)
09:02:52 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4d, 0x0, &(0x7f0000000140)=0x47)
[ 78.009307] audit: type=1400 audit(1756458172.612:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:02:52 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f00000002c0)='ext3\x00', 0x0, 0x0, 0x1, &(0x7f0000001780)=[{&(0x7f0000000340)="b3", 0x1}], 0x0, &(0x7f0000001840))
ioprio_set$uid(0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f00000019c0)='./file0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001a40)='ext3\x00', &(0x7f0000001a80)='./file0\x00', 0x0, 0x1, &(0x7f0000001f80)=[{&(0x7f0000001ac0)="11", 0x1}], 0x0, &(0x7f0000002040))
09:02:52 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r2 = getpid()
pidfd_open(0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x9, 0x81, 0x0, 0x0, 0x0, 0x5, 0x4440, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8000}, 0x60, 0x0, 0x9, 0x2, 0x100, 0x100, 0xff, 0x0, 0x3, 0x0, 0x1}, r2, 0x4, r0, 0xe)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
09:02:52 executing program 4:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000, 0x0)
[ 79.190497] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 79.196954] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 79.202405] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 79.202881] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 79.204106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 79.209737] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 79.209922] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 79.214249] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 79.215696] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 79.221834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 79.225076] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 79.226975] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.229907] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 79.231400] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 79.254319] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 79.256178] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 79.258781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 79.261928] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 79.268284] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 79.270303] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 79.273433] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 79.273752] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 79.276730] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 79.282105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 79.283338] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 79.287708] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 79.289298] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 79.292790] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 79.293596] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 79.296385] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 79.296979] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 79.298737] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 79.302829] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 79.307205] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 79.313795] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 79.318873] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 79.329798] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 79.331872] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 79.347594] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 79.350033] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 81.285293] Bluetooth: hci0: command tx timeout
[ 81.348678] Bluetooth: hci5: command tx timeout
[ 81.350133] Bluetooth: hci3: command tx timeout
[ 81.350872] Bluetooth: hci2: command tx timeout
[ 81.350915] Bluetooth: hci4: command tx timeout
[ 81.351664] Bluetooth: hci6: command tx timeout
[ 81.352157] Bluetooth: hci1: command tx timeout
[ 81.412653] Bluetooth: hci7: command tx timeout
[ 83.334915] Bluetooth: hci0: command tx timeout
[ 83.396620] Bluetooth: hci6: command tx timeout
[ 83.396755] Bluetooth: hci3: command tx timeout
[ 83.397308] Bluetooth: hci1: command tx timeout
[ 83.397735] Bluetooth: hci4: command tx timeout
[ 83.397778] Bluetooth: hci2: command tx timeout
[ 83.398399] Bluetooth: hci5: command tx timeout
