Warning: Permanently added '[localhost]:19296' (ECDSA) to the list of known hosts. 2025/08/29 08:29:40 fuzzer started 2025/08/29 08:29:40 dialing manager at localhost:43077 syzkaller login: [ 52.107083] cgroup: Unknown subsys name 'net' [ 52.163529] cgroup: Unknown subsys name 'cpuset' [ 52.175930] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:29:51 syscalls: 2214 2025/08/29 08:29:51 code coverage: enabled 2025/08/29 08:29:51 comparison tracing: enabled 2025/08/29 08:29:51 extra coverage: enabled 2025/08/29 08:29:51 setuid sandbox: enabled 2025/08/29 08:29:51 namespace sandbox: enabled 2025/08/29 08:29:51 Android sandbox: enabled 2025/08/29 08:29:51 fault injection: enabled 2025/08/29 08:29:51 leak checking: enabled 2025/08/29 08:29:51 net packet injection: enabled 2025/08/29 08:29:51 net device setup: enabled 2025/08/29 08:29:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:29:51 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:29:51 USB emulation: enabled 2025/08/29 08:29:51 hci packet injection: enabled 2025/08/29 08:29:51 wifi device emulation: enabled 2025/08/29 08:29:51 802.15.4 emulation: enabled 2025/08/29 08:29:51 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:29:51 fetching corpus: 36, signal 21751/24880 (executing program) 2025/08/29 08:29:51 fetching corpus: 74, signal 32592/36576 (executing program) 2025/08/29 08:29:51 fetching corpus: 123, signal 41016/45654 (executing program) 2025/08/29 08:29:51 fetching corpus: 170, signal 46870/52133 (executing program) 2025/08/29 08:29:51 fetching corpus: 220, signal 53582/59033 (executing program) 2025/08/29 08:29:51 fetching corpus: 270, signal 60502/65974 (executing program) 2025/08/29 08:29:51 fetching corpus: 320, signal 64335/69977 (executing program) 2025/08/29 08:29:52 fetching corpus: 367, signal 66390/72372 (executing program) 2025/08/29 08:29:52 fetching corpus: 417, signal 69673/75646 (executing program) 2025/08/29 08:29:52 fetching corpus: 466, signal 71884/77979 (executing program) 2025/08/29 08:29:52 fetching corpus: 516, signal 74608/80560 (executing program) 2025/08/29 08:29:52 fetching corpus: 566, signal 76935/82732 (executing program) 2025/08/29 08:29:52 fetching corpus: 616, signal 78608/84392 (executing program) 2025/08/29 08:29:52 fetching corpus: 666, signal 81322/86660 (executing program) 2025/08/29 08:29:52 fetching corpus: 716, signal 85628/89868 (executing program) 2025/08/29 08:29:53 fetching corpus: 766, signal 87117/91147 (executing program) 2025/08/29 08:29:53 fetching corpus: 816, signal 88722/92430 (executing program) 2025/08/29 08:29:53 fetching corpus: 866, signal 90285/93670 (executing program) 2025/08/29 08:29:53 fetching corpus: 916, signal 91930/94925 (executing program) 2025/08/29 08:29:53 fetching corpus: 966, signal 94319/96467 (executing program) 2025/08/29 08:29:53 fetching corpus: 1016, signal 95951/97499 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98310 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98349 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98396 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98437 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98489 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98536 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98575 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98616 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98669 (executing program) 2025/08/29 08:29:53 fetching corpus: 1065, signal 97342/98709 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/98752 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/98783 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/98823 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/98865 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/98922 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/98965 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99010 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99065 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99104 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99142 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99201 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99243 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99282 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99325 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99375 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99420 