Warning: Permanently added '[localhost]:62514' (ECDSA) to the list of known hosts.
2025/08/29 09:35:53 fuzzer started
2025/08/29 09:35:54 dialing manager at localhost:43077
syzkaller login: [ 51.311396] cgroup: Unknown subsys name 'net'
[ 51.388366] cgroup: Unknown subsys name 'cpuset'
[ 51.403099] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:36:04 syscalls: 2214
2025/08/29 09:36:04 code coverage: enabled
2025/08/29 09:36:04 comparison tracing: enabled
2025/08/29 09:36:04 extra coverage: enabled
2025/08/29 09:36:04 setuid sandbox: enabled
2025/08/29 09:36:04 namespace sandbox: enabled
2025/08/29 09:36:04 Android sandbox: enabled
2025/08/29 09:36:04 fault injection: enabled
2025/08/29 09:36:04 leak checking: enabled
2025/08/29 09:36:04 net packet injection: enabled
2025/08/29 09:36:04 net device setup: enabled
2025/08/29 09:36:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:36:04 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:36:04 USB emulation: enabled
2025/08/29 09:36:04 hci packet injection: enabled
2025/08/29 09:36:04 wifi device emulation: enabled
2025/08/29 09:36:04 802.15.4 emulation: enabled
2025/08/29 09:36:04 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:36:04 fetching corpus: 50, signal 26443/29768 (executing program)
2025/08/29 09:36:04 fetching corpus: 100, signal 35226/39882 (executing program)
2025/08/29 09:36:04 fetching corpus: 150, signal 43140/48936 (executing program)
2025/08/29 09:36:04 fetching corpus: 200, signal 49634/56405 (executing program)
2025/08/29 09:36:04 fetching corpus: 250, signal 57758/65246 (executing program)
2025/08/29 09:36:04 fetching corpus: 300, signal 61454/69842 (executing program)
2025/08/29 09:36:05 fetching corpus: 350, signal 64284/73551 (executing program)
2025/08/29 09:36:05 fetching corpus: 400, signal 67749/77785 (executing program)
2025/08/29 09:36:05 fetching corpus: 450, signal 71838/82499 (executing program)
2025/08/29 09:36:05 fetching corpus: 500, signal 74265/85650 (executing program)
2025/08/29 09:36:05 fetching corpus: 550, signal 76114/88250 (executing program)
2025/08/29 09:36:05 fetching corpus: 600, signal 79131/91817 (executing program)
2025/08/29 09:36:05 fetching corpus: 650, signal 81130/94426 (executing program)
2025/08/29 09:36:05 fetching corpus: 700, signal 82940/96834 (executing program)
2025/08/29 09:36:05 fetching corpus: 750, signal 85816/100021 (executing program)
2025/08/29 09:36:05 fetching corpus: 800, signal 88148/102686 (executing program)
2025/08/29 09:36:06 fetching corpus: 850, signal 89649/104686 (executing program)
2025/08/29 09:36:06 fetching corpus: 900, signal 91575/106965 (executing program)
2025/08/29 09:36:06 fetching corpus: 950, signal 93179/108969 (executing program)
2025/08/29 09:36:06 fetching corpus: 1000, signal 94575/110762 (executing program)
2025/08/29 09:36:06 fetching corpus: 1050, signal 97237/113549 (executing program)
2025/08/29 09:36:06 fetching corpus: 1100, signal 99732/116093 (executing program)
2025/08/29 09:36:06 fetching corpus: 1150, signal 101519/118050 (executing program)
2025/08/29 09:36:06 fetching corpus: 1200, signal 102957/119749 (executing program)
2025/08/29 09:36:06 fetching corpus: 1250, signal 104210/121219 (executing program)
2025/08/29 09:36:06 fetching corpus: 1300, signal 105316/122602 (executing program)
2025/08/29 09:36:07 fetching corpus: 1350, signal 106332/123870 (executing program)
2025/08/29 09:36:07 fetching corpus: 1400, signal 107519/125250 (executing program)
2025/08/29 09:36:07 fetching corpus: 1450, signal 108569/126451 (executing program)
2025/08/29 09:36:07 fetching corpus: 1500, signal 109962/127953 (executing program)
2025/08/29 09:36:07 fetching corpus: 1550, signal 110852/129078 (executing program)
2025/08/29 09:36:07 fetching corpus: 1600, signal 112265/130454 (executing program)
2025/08/29 09:36:07 fetching corpus: 1650, signal 114294/132196 (executing program)
2025/08/29 09:36:07 fetching corpus: 1700, signal 115641/133461 (executing program)