[ 83.460587] Bluetooth: hci7: command tx timeout
[ 85.380617] Bluetooth: hci0: command tx timeout
[ 85.444640] Bluetooth: hci2: command tx timeout
[ 85.445364] Bluetooth: hci4: command tx timeout
[ 85.446120] Bluetooth: hci5: command tx timeout
[ 85.446122] Bluetooth: hci1: command tx timeout
[ 85.446154] Bluetooth: hci3: command tx timeout
[ 85.446593] Bluetooth: hci6: command tx timeout
[ 85.508678] Bluetooth: hci7: command tx timeout
[ 87.429847] Bluetooth: hci0: command tx timeout
[ 87.493761] Bluetooth: hci6: command tx timeout
[ 87.494447] Bluetooth: hci3: command tx timeout
[ 87.495285] Bluetooth: hci5: command tx timeout
[ 87.495984] Bluetooth: hci1: command tx timeout
[ 87.496667] Bluetooth: hci4: command tx timeout
[ 87.497309] Bluetooth: hci2: command tx timeout
[ 87.556854] Bluetooth: hci7: command tx timeout
[ 119.215774] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.217044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.466568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.467778] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.051782] audit: type=1400 audit(1756458214.648:8): avc: denied { open } for pid=3747 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 120.062662] audit: type=1400 audit(1756458214.648:9): avc: denied { kernel } for pid=3747 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 120.683427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.684161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.777399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.778047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:03:35 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r2 = getpid()
pidfd_open(0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x9, 0x81, 0x0, 0x0, 0x0, 0x5, 0x4440, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8000}, 0x60, 0x0, 0x9, 0x2, 0x100, 0x100, 0xff, 0x0, 0x3, 0x0, 0x1}, r2, 0x4, r0, 0xe)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
[ 120.881491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.882132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.978135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.978780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.136528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.137158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:03:35 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r2 = getpid()
pidfd_open(0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x9, 0x81, 0x0, 0x0, 0x0, 0x5, 0x4440, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8000}, 0x60, 0x0, 0x9, 0x2, 0x100, 0x100, 0xff, 0x0, 0x3, 0x0, 0x1}, r2, 0x4, r0, 0xe)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
[ 121.309836] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.310478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:03:36 executing program 1:
r0 = socket(0xa, 0x3, 0x6)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0)
[ 121.840584] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.841211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.908336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.908987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.955835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.956451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.046530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.046573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.089409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.090036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.208623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.209257] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.212034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.213060] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.231925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.232624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.373319] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 122.374706] EXT4-fs (loop5): unable to read superblock
09:03:37 executing program 2:
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
finit_module(r0, 0x0, 0x0)
09:03:37 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r2 = getpid()
pidfd_open(0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x9, 0x81, 0x0, 0x0, 0x0, 0x5, 0x4440, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8000}, 0x60, 0x0, 0x9, 0x2, 0x100, 0x100, 0xff, 0x0, 0x3, 0x0, 0x1}, r2, 0x4, r0, 0xe)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