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99424 (executing program) 2025/08/29 08:29:54 fetching corpus: 1065, signal 97342/99424 (executing program) 2025/08/29 08:29:56 starting 8 fuzzer processes 08:29:56 executing program 0: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:29:56 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) 08:29:56 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp={0x44, 0x10, 0xb, 0x2, 0x0, [0x0, 0x0, 0x0]}]}}}], 0x20}, 0x0) 08:29:56 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) 08:29:56 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) connect$packet(r0, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) 08:29:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x7, 0x0, &(0x7f00000023c0)) 08:29:56 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 67.891929] audit: type=1400 audit(1756456196.821:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:29:56 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0x2a6}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) [ 69.066594] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.070086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.072057] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.077294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.081976] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.126698] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.130663] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.132285] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.135689] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.139245] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.186993] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.190588] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.192117] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.195866] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.197949] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.211671] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.215632] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.218488] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.221682] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.224099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.252960] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.265266] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.269704] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.279905] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.283976] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.288710] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.292684] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.294515] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.295201] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.299033] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.301776] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.312668] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.327701] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.328912] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 69.344736] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.346308] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 69.361169] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.362535] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.373851] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 69.387009] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.159707] Bluetooth: hci1: command tx timeout [ 71.160740] Bluetooth: hci0: command tx timeout [ 71.223614] Bluetooth: hci2: command tx timeout [ 71.288432] Bluetooth: hci3: command tx timeout [ 71.352386] Bluetooth: hci4: command tx timeout [ 71.416133] Bluetooth: hci5: command tx timeout [ 71.480417] Bluetooth: hci7: command tx timeout [ 71.480904] Bluetooth: hci6: command tx timeout [ 73.207558] Bluetooth: hci0: command tx timeout [ 73.208014] Bluetooth: hci1: command tx timeout [ 73.271409] Bluetooth: hci2: command tx timeout [ 73.335846] Bluetooth: hci3: command tx timeout [ 73.399436] Bluetooth: hci4: command tx timeout [ 73.464379] Bluetooth: hci5: command tx timeout [ 73.527383] Bluetooth: hci7: command tx timeout [ 73.527794] Bluetooth: hci6: command tx timeout [ 75.255383] Bluetooth: hci0: command tx timeout [ 75.255840] Bluetooth: hci1: command tx timeout [ 75.319467] Bluetooth: hci2: command tx timeout [ 75.383383] Bluetooth: hci3: command tx timeout [ 75.447445] Bluetooth: hci4: command tx timeout [ 75.511899] Bluetooth: hci5: command tx timeout [ 75.575480] Bluetooth: hci7: command tx timeout [ 75.575867] Bluetooth: hci6: command tx timeout [ 77.305527] Bluetooth: hci0: command tx timeout [ 77.305971] Bluetooth: hci1: command tx timeout [ 77.367404] Bluetooth: hci2: command tx timeout [ 77.431369] Bluetooth: hci3: command tx timeout [ 77.495505] Bluetooth: hci4: command tx timeout [ 77.559371] Bluetooth: hci5: command tx timeout [ 77.623478] Bluetooth: hci6: command tx timeout [ 77.623886] Bluetooth: hci7: command tx timeout [ 105.494050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.494967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.714510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.715108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.983378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.985264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:35 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) connect$packet(r0, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) [ 106.277448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.278988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:35 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) connect$packet(r0, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) 08:30:35 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) connect$packet(r0, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) 08:30:35 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x2}, [{}, {}, {}]}, 0x1b, 0x0) [ 106.532930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.533574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:35 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x2}, [{}, {}, {}]}, 0x1b, 0x0) [ 106.620196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.620978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:35 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x2}, [{}, {}, {}]}, 0x1b, 0x0) 08:30:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x7, 0x0, &(0x7f00000023c0)) 08:30:35 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x2}, [{}, {}, {}]}, 0x1b, 0x0) [ 106.899656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.900462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.066038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.066666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.158423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.159108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.267650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.269171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.773629] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.774223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.827637] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.828195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.860517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.861071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.884825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.885851] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.983844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.984436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.046977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.047639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.083329] audit: type=1400 audit(1756456236.971:8): avc: denied { open } for pid=3907 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.088128] audit: type=1400 audit(1756456236.972:9): avc: denied { kernel } for pid=3907 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:30:37 executing program 0: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:30:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x7, 0x0, &(0x7f00000023c0)) 08:30:37 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) 08:30:37 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) 08:30:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 08:30:37 executing program 3: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0x2a6}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) 08:30:37 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp={0x44, 0x10, 0xb, 0x2, 0x0, [0x0, 0x0, 0x0]}]}}}], 0x20}, 0x0) 08:30:37 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0x2a6}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) 