2025/08/29 09:36:07 fetching corpus: 1750, signal 116984/134766 (executing program)
2025/08/29 09:36:07 fetching corpus: 1800, signal 117789/135747 (executing program)
2025/08/29 09:36:08 fetching corpus: 1850, signal 120144/137484 (executing program)
2025/08/29 09:36:08 fetching corpus: 1900, signal 121317/138525 (executing program)
2025/08/29 09:36:08 fetching corpus: 1950, signal 122413/139446 (executing program)
2025/08/29 09:36:08 fetching corpus: 2000, signal 123380/140327 (executing program)
2025/08/29 09:36:08 fetching corpus: 2050, signal 125074/141477 (executing program)
2025/08/29 09:36:08 fetching corpus: 2100, signal 125842/142223 (executing program)
2025/08/29 09:36:08 fetching corpus: 2150, signal 126449/142855 (executing program)
2025/08/29 09:36:08 fetching corpus: 2200, signal 127482/143730 (executing program)
2025/08/29 09:36:08 fetching corpus: 2250, signal 128894/144747 (executing program)
2025/08/29 09:36:08 fetching corpus: 2300, signal 130076/145688 (executing program)
2025/08/29 09:36:09 fetching corpus: 2350, signal 130872/146337 (executing program)
2025/08/29 09:36:09 fetching corpus: 2400, signal 131310/146874 (executing program)
2025/08/29 09:36:09 fetching corpus: 2450, signal 132158/147509 (executing program)
2025/08/29 09:36:09 fetching corpus: 2500, signal 132777/148041 (executing program)
2025/08/29 09:36:09 fetching corpus: 2550, signal 133713/148624 (executing program)
2025/08/29 09:36:09 fetching corpus: 2600, signal 134454/149137 (executing program)
2025/08/29 09:36:09 fetching corpus: 2650, signal 135440/149709 (executing program)
2025/08/29 09:36:09 fetching corpus: 2700, signal 136151/150199 (executing program)
2025/08/29 09:36:09 fetching corpus: 2750, signal 136798/150625 (executing program)
2025/08/29 09:36:10 fetching corpus: 2800, signal 137383/151088 (executing program)
2025/08/29 09:36:10 fetching corpus: 2850, signal 138395/151550 (executing program)
2025/08/29 09:36:10 fetching corpus: 2900, signal 139106/151934 (executing program)
2025/08/29 09:36:10 fetching corpus: 2950, signal 139495/152251 (executing program)
2025/08/29 09:36:10 fetching corpus: 3000, signal 139984/152557 (executing program)
2025/08/29 09:36:10 fetching corpus: 3050, signal 140572/152931 (executing program)
2025/08/29 09:36:10 fetching corpus: 3100, signal 141046/153219 (executing program)
2025/08/29 09:36:10 fetching corpus: 3150, signal 141451/153458 (executing program)
2025/08/29 09:36:10 fetching corpus: 3200, signal 142376/153794 (executing program)
2025/08/29 09:36:10 fetching corpus: 3250, signal 143489/154132 (executing program)
2025/08/29 09:36:11 fetching corpus: 3300, signal 144060/154396 (executing program)
2025/08/29 09:36:11 fetching corpus: 3350, signal 144816/154650 (executing program)
2025/08/29 09:36:11 fetching corpus: 3400, signal 145637/154952 (executing program)
2025/08/29 09:36:11 fetching corpus: 3450, signal 146346/155166 (executing program)
2025/08/29 09:36:11 fetching corpus: 3500, signal 146699/155353 (executing program)
2025/08/29 09:36:11 fetching corpus: 3550, signal 147295/155506 (executing program)
2025/08/29 09:36:11 fetching corpus: 3600, signal 148063/155675 (executing program)
2025/08/29 09:36:11 fetching corpus: 3650, signal 148578/155797 (executing program)
2025/08/29 09:36:11 fetching corpus: 3700, signal 149098/155915 (executing program)
2025/08/29 09:36:11 fetching corpus: 3750, signal 149599/155987 (executing program)
2025/08/29 09:36:12 fetching corpus: 3800, signal 150105/156012 (executing program)
2025/08/29 09:36:12 fetching corpus: 3850, signal 150684/156032 (executing program)
2025/08/29 09:36:12 fetching corpus: 3900, signal 151021/156040 (executing program)
2025/08/29 09:36:12 fetching corpus: 3950, signal 151434/156060 (executing program)
2025/08/29 09:36:12 fetching corpus: 4000, signal 152141/156064 (executing program)
2025/08/29 09:36:12 fetching corpus: 4050, signal 152478/156076 (executing program)