09:03:37 executing program 4:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000, 0x0)
09:03:37 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4d, 0x0, &(0x7f0000000140)=0x47)
09:03:37 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f00000002c0)='ext3\x00', 0x0, 0x0, 0x1, &(0x7f0000001780)=[{&(0x7f0000000340)="b3", 0x1}], 0x0, &(0x7f0000001840))
ioprio_set$uid(0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f00000019c0)='./file0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001a40)='ext3\x00', &(0x7f0000001a80)='./file0\x00', 0x0, 0x1, &(0x7f0000001f80)=[{&(0x7f0000001ac0)="11", 0x1}], 0x0, &(0x7f0000002040))
09:03:37 executing program 1:
r0 = socket(0xa, 0x3, 0x6)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0)
09:03:37 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r2 = getpid()
pidfd_open(0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x9, 0x81, 0x0, 0x0, 0x0, 0x5, 0x4440, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8000}, 0x60, 0x0, 0x9, 0x2, 0x100, 0x100, 0xff, 0x0, 0x3, 0x0, 0x1}, r2, 0x4, r0, 0xe)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
09:03:37 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)
09:03:37 executing program 2:
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
finit_module(r0, 0x0, 0x0)
[ 122.529289] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 122.530197] EXT4-fs (loop5): unable to read superblock
09:03:37 executing program 1:
r0 = socket(0xa, 0x3, 0x6)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0)
09:03:37 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0)
r2 = getpid()
pidfd_open(0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x9, 0x81, 0x0, 0x0, 0x0, 0x5, 0x4440, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8000}, 0x60, 0x0, 0x9, 0x2, 0x100, 0x100, 0xff, 0x0, 0x3, 0x0, 0x1}, r2, 0x4, r0, 0xe)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
09:03:37 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4d, 0x0, &(0x7f0000000140)=0x47)
09:03:37 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)
09:03:37 executing program 4:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000, 0x0)
09:03:37 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)
09:03:37 executing program 2:
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
finit_module(r0, 0x0, 0x0)
09:03:37 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f00000002c0)='ext3\x00', 0x0, 0x0, 0x1, &(0x7f0000001780)=[{&(0x7f0000000340)="b3", 0x1}], 0x0, &(0x7f0000001840))
ioprio_set$uid(0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f00000019c0)='./file0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001a40)='ext3\x00', &(0x7f0000001a80)='./file0\x00', 0x0, 0x1, &(0x7f0000001f80)=[{&(0x7f0000001ac0)="11", 0x1}], 0x0, &(0x7f0000002040))
[ 122.643902] BUG: unable to handle page fault for address: ffffed1021c01106
[ 122.644547] #PF: supervisor read access in kernel mode
[ 122.644962] #PF: error_code(0x0000) - not-present page
[ 122.645389] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 122.646693] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[ 122.647839] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 122.650754] Tainted: [W]=WARN
[ 122.651448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 122.653161] RIP: 0010:perf_tp_event+0x175/0xe70
[ 122.653996] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 122.655477] RSP: 0018:ffff888045ac7800 EFLAGS: 00010216
[ 122.655914] RAX: 1ffff11021c01106 RBX: ffff88810e008640 RCX: ffffc90001a06000
[ 122.656495] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff88810e008830
[ 122.657080] RBP: ffff888045ac7a70 R08: ffff88806cf31340 R09: ffffe8ffffd15148
[ 122.657643] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 122.658213] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 122.658774] FS: 00007f7efc051700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 122.659408] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 122.659867] CR2: ffffed1021c01106 CR3: 000000000abe9000 CR4: 0000000000350ef0
[ 122.660430] Call Trace:
[ 122.660639]
[ 122.660822] ? perf_swevent_event+0x63/0x3f0
[ 122.661187] ? __pfx_perf_tp_event+0x10/0x10
[ 122.661539] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 122.661936] ? perf_swevent_event+0x63/0x3f0
[ 122.662291] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 122.662687] ? perf_swevent_event+0x63/0x3f0