08:30:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x7, 0x0, &(0x7f00000023c0)) 08:30:37 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp={0x44, 0x10, 0xb, 0x2, 0x0, [0x0, 0x0, 0x0]}]}}}], 0x20}, 0x0) 08:30:37 executing program 0: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:30:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 08:30:37 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) 08:30:37 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) 08:30:37 executing program 3: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp={0x44, 0x10, 0xb, 0x2, 0x0, [0x0, 0x0, 0x0]}]}}}], 0x20}, 0x0) 08:30:37 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r0, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0x2a6}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) 08:30:37 executing program 4: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 0: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:30:37 executing program 3: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 108.507932] kmemleak: Found object by alias at 0x607f1a639af4 [ 108.507953] CPU: 1 UID: 0 PID: 3956 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 108.507971] Tainted: [W]=WARN [ 108.507975] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.507982] Call Trace: [ 108.507986] [ 108.507991] dump_stack_lvl+0xca/0x120 [ 108.508017] __lookup_object+0x94/0xb0 [ 108.508034] delete_object_full+0x27/0x70 [ 108.508050] free_percpu+0x30/0x1160 [ 108.508066] ? arch_uprobe_clear_state+0x16/0x140 [ 108.508086] futex_hash_free+0x38/0xc0 [ 108.508101] mmput+0x2d3/0x390 [ 108.508119] do_exit+0x79d/0x2970 [ 108.508133] ? signal_wake_up_state+0x85/0x120 [ 108.508148] ? zap_other_threads+0x2b9/0x3a0 [ 108.508164] ? __pfx_do_exit+0x10/0x10 [ 108.508176] ? do_group_exit+0x1c3/0x2a0 [ 108.508190] ? lock_release+0xc8/0x290 [ 108.508206] do_group_exit+0xd3/0x2a0 [ 108.508221] __x64_sys_exit_group+0x3e/0x50 [ 108.508235] x64_sys_call+0x18c5/0x18d0 [ 108.508250] do_syscall_64+0xbf/0x360 [ 108.508262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.508273] RIP: 0033:0x7fc06c02ab19 [ 108.508282] Code: Unable to access opcode bytes at 0x7fc06c02aaef. [ 108.508287] RSP: 002b:00007ffc4c3eb408 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 108.508299] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fc06c02ab19 [ 108.508306] RDX: 00007fc06bfdd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 108.508318] RBP: 0000000000000000 R08: 0000001b2d125678 R09: 0000000000000000 [ 108.508325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.508332] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc4c3eb4f0 [ 108.508347] [ 108.508351] kmemleak: Object (percpu) 0x607f1a639af0 (size 8): [ 108.508358] kmemleak: comm "syz-executor.0", pid 3958, jiffies 4294775318 [ 108.508365] kmemleak: min_count = 1 [ 108.508369] kmemleak: count = 0 [ 108.508373] kmemleak: flags = 0x21 [ 108.508376] kmemleak: checksum = 0 [ 108.508380] kmemleak: backtrace: [ 108.508384] pcpu_alloc_noprof+0x87a/0x1170 [ 108.508399] percpu_ref_init+0x37/0x400 [ 108.508416] io_uring_setup+0x44c/0x2000 [ 108.508428] __x64_sys_io_uring_setup+0xc8/0x170 [ 108.508438] do_syscall_64+0xbf/0x360 [ 108.508447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.525343] ------------[ cut here ]------------ [ 108.525805] percpu ref (io_ring_ctx_ref_free) <= 0 (-4294967295) after switching to atomic [ 108.526124] WARNING: lib/percpu-refcount.c:197 at percpu_ref_switch_to_atomic_rcu+0x3cc/0x480, CPU#1: syz-executor.5/3956 [ 108.527640] Modules linked in: [ 108.527934] CPU: 1 UID: 0 PID: 3956 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 108.532397] Tainted: [W]=WARN [ 108.532650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.533291] RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x3cc/0x480 [ 108.533797] Code: 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 9e 00 00 00 49 8b 75 e8 48 c7 c7 80 97 e2 84 e8 75 c5 e9 fe 90 <0f> 0b 90 90 e9 2b ff ff ff e8 f6 de 5f ff e9 9e fe ff ff e8 7c df [ 108.535229] RSP: 0018:ffff88806cf08e20 EFLAGS: 00010286 [ 108.535675] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8139de70 [ 108.536235] RDX: ffff88800a78b700 RSI: ffffffff8139de7e RDI: 0000000000000001 [ 108.536807] RBP: 7fffffff00000000 R08: 0000000000000001 R09: ffffed100d9e4801 [ 108.537379] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800e6ca500 [ 108.537938] R13: ffff88800e6ca520 R14: 