2025/08/29 09:36:12 fetching corpus: 4100, signal 153158/156090 (executing program)
2025/08/29 09:36:12 fetching corpus: 4150, signal 153630/156157 (executing program)
2025/08/29 09:36:12 fetching corpus: 4185, signal 153978/156157 (executing program)
2025/08/29 09:36:12 fetching corpus: 4185, signal 153978/156157 (executing program)
2025/08/29 09:36:14 starting 8 fuzzer processes
09:36:14 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b36, 0x0)
09:36:14 executing program 2:
r0 = epoll_create1(0x0)
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480), &(0x7f00000004c0), 0x8)
09:36:14 executing program 1:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/mnt\x00')
ftruncate(r0, 0x0)
09:36:14 executing program 4:
r0 = perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
09:36:14 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010063, 0x0)
[ 71.736647] audit: type=1400 audit(1756460174.796:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:36:14 executing program 6:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
09:36:14 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}})
09:36:14 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x49, 0x0, &(0x7f00000018c0))
[ 72.871454] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.875535] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.877518] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.880609] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.883680] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.885577] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.886990] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.890425] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.892579] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.897796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.998755] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 73.004637] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 73.007348] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 73.018999] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 73.023296] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 73.024563] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 73.026921] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 73.035896] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 73.051905] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 73.063598] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 73.087275] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 73.092726] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 73.098764] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 73.104797] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 73.108310] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 73.108414] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 73.112388] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 73.114198] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 73.114203] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 73.117297] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 73.118492] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 73.120480] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 73.127991] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 73.128920] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 73.132610] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 73.133618] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 73.134420] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 73.134560] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 73.142364] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 73.158422] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 74.966465] Bluetooth: hci0: command tx timeout
[ 74.966471] Bluetooth: hci1: command tx timeout
[ 75.094542] Bluetooth: hci3: command tx timeout
[ 75.095977] Bluetooth: hci2: command tx timeout
[ 75.223085] Bluetooth: hci5: command tx timeout
[ 75.223774] Bluetooth: hci6: command tx timeout