[ 122.663041] ? perf_tp_event+0x807/0xe70
[ 122.663371] ? __pfx_perf_tp_event+0x10/0x10
[ 122.663727] ? __perf_install_in_context+0x503/0xb90
[ 122.664130] ? do_raw_spin_unlock+0x53/0x220
[ 122.664490] ? perf_trace_run_bpf_submit+0xef/0x180
[ 122.664888] perf_trace_run_bpf_submit+0xef/0x180
[ 122.665286] perf_trace_lock+0x337/0x5d0
[ 122.665615] ? __pfx_perf_trace_lock+0x10/0x10
[ 122.665984] ? lock_acquire+0x15e/0x2f0
[ 122.666309] ? futex_ref_get+0x48/0x300
[ 122.666626] ? futex_ref_get+0x114/0x300
[ 122.666945] ? futex_hash+0x15c/0x390
[ 122.667246] lock_release+0x1ab/0x290
[ 122.667551] ? futex_hash+0x15c/0x390
[ 122.667854] futex_ref_get+0x119/0x300
[ 122.668174] ? futex_hash+0x15c/0x390
[ 122.668478] futex_hash+0x70/0x390
[ 122.668774] futex_wake+0x143/0x540
[ 122.669084] ? __pfx_perf_trace_lock+0x10/0x10
[ 122.669466] ? __pfx_futex_wake+0x10/0x10
[ 122.669812] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 122.670228] ? lock_release+0xc8/0x290
[ 122.670553] do_futex+0x26d/0x370
[ 122.670844] ? __pfx_do_futex+0x10/0x10
[ 122.671174] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 122.671603] ? find_held_lock+0x2b/0x80
[ 122.671941] __x64_sys_futex+0x1c9/0x4d0
[ 122.672276] ? __pfx___x64_sys_futex+0x10/0x10
[ 122.672653] ? xfd_validate_state+0x55/0x180
[ 122.673031] do_syscall_64+0xbf/0x360
[ 122.673346] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 122.673763] RIP: 0033:0x7f7efeadbb19
[ 122.674067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 122.675542] RSP: 002b:00007f7efc051218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 122.676154] RAX: ffffffffffffffda RBX: 00007f7efebeef68 RCX: 00007f7efeadbb19
[ 122.676725] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7efebeef6c
[ 122.677301] RBP: 00007f7efebeef60 R08: 000000000000000e R09: 0000000000000000
[ 122.677880] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7efebeef6c
[ 122.678452] R13: 00007ffde5da576f R14: 00007f7efc051300 R15: 0000000000022000
[ 122.679036]
[ 122.679228] Modules linked in:
[ 122.679495] CR2: ffffed1021c01106
[ 122.679778] ---[ end trace 0000000000000000 ]---
[ 122.679781] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 122.680161] RIP: 0010:perf_tp_event+0x175/0xe70
[ 122.681108] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 122.681478] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 122.682083] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 122.683537] RSP: 0018:ffff888045ac7800 EFLAGS: 00010216
[ 122.684489] Tainted: [D]=DIE, [W]=WARN
[ 122.684914] RAX: 1ffff11021c01106 RBX: ffff88810e008640 RCX: ffffc90001a06000
[ 122.685237] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 122.685817] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff88810e008830
[ 122.686472] RIP: 0010:perf_tp_event+0x175/0xe70
[ 122.687044] RBP: ffff888045ac7a70 R08: ffff88806cf31340 R09: ffffe8ffffd15148
[ 122.687408] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 122.687980] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 122.689445] RSP: 0018:ffff88804349f800 EFLAGS: 00010212
[ 122.690013] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 122.690442] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 122.691015] FS: 00007f7efc051700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 122.691576] RDX: ffff888009bed280 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 122.692215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 122.692783] RBP: ffff88804349fa70 R08: ffff88806ce31340 R09: ffffe8ffffc15148
[ 122.693256] CR2: ffffed1021c01106 CR3: 000000000abe9000 CR4: 0000000000350ef0
[ 122.693828] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 122.694402] note: syz-executor.0[3937] exited with irqs disabled
[ 122.694973] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 122.696031] FS: 000055556e286400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 122.696684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 122.697161] CR2: 000055556e287c18 CR3: 0000000042a16000 CR4: 0000000000350ef0
[ 122.697736] Call Trace:
[ 122.697951]
[ 122.698141] ? arch_scale_cpu_capacity+0x17/0xa0
[ 122.698540] ? __pfx_perf_tp_event+0x10/0x10
[ 122.698905] ? __asan_memset+0x24/0x50
[ 122.699236] ? __pfx_perf_trace_lock+0x10/0x10
[ 122.699614] ? __pfx___mutex_lock+0x10/0x10
[ 122.699972] ? perf_trace_lock+0xb5/0x5d0
[ 122.700309] ? kvm_sched_clock_read+0x16/0x30