0000000000000002 R15: 0000000000000003 [ 108.538514] FS: 0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 108.539144] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.539629] CR2: 0000001b2cb22000 CR3: 000000000e3cf000 CR4: 0000000000350ef0 [ 108.540189] Call Trace: [ 108.540412] [ 108.540594] ? rcu_core+0x7c3/0x1800 [ 108.540900] rcu_core+0x7c8/0x1800 [ 108.541198] ? __pfx_rcu_core+0x10/0x10 [ 108.541542] ? trace_irq_enable.constprop.0+0x26/0x100 [ 108.541964] handle_softirqs+0x1b1/0x770 [ 108.542304] __irq_exit_rcu+0xc4/0x100 [ 108.542643] irq_exit_rcu+0x9/0x20 [ 108.542930] sysvec_apic_timer_interrupt+0x70/0x80 [ 108.543343] [ 108.543529] [ 108.543719] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 108.544135] RIP: 0010:_raw_spin_unlock_irqrestore+0x34/0x50 [ 108.544608] Code: c7 18 53 48 89 f3 48 8b 74 24 10 e8 16 f5 93 fc 48 89 ef e8 4e 40 94 fc 80 e7 02 74 06 e8 b4 48 be fc fb 65 ff 0d 6c 4c c6 02 <74> 07 5b 5d e9 33 23 00 00 0f 1f 44 00 00 5b 5d e9 27 23 00 00 0f [ 108.546029] RSP: 0018:ffff88800fdbfd50 EFLAGS: 00000286 [ 108.546466] RAX: 0000000000000ba5 RBX: 0000000000000203 RCX: ffffffff817c2b86 [ 108.547023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff84bde3bc [ 108.547603] RBP: ffffffff85d091e0 R08: 0000000000000001 R09: 0000000000000001 [ 108.548162] R10: ffffffff8643ac57 R11: 0000000000000001 R12: 0000607f1a639af4 [ 108.548747] R13: ffff88801c8f5d20 R14: 0000000000000000 R15: ffff888017d586c0 [ 108.549326] ? trace_irq_enable.constprop.0+0x26/0x100 [ 108.549743] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 108.550153] free_percpu+0x30/0x1160 [ 108.550607] ? arch_uprobe_clear_state+0x16/0x140 [ 108.551042] futex_hash_free+0x38/0xc0 [ 108.551449] mmput+0x2d3/0x390 [ 108.551769] do_exit+0x79d/0x2970 [ 108.552065] ? signal_wake_up_state+0x85/0x120 [ 108.552462] ? zap_other_threads+0x2b9/0x3a0 [ 108.552834] ? __pfx_do_exit+0x10/0x10 [ 108.553156] ? do_group_exit+0x1c3/0x2a0 [ 108.553509] ? lock_release+0xc8/0x290 [ 108.553837] do_group_exit+0xd3/0x2a0 [ 108.554155] __x64_sys_exit_group+0x3e/0x50 [ 108.554527] x64_sys_call+0x18c5/0x18d0 [ 108.554857] do_syscall_64+0xbf/0x360 [ 108.555172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.555616] RIP: 0033:0x7fc06c02ab19 [ 108.555920] Code: Unable to access opcode bytes at 0x7fc06c02aaef. [ 108.556427] RSP: 002b:00007ffc4c3eb408 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 108.557033] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fc06c02ab19 [ 108.557615] RDX: 00007fc06bfdd72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 108.558182] RBP: 0000000000000000 R08: 0000001b2d125678 R09: 0000000000000000 [ 108.558763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.559347] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc4c3eb4f0 [ 108.559938] [ 108.560131] irq event stamp: 3602 [ 108.560428] hardirqs last enabled at (3612): [] __up_console_sem+0x78/0x80 [ 108.561113] hardirqs last disabled at (3619): [] __up_console_sem+0x5d/0x80 [ 108.561809] softirqs last enabled at (2744): [] handle_softirqs+0x50c/0x770 [ 108.562524] softirqs last disabled at (2983): [] __irq_exit_rcu+0xc4/0x100 [ 108.563203] ---[ end trace 0000000000000000 ]--- [ 108.563610] percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff88800e6ca500 pointer offset 0 size 64 08:30:37 executing program 6: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 4: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 3: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) 08:30:37 executing program 0: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0182101, 0x0) 08:30:37 executing program 2: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:30:37 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) 08:30:37 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) 08:30:37 executing program 4: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 6: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 0: r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0) 08:30:37 executing program 2: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 08:30:37 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r2 = dup2(r0, r1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x13, r2, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x0) [ 108.720031] Oops: general protection fault, probably for non-canonical address 0xfdfffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 108.720887] KASAN: maybe wild-memory-access in range [0xf000000000000190-0xf000000000000197] [ 108.721513] CPU: 0 UID: 0 PID: 3979 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 108.722395] Tainted: [W]=WARN [ 108.722634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.723247] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.723619] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.724961] RSP: 0018:ffff888045f777c0 EFLAGS: 00010212 [ 108.725359] RAX: 1e00000000000032 RBX: efffffffffffffa0 RCX: ffffc90009839000 [ 108.725887] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: f000000000000190 [ 108.726414] RBP: ffff888045f77a30 R08: ffff88806ce31340 R09: ffffe8ffffc16af0 [ 108.726942] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 108.727470] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 108.728008] FS: 00007ff377dcb700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 108.728607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.729049] CR2: 00007ff37a969018 CR3: 000000000d536000 CR4: 0000000000350ef0 [ 108.729584] Call Trace: [ 108.729782] [ 108.729957] ? merge_sched_in+0xcb/0x1810 [ 108.730276] ? __pfx_perf_tp_event+0x10/0x10 [ 108.730617] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 108.730998] ? perf_tp_event+0x807/0xe70 [ 108.731313] ? lock_is_held_type+0x9e/0x120 [ 108.731657] ? __pfx_perf_tp_event+0x10/0x10 [ 108.732001] ? __pfx_ctx_sched_in+0x10/0x10 [ 108.732325] ? arch_stack_walk+0x9c/0xf0 [ 108.732638] ? find_held_lock+0x2b/0x80 [ 108.732953] ? perf_trace_run_bpf_submit+0xef/0x180 [ 108.733332] perf_trace_run_bpf_submit+0xef/0x180 [ 108.733705] perf_trace_lock_acquire+0x3c2/0x700 [ 108.734072] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 108.734472] ? lock_acquire+0x15e/0x2f0 [ 108.734783] lock_acquire+0xc5/0x2f0 [ 108.735069] ? futex_private_hash_put+0x4c/0x2d0 [ 108.735435] ? futex_hash+0x2d8/0x390 [ 108.735731] ? lock_release+0xc8/0x290 [ 108.736030] futex_private_hash_put+0x5d/0x2d0 [ 108.736377] ? futex_private_hash_put+0x4c/0x2d0 [ 108.736736] futex_hash_put+0x3f/0x50 [ 108.737027] futex_wake+0x1bb/0x540 [ 108.737314] ? __pfx_futex_wake+0x10/0x10 [ 108.737633] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 108.738022] ? lock_release+0xc8/0x290 [ 108.738322] do_futex+0x26d/0x370 [ 108.738591] ? __pfx_do_futex+0x10/0x10 [ 108.738894] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 108.739296] ? find_held_lock+0x2b/0x80 [ 108.739618] __x64_sys_futex+0x1c9/0x4d0 [ 108.739929] ? __pfx___x64_sys_futex+0x10/0x10 [ 108.740280] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 108.740674] do_syscall_64+0xbf/0x360 [ 108.740964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.741350] RIP: 0033:0x7ff37a855b19 [ 108.741632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.742963] RSP: 002b:00007ff377dcb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 108.743526] RAX: ffffffffffffffda RBX: 00007ff37a968f68 RCX: 00007ff37a855b19 [ 108.744064] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff37a968f6c [ 108.744628] RBP: 00007ff37a968f60 R08: 000000000000000e R09: 0000000000000000 [ 108.745197] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff37a968f6c [ 108.745763] R13: 00007ffeccb3acaf R14: 00007ff377dcb300 R15: 0000000000022000 [ 108.746339] [ 108.746530] Modules linked in: [ 108.746813] Oops: general protection fault, probably for non-canonical address 0xfdfffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 108.747723] KASAN: maybe wild-memory-access in range [0xf000000000000190-0xf000000000000197] [ 108.748416] CPU: 0 UID: 0 PID: 3979 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 108.749356] Tainted: [D]=DIE, [W]=WARN [ 108.749661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.750306] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.750678] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.752141] RSP: 0018:ffff88806ce08a40 EFLAGS: 00010012 [ 108.752561] RAX: 1e00000000000032 RBX: efffffffffffffa0 RCX: ffffffff81898973 [ 108.753128] RDX: ffff888014325280 RSI: ffffffff818995b7 RDI: f000000000000190 [ 108.753690] RBP: ffff88806ce08cb0 R08: ffff88806ce31490 R09: ffffe8ffffc16af0 [ 108.754250] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 108.754808] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 108.755368] FS: 00007ff377dcb700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 108.756009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.756468] CR2: 