[ 75.224074] Bluetooth: hci7: command tx timeout
[ 75.286097] Bluetooth: hci4: command tx timeout
[ 77.014089] Bluetooth: hci1: command tx timeout
[ 77.014104] Bluetooth: hci0: command tx timeout
[ 77.142237] Bluetooth: hci3: command tx timeout
[ 77.142691] Bluetooth: hci2: command tx timeout
[ 77.270206] Bluetooth: hci6: command tx timeout
[ 77.270221] Bluetooth: hci5: command tx timeout
[ 77.271261] Bluetooth: hci7: command tx timeout
[ 77.334104] Bluetooth: hci4: command tx timeout
[ 79.062278] Bluetooth: hci1: command tx timeout
[ 79.062343] Bluetooth: hci0: command tx timeout
[ 79.190163] Bluetooth: hci2: command tx timeout
[ 79.192103] Bluetooth: hci3: command tx timeout
[ 79.318100] Bluetooth: hci6: command tx timeout
[ 79.319226] Bluetooth: hci7: command tx timeout
[ 79.319622] Bluetooth: hci5: command tx timeout
[ 79.382260] Bluetooth: hci4: command tx timeout
[ 81.110237] Bluetooth: hci1: command tx timeout
[ 81.112181] Bluetooth: hci0: command tx timeout
[ 81.239111] Bluetooth: hci3: command tx timeout
[ 81.239159] Bluetooth: hci2: command tx timeout
[ 81.366187] Bluetooth: hci5: command tx timeout
[ 81.366267] Bluetooth: hci7: command tx timeout
[ 81.366633] Bluetooth: hci6: command tx timeout
[ 81.430194] Bluetooth: hci4: command tx timeout
[ 109.843783] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.844442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.987999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.988774] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.411618] audit: type=1400 audit(1756460213.471:8): avc: denied { open } for pid=3618 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 110.422150] audit: type=1400 audit(1756460213.471:9): avc: denied { kernel } for pid=3618 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
09:36:53 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}})
09:36:53 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}})
09:36:53 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x4}})
[ 110.945321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.945931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:36:54 executing program 5:
r0 = syz_io_uring_setup(0x790a, &(0x7f0000000080), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000b40)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x2)
[ 111.070058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.070666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:36:54 executing program 5:
r0 = syz_io_uring_setup(0x790a, &(0x7f0000000080), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000b40)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x2)
09:36:54 executing program 5:
r0 = syz_io_uring_setup(0x790a, &(0x7f0000000080), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000b40)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x2)
09:36:54 executing program 5:
r0 = syz_io_uring_setup(0x790a, &(0x7f0000000080), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000b40)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x2)
09:36:54 executing program 6:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
[ 111.604253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.604829] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.701283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.701865] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.203243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.203817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.340494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.341369] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.135190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.135779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.193505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.194125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.229610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.230822] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