[ 122.700682] ? sched_clock+0x37/0x60
[ 122.701004] ? sched_clock_cpu+0x6c/0x4e0
[ 122.701351] ? perf_trace_run_bpf_submit+0xef/0x180
[ 122.701765] perf_trace_run_bpf_submit+0xef/0x180
[ 122.702162] perf_trace_lock+0x337/0x5d0
[ 122.702498] ? __pfx_perf_trace_lock+0x10/0x10
[ 122.702872] ? __pfx_perf_trace_lock+0x10/0x10
[ 122.703244] ? get_futex_key+0x592/0x14a0
[ 122.703585] ? futex_ref_get+0x114/0x300
[ 122.703914] ? futex_hash+0x15c/0x390
[ 122.704225] lock_release+0x1ab/0x290
[ 122.704541] ? futex_hash+0x15c/0x390
[ 122.704858] futex_ref_get+0x119/0x300
[ 122.705183] ? futex_hash+0x15c/0x390
[ 122.705494] futex_hash+0x70/0x390
[ 122.705790] futex_wake+0x143/0x540
[ 122.706092] ? put_pid+0x1f/0x30
[ 122.706370] ? kernel_clone+0x204/0x7f0
[ 122.706697] ? __pfx_futex_wake+0x10/0x10
[ 122.707047] ? __pfx_kernel_clone+0x10/0x10
[ 122.707399] ? perf_trace_lock+0xb5/0x5d0
[ 122.707739] ? __pfx___handle_mm_fault+0x10/0x10
[ 122.708135] do_futex+0x26d/0x370
[ 122.708423] ? __pfx_do_futex+0x10/0x10
[ 122.708747] ? __pfx___do_sys_clone+0x10/0x10
[ 122.709121] ? handle_mm_fault+0x590/0x9b0
[ 122.709470] __x64_sys_futex+0x1c9/0x4d0
[ 122.709807] ? __pfx___x64_sys_futex+0x10/0x10
[ 122.710184] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 122.710612] do_syscall_64+0xbf/0x360
[ 122.710928] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 122.711341] RIP: 0033:0x7f7fe0459b19
[ 122.711646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 122.713112] RSP: 002b:00007ffd2c6add08 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 122.713725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7fe0459b19
[ 122.714294] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7fe056cf68
[ 122.714871] RBP: 00007f7fe056cf60 R08: 00007f7fdd9cf700 R09: 0000000000000000
[ 122.715440] R10: 00007f7fdd9cf700 R11: 0000000000000246 R12: 00007f7fe0571a68
[ 122.716014] R13: 00007ffd2c6ade10 R14: 00007f7fe056cf60 R15: 000000000001deb5
[ 122.716598]
[ 122.716792] Modules linked in:
[ 122.717069] BUG: unable to handle page fault for address: ffffed1021c01106
[ 122.717633] #PF: supervisor read access in kernel mode
[ 122.718054] #PF: error_code(0x0000) - not-present page
[ 122.718470] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 122.718926] Oops: Oops: 0000 [#3] SMP KASAN NOPTI
[ 122.719316] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 122.720267] Tainted: [D]=DIE, [W]=WARN
[ 122.720578] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 122.721243] RIP: 0010:perf_tp_event+0x175/0xe70
[ 122.721628] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 122.723090] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010016
[ 122.723525] RAX: 1ffff11021c01106 RBX: ffff88810e008640 RCX: 0000000000000002
[ 122.724100] RDX: ffff88800f015280 RSI: ffffffff818995b7 RDI: ffff88810e008830
[ 122.724673] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15148
[ 122.725248] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 122.725821] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000
[ 122.726396] FS: 00007f7efc051700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 122.727038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 122.727505] CR2: ffffed1021c01106 CR3: 000000000abe9000 CR4: 0000000000350ef0
[ 122.728082] Call Trace:
[ 122.728293]
[ 122.728478] ? __pfx_perf_tp_event+0x10/0x10
[ 122.728847] ? place_entity+0x300/0x410
[ 122.729183] ? enqueue_task_fair+0x43a/0x1e00
[ 122.729555] ? lock_is_held_type+0x9e/0x120
[ 122.729910] ? find_held_lock+0x2b/0x80
[ 122.730245] ? mark_held_locks+0x49/0x80
[ 122.730580] ? sched_balance_rq+0xf42/0x29a0
[ 122.730941] ? lock_acquire+0x15e/0x2f0
[ 122.731267] ? perf_trace_run_bpf_submit+0xef/0x180
[ 122.731681] perf_trace_run_bpf_submit+0xef/0x180
[ 122.732079] perf_trace_lock+0x337/0x5d0
[ 122.732415] ? __pfx_perf_trace_lock+0x10/0x10
[ 122.732790] ? sched_balance_domains+0x2f1/0xc10
[ 122.733193] ? lock_release+0xc8/0x290
[ 122.733514] ? hrtimer_interrupt+0x114/0x830
[ 122.733875] lock_release+0x1ab/0x290
[ 122.734190] ktime_get_update_offsets_now+0xab/0x3c0
[ 122.734601] ? hrtimer_interrupt+0x114/0x830
[ 122.734962] hrtimer_interrupt+0x114/0x830
[ 122.735303] ? __local_bh_enable+0x7b/0x90
[ 122.735649] ? handle_softirqs+0x50c/0x770
[ 122.736001] __sysvec_apic_timer_interrupt+0xbb/0x330
[ 122.736423] sysvec_apic_timer_interrupt+0x6b/0x80
[ 122.736822]
[ 122.737020]