00007ff37a969018 CR3: 000000000d536000 CR4: 0000000000350ef0 [ 108.757027] Call Trace: [ 108.757237] [ 108.757415] ? __kernel_text_address+0xd/0x40 [ 108.757781] ? __pfx_perf_tp_event+0x10/0x10 [ 108.758139] ? stack_trace_save+0x8e/0xc0 [ 108.758477] ? stack_depot_save_flags+0x2c/0xa20 [ 108.758861] ? kasan_save_stack+0x34/0x50 [ 108.759195] ? kasan_save_stack+0x24/0x50 [ 108.759528] ? kasan_save_track+0x14/0x30 [ 108.759866] ? __kasan_save_free_info+0x3a/0x60 [ 108.760236] ? __kasan_slab_free+0x3f/0x50 [ 108.760576] ? kmem_cache_free+0x2a1/0x540 [ 108.760913] ? rcu_core+0x7c8/0x1800 [ 108.761218] ? handle_softirqs+0x1b1/0x770 [ 108.761564] ? __irq_exit_rcu+0xc4/0x100 [ 108.761893] ? irq_exit_rcu+0x9/0x20 [ 108.762187] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 108.762597] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 108.763022] ? ktime_get+0x1c9/0x270 [ 108.763324] ? copy_process+0x4e28/0x73c0 [ 108.763661] ? kernel_clone+0xea/0x7f0 [ 108.763968] ? __do_sys_clone+0xce/0x120 [ 108.764288] ? do_syscall_64+0xbf/0x360 [ 108.764602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.765026] ? perf_trace_run_bpf_submit+0xef/0x180 [ 108.765422] perf_trace_run_bpf_submit+0xef/0x180 [ 108.765810] perf_trace_lock_acquire+0x3c2/0x700 [ 108.766194] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 108.766612] ? kvm_sched_clock_read+0x16/0x30 [ 108.766976] ? enqueue_task_fair+0x43a/0x1e00 [ 108.767340] lock_acquire+0xc5/0x2f0 [ 108.767654] ? sched_ttwu_pending+0xa1/0x4a0 [ 108.768009] ? sched_ttwu_pending+0x2e0/0x4a0 [ 108.768370] ? lock_release+0xc8/0x290 [ 108.768681] _raw_spin_lock_nested+0x29/0x40 [ 108.769035] ? sched_ttwu_pending+0xa1/0x4a0 [ 108.769391] sched_ttwu_pending+0xa1/0x4a0 [ 108.769732] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 108.770124] __flush_smp_call_function_queue+0x434/0x740 [ 108.770563] __sysvec_call_function_single+0x6d/0x370 [ 108.770976] sysvec_call_function_single+0xa1/0xc0 [ 108.771369] [ 108.771559] [ 108.771744] asm_sysvec_call_function_single+0x1a/0x20 [ 108.772161] RIP: 0010:oops_exit+0x0/0x50 [ 108.772488] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 108.773906] RSP: 0018:ffff888045f77650 EFLAGS: 00000202 [ 108.774326] RAX: 0000000000029af1 RBX: 0000000000000216 RCX: ffffc90009839000 [ 108.774884] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 108.775441] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 108.776008] R10: 0000000000000000 R11: 000000000000002c R12: ffff888045f77718 [ 108.776566] R13: 0000000000000000 R14: fdfffc0000000032 R15: 0000000000000000 [ 108.777129] ? oops_end+0x4a/0xe0 [ 108.777419] oops_end+0x65/0xe0 [ 108.777691] exc_general_protection+0x1a2/0x330 [ 108.778066] asm_exc_general_protection+0x26/0x30 [ 108.778450] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.778830] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.780260] RSP: 0018:ffff888045f777c0 EFLAGS: 00010212 [ 108.780680] RAX: 1e00000000000032 RBX: efffffffffffffa0 RCX: ffffc90009839000 [ 108.781237] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: f000000000000190 [ 108.781795] RBP: ffff888045f77a30 R08: ffff88806ce31340 R09: ffffe8ffffc16af0 [ 108.782353] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 108.782913] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 108.783475] ? perf_tp_event+0x167/0xe70 [ 108.783811] ? merge_sched_in+0xcb/0x1810 [ 108.784144] ? __pfx_perf_tp_event+0x10/0x10 [ 108.784502] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 108.784904] ? perf_tp_event+0x807/0xe70 [ 108.785230] ? lock_is_held_type+0x9e/0x120 [ 108.785579] ? __pfx_perf_tp_event+0x10/0x10 [ 108.785935] ? __pfx_ctx_sched_in+0x10/0x10 [ 108.786275] ? arch_stack_walk+0x9c/0xf0 [ 108.786604] ? find_held_lock+0x2b/0x80 [ 108.786930] ? perf_trace_run_bpf_submit+0xef/0x180 [ 108.787329] perf_trace_run_bpf_submit+0xef/0x180 [ 108.787724] perf_trace_lock_acquire+0x3c2/0x700 [ 108.788113] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 108.788532] ? lock_acquire+0x15e/0x2f0 [ 108.788852] lock_acquire+0xc5/0x2f0 [ 108.789153] ? futex_private_hash_put+0x4c/0x2d0 [ 108.789529] ? futex_hash+0x2d8/0x390 [ 108.789834] ? lock_release+0xc8/0x290 [ 108.790148] futex_private_hash_put+0x5d/0x2d0 [ 108.790509] ? futex_private_hash_put+0x4c/0x2d0 [ 108.790887] futex_hash_put+0x3f/0x50 [ 108.791191] futex_wake+0x1bb/0x540 [ 108.791493] ? __pfx_futex_wake+0x10/0x10 [ 