.295627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.296322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.380080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.380660] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.389725] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.390373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.865345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.865951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.902345] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.902934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:36:57 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b36, 0x0)
09:36:57 executing program 2:
r0 = epoll_create1(0x0)
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480), &(0x7f00000004c0), 0x8)
09:36:57 executing program 1:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/mnt\x00')
ftruncate(r0, 0x0)
09:36:57 executing program 4:
r0 = perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
09:36:57 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x49, 0x0, &(0x7f00000018c0))
09:36:57 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010063, 0x0)
09:36:57 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
09:36:57 executing program 6:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
09:36:57 executing program 2:
r0 = epoll_create1(0x0)
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480), &(0x7f00000004c0), 0x8)
[ 114.073757] kmemleak: Found object by alias at 0x607f1a639c64
[ 114.073781] CPU: 1 UID: 0 PID: 3917 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.073799] Tainted: [W]=WARN
[ 114.073803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.073810] Call Trace:
[ 114.073814]
[ 114.073819] dump_stack_lvl+0xca/0x120
[ 114.073848] __lookup_object+0x94/0xb0
[ 114.073865] delete_object_full+0x27/0x70
[ 114.073882] free_percpu+0x30/0x1160
[ 114.073898] ? arch_uprobe_clear_state+0x16/0x140
[ 114.073918] futex_hash_free+0x38/0xc0
[ 114.073933] mmput+0x2d3/0x390
[ 114.073952] do_exit+0x79d/0x2970
[ 114.073970] ? __pfx_do_exit+0x10/0x10
[ 114.073984] ? find_held_lock+0x2b/0x80
[ 114.074002] ? get_signal+0x835/0x2340
[ 114.074028] do_group_exit+0xd3/0x2a0
[ 114.074043] get_signal+0x2315/0x2340
[ 114.074060] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 114.074077] ? __pfx_get_signal+0x10/0x10
[ 114.074093] ? __schedule+0xe91/0x3590
[ 114.074113] arch_do_signal_or_restart+0x80/0x790
[ 114.074131] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 114.074148] ? __x64_sys_futex+0x1c9/0x4d0
[ 114.074160] ? __x64_sys_futex+0x1d2/0x4d0
[ 114.074175] ? __pfx___x64_sys_futex+0x10/0x10
[ 114.074188] ? selinux_file_ioctl+0xb9/0x280
[ 114.074208] exit_to_user_mode_loop+0x8b/0x110
[ 114.074221] do_syscall_64+0x2f7/0x360
[ 114.074234] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.074246] RIP: 0033:0x7f87d6989b19
[ 114.074255] Code: Unable to access opcode bytes at 0x7f87d6989aef.
[ 114.074260] RSP: 002b:00007f87d3eff218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 114.074272] RAX: 0000000000000001 RBX: 00007f87d6a9cf68 RCX: 00007f87d6989b19
[ 114.074280] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f87d6a9cf6c
[ 114.074287] RBP: 00007f87d6a9cf60 R08: 000000000000000e R09: 0000000000000000
[ 114.074294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f87d6a9cf6c
[ 114.074301] R13: 00007ffdd37ec63f R14: 00007f87d3eff300 R15: 0000000000022000
[ 114.074317]
[ 114.074321] kmemleak: Object (percpu) 0x607f1a639c60 (size 8):
[ 114.074327] kmemleak: comm "kworker/u9:0", pid 25, jiffies 4294778527
[ 114.074334] kmemleak: min_count = 1
[ 114.074338] kmemleak: count = 0
[ 114.074342] kmemleak: flags = 0x21
[ 114.074345] kmemleak: checksum = 0
[ 114.074349] kmemleak: backtrace:
[ 114.074353] pcpu_alloc_noprof+0x87a/0x1170
[ 114.074368] fib_nh_common_init+0x30/0xd0
[ 114.074380] fib6_nh_init+0x968/0x1a00
[ 114.074391] ip6_route_info_create_nh+0x530/0xf80
[ 114.074401] ip6_route_add.part.0+0x59/0x170
[ 114.074410] ip6_route_add+0x48/0x60
[ 114.074419] addrconf_add_mroute+0x12d/0x190
[ 114.074430] addrconf_add_dev+0x148/0x1c0
[ 114.074443] addrconf_dev_config+0x1e9/0x430
[ 114.074458] addrconf_notify+0xa70/0x1920
[ 114.074474] notifier_call_chain+0xc0/0x360
[ 114.074485] call_netdevice_notifiers_info+0xbe/0x140
[ 114.074496] netif_state_change+0x157/0x330
[ 114.074505] linkwatch_do_dev+0x111/0x150
[ 114.074516] __linkwatch_run_queue+0x2ab/0x710
[ 114.074526] linkwatch_event+0x4e/0x70
09:36:57 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x49, 0x0, &(0x7f00000018c0))
09:36:57 executing program 1:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/mnt\x00')
ftruncate(r0, 0x0)
09:36:57 executing program 4:
r0 = perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
09:36:57 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b36, 0x0)
09:36:57 executing program 4:
r0 = perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
09:36:57 executing program 1:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/mnt\x00')
ftruncate(r0, 0x0)
09:36:57 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010063, 0x0)
09:36:57 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
09:36:57 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x49, 0x0, &(0x7f00000018c0))
09:36:57 executing program 6:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
09:36:57 executing program 2:
r0 = epoll_create1(0x0)
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480), &(0x7f00000004c0), 0x8)
09:36:57 executing program 2:
r0 = syz_io_uring_setup(0x790a, &(0x7f0000000080), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000b40)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x2)
09:36:57 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x18, 0x0, 0x1300)
09:36:57 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
setresuid(0x0, 0xee01, 0x0)
ioctl$KDSETLED(r0, 0x4b36, 0x0)
09:36:57 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010063, 0x0)
09:36:57 executing program 6:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed, 0x0, 0x3}, 0xe)
09:36:57 executing program 4:
shmat(0x0, &(0x7f0000ffa000/0x2000)=nil, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000fff000/0x1000)=nil, 0x6000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2010e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fork()
ptrace(0x10, r1)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x5000)
[ 114.356203] kmemleak: Found object by alias at 0x607f1a639c3c
[ 114.356222] CPU: 1 UID: 0 PID: 3951 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.356240] Tainted: [W]=WARN
[ 114.356243] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.356250] Call Trace:
[ 114.356255]
[ 114.356259] dump_stack_lvl+0xca/0x120
[ 114.356284] __lookup_object+0x94/0xb0
[ 114.356302] delete_object_full+0x27/0x70
[ 114.356318] free_percpu+0x30/0x1160
[ 114.356334] ? arch_uprobe_clear_state+0x16/0x140
[ 114.356354] futex_hash_free+0x38/0xc0
[ 114.356368] mmput+0x2d3/0x390
[ 114.356387] do_exit+0x79d/0x2970
[ 114.356405] ? __pfx_do_exit+0x10/0x10
[ 114.356418] ? find_held_lock+0x2b/0x80
[ 114.356437] ? get_signal+0x835/0x2340
[ 114.356457] do_group_exit+0xd3/0x2a0
[ 114.356471] get_signal+0x2315/0x2340
[ 114.356489] ? put_task_stack+0xd2/0x240
[ 114.356503] ? __pfx_get_signal+0x10/0x10
[ 114.356519] ? __schedule+0xe91/0x3590
[ 114.356539] arch_do_signal_or_restart+0x80/0x790
[ 114.356556] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 114.356572] ? __x64_sys_futex+0x1c9/0x4d0
[ 114.356585] ? __x64_sys_futex+0x1d2/0x4d0
[ 114.356598] ? __sys_socket+0x9f/0x260
[ 114.356613] ? __pfx___x64_sys_futex+0x10/0x10
[ 114.356626] ? xfd_validate_state+0x55/0x180
[ 114.356647] exit_to_user_mode_loop+0x8b/0x110
[ 114.356660] do_syscall_64+0x2f7/0x360
[ 114.356672] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.356684] RIP: 0033:0x7faf59157b19
[ 114.356692] Code: Unable to access opcode bytes at 0x7faf59157aef.
[ 114.356697] RSP: 002b:00007faf566cd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 114.356709] RAX: 0000000000000001 RBX: 00007faf5926af68 RCX: 00007faf59157b19
[ 114.356716] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faf5926af6c
[ 114.356723] RBP: 00007faf5926af60 R08: 000000000000000e R09: 0000000000000000
[ 114.356730] R10: 0000000000000003 R11: 0000000000000246 R12: 00007faf5926af6c
[ 114.356737] R13: 00007ffe9bdaee3f R14: 00007faf566cd300 R15: 0000000000022000
[ 114.356752]
[ 114.356756] kmemleak: Object (percpu) 0x607f1a639c38 (size 8):
[ 114.356763] kmemleak: comm "syz-executor.4", pid 3956, jiffies 4294781277
[ 114.356769] kmemleak: min_count = 1
[ 114.356773] kmemleak: count = 0
[ 114.356777] kmemleak: flags = 0x21
[ 114.356781] kmemleak: checksum = 0
[ 114.356784] kmemleak: backtrace:
[ 114.356788] pcpu_alloc_noprof+0x87a/0x1170
[ 114.356802] perf_trace_event_init+0x366/0xa10
[ 114.356816] perf_trace_init+0x1a4/0x2f0
[ 114.356827] perf_tp_event_init+0xa6/0x120
[ 114.356848] perf_try_init_event+0x140/0x9f0
[ 114.356861] perf_event_alloc.part.0+0x118e/0x45f0
[ 114.356877] __do_sys_perf_event_open+0x719/0x2c20
[ 114.356889] do_syscall_64+0xbf/0x360
[ 114.356898] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:36:57 executing program 2:
r0 = syz_io_uring_setup(0x790a, &(0x7f0000000080), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000b40)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x2)
09:36:57 executing program 1:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x14, 0x14, 0x1}, 0x14}}, 0x0)
09:36:57 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x18, 0x0, 0x1300)
09:36:57 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed, 0x0, 0x3}, 0xe)
09:36:57 executing program 6:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed, 0x0, 0x3}, 0xe)
09:36:57 executing program 4:
shmat(0x0, &(0x7f0000ffa000/0x2000)=nil, 0x0)
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000fff000/0x1000)=nil, 0x6000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2010e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fork()
ptrace(0x10, r1)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x5000)
09:36:57 executing program 0:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r0, 0x5601, 0x0)
09:36:57 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x402c5342, &(0x7f0000000080)={0x0, 0x1, 0x4000})
[ 114.515885] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 114.516813] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 114.517500] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.519093] Tainted: [W]=WARN
[ 114.519919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.521673] RIP: 0010:perf_tp_event+0x175/0xe70
[ 114.523160] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 114.526994] RSP: 0018:ffff888045927800 EFLAGS: 00010212
[ 114.527415] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 114.527968] RDX: ffff888016ee0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 114.528523] RBP: ffff888045927a70 R08: ffff88806cf31340 R09: ffffe8ffffd16c38
[ 114.529076] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 114.529638] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 114.530192] FS: 000055559228b400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 114.530817] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.531270] CR2: 00007f0304f70018 CR3: 00000000437fa000 CR4: 0000000000350ef0
[ 114.531822] Call Trace:
[ 114.532029]
[ 114.532217] ? arch_scale_cpu_capacity+0x17/0xa0
[ 114.532603] ? __pfx_perf_tp_event+0x10/0x10
[ 114.532954] ? __asan_memset+0x24/0x50
[ 114.533279] ? perf_trace_lock+0xb5/0x5d0
[ 114.533622] ? kvm_sched_clock_read+0x16/0x30
[ 114.533985] ? sched_clock+0x37/0x60
[ 114.534293] ? sched_clock_cpu+0x6c/0x4e0
[ 114.534625] ? lock_is_held_type+0x9e/0x120
[ 114.534975] ? perf_trace_run_bpf_submit+0xef/0x180
[ 114.535377] perf_trace_run_bpf_submit+0xef/0x180
[ 114.535770] perf_trace_lock+0x337/0x5d0
[ 114.536099] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.536465] ? lock_acquire+0x15e/0x2f0
[ 114.536786] ? futex_ref_get+0x48/0x300
[ 114.537104] ? futex_ref_get+0x114/0x300
[ 114.537423] ? futex_hash+0x15c/0x390
[ 114.537733] lock_release+0x1ab/0x290
[ 114.538038] ? futex_hash+0x15c/0x390
[ 114.538339] futex_ref_get+0x119/0x300
[ 114.538649] ? futex_hash+0x15c/0x390
[ 114.538948] futex_hash+0x70/0x390
[ 114.539232] futex_wake+0x143/0x540
[ 114.539531] ? put_pid+0x1f/0x30
[ 114.539804] ? kernel_clone+0x204/0x7f0
[ 114.540123] ? __pfx_futex_wake+0x10/0x10
[ 114.540454] ? __pfx_kernel_clone+0x10/0