[ 122.737207] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 122.737632] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 122.738015] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 122.739457] RSP: 0018:ffff888045ac7f28 EFLAGS: 00000246
[ 122.739886] RAX: 0000000000000001 RBX: ffff88800f015280 RCX: ffffffff817c2b86
[ 122.740457] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 122.741032] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 122.741604] R10: ffffffff8643ac57 R11: 7973203a65746f6e R12: ffff88800f015280
[ 122.742178] R13: 0000000000000009 R14: ffff888045ac77e0 R15: 0000000000000000
[ 122.742756] ? trace_irq_enable.constprop.0+0x26/0x100
[ 122.743181] ? make_task_dead+0x214/0x3b0
[ 122.743519] ? make_task_dead+0x214/0x3b0
[ 122.743857] ? do_syscall_64+0xbf/0x360
[ 122.744181] rewind_stack_and_make_dead+0x16/0x20
[ 122.744575] RIP: 0033:0x7f7efeadbb19
[ 122.744876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 122.746341] RSP: 002b:00007f7efc051218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 122.746948] RAX: ffffffffffffffda RBX: 00007f7efebeef68 RCX: 00007f7efeadbb19
[ 122.747516] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7efebeef6c
[ 122.748088] RBP: 00007f7efebeef60 R08: 000000000000000e R09: 0000000000000000
[ 122.748665] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7efebeef6c
[ 122.749249] R13: 00007ffde5da576f R14: 00007f7efc051300 R15: 0000000000022000
[ 122.749832]
[ 122.750024] Modules linked in:
[ 122.750287] CR2: ffffed1021c01106
[ 122.750572] ---[ end trace 0000000000000000 ]---
[ 122.750573] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[ 122.750949] RIP: 0010:perf_tp_event+0x175/0xe70
[ 122.751826] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 122.752200] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 122.752802] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 122.754253] RSP: 0018:ffff888045ac7800 EFLAGS: 00010216
[ 122.755197] Tainted: [D]=DIE, [W]=WARN
[ 122.755617] RAX: 1ffff11021c01106 RBX: ffff88810e008640 RCX: ffffc90001a06000
[ 122.755930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 122.756491] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff88810e008830
[ 122.757152] RIP: 0010:perf_tp_event+0x175/0xe70
[ 122.757717] RBP: ffff888045ac7a70 R08: ffff88806cf31340 R09: ffffe8ffffd15148
[ 122.758087] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 122.758651] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 122.760076] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 122.760635] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 122.760647] FS: 00007f7efc051700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 122.761087] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 122.761656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 122.762289] RDX: ffff888009bed280 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 122.762865] CR2: ffffed1021c01106 CR3: 000000000abe9000 CR4: 0000000000350ef0
[ 122.763324] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15148
[ 122.763896] Kernel panic - not syncing: Fatal exception in interrupt
[ 123.807729] Shutting down cpus with NMI
[ 123.809326] Kernel Offset: disabled
[ 123.809616] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:03:37 Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffff888009bed280 RCX=ffff88804349f958 RDX=0000000000000000
RSI=1ffff11008693f19 RDI=ffff888009bed67c RBP=ffff88804349f910 RSP=ffff88804349f7e0
R8 =0000000000000000 R9 =0000000000000000 R10=ffff88804349f8b8 R11=00000000ffffffff
R12=0000000000000000 R13=ffff88804349f900 R14=ffff88804349f900 R15=ffff88804349f8b8
RIP=ffffffff815af8aa RFL=00000217 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055556e286400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe3b00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000000 CR3=0000000042a16000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888045ac6fb0
R8 =0000000000000000 R9 =ffffed1001489046 R10=00000000000fe503 R11=30376578302f4952
R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000
RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7efc051700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed1021c01106 CR3=000000000abe9000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f7efebc27c000007f7efebc27c8
XMM02=00007f7efebc27e000007f7efebc27c0 XMM03=00007f7efebc27c800007f7efebc27c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000