108.791835] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 108.792240] ? lock_release+0xc8/0x290 [ 108.792556] do_futex+0x26d/0x370 [ 108.792838] ? __pfx_do_futex+0x10/0x10 [ 108.793155] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 108.793576] ? find_held_lock+0x2b/0x80 [ 108.793902] __x64_sys_futex+0x1c9/0x4d0 [ 108.794232] ? __pfx___x64_sys_futex+0x10/0x10 [ 108.794604] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 108.795018] do_syscall_64+0xbf/0x360 [ 108.795324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.795738] RIP: 0033:0x7ff37a855b19 [ 108.796034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.797459] RSP: 002b:00007ff377dcb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 108.798057] RAX: ffffffffffffffda RBX: 00007ff37a968f68 RCX: 00007ff37a855b19 [ 108.798618] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff37a968f6c [ 108.799174] RBP: 00007ff37a968f60 R08: 000000000000000e R09: 0000000000000000 [ 108.799744] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff37a968f6c [ 108.800301] R13: 00007ffeccb3acaf R14: 00007ff377dcb300 R15: 0000000000022000 [ 108.800873] [ 108.801061] Modules linked in: [ 108.801322] ---[ end trace 0000000000000000 ]--- [ 108.801325] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 108.801691] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.802621] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 108.802981] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.803682] CPU: 1 UID: 0 PID: 3980 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 108.805097] RSP: 0018:ffff888045f777c0 EFLAGS: 00010212 [ 108.806031] Tainted: [D]=DIE, [W]=WARN [ 108.806440] RAX: 1e00000000000032 RBX: efffffffffffffa0 RCX: ffffc90009839000 [ 108.806745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.807296] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: f000000000000190 [ 108.807953] RIP: 0010:perf_tp_event+0x175/0xe70 [ 108.808505] RBP: ffff888045f77a30 R08: ffff88806ce31340 R09: ffffe8ffffc16af0 [ 108.808879] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 108.809433] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 108.810858] RSP: 0018:ffff888046807600 EFLAGS: 00010212 [ 108.811415] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 108.811418] [ 108.811427] FS: 00007ff377dcb700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 108.811844] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90007427000 [ 108.812399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.812536] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 108.813164] CR2: 00007ff37a969018 CR3: 000000000d536000 CR4: 0000000000350ef0 [ 108.813727] RBP: ffff888046807870 R08: ffff88806cf31340 R09: ffffe8ffffd16af0 [ 108.814179] Kernel panic - not syncing: Fatal exception in interrupt [ 108.816658] Kernel Offset: disabled [ 108.816947] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:30:37 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000000 RCX=ffffffff817c29e6 RDX=fffffbfff0c8758b RSI=0000000000000008 RDI=ffffffff8643ac50 RBP=ffffffff85d091e0 RSP=ffff888016aaf820 R8 =0000000000000000 R9 =fffffbfff0c8758a R10=ffffffff8643ac57 R11=0000000000000001 R12=0000000000000246 R13=0000000000000000 R14=ffff888009320790 R15=ffffea000024c800 RIP=ffffffff817c29ee RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4a5ed75900 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4a5e1e5370 CR3=000000000e9e0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=7379735f343678203d4547415353454d XMM01=61635f7379735f343678203d45474153 XMM02=ffffffffffffffffffffffffffffffff XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=62ca07128ac0018d000000000014e1b8 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=bbe0b7c25300849a00000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88806cf08708 R8 =0000000000000000 R9 =ffffed10016fa046 R10=00000000000fe503 R11=0000000000000001 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000 RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cb22000 CR3=000000000e3cf000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00006b636f6c622f7665642f7379732f XMM02=ffff0000000000000000000000000000 XMM03=00000000000000ff000000ff000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00005637f340d24000005637f34732a0 XMM06=00005637f343f6a00000000300000004 XMM07=00000000000000000000000000000000 XMM08=6e753c007325732575253a5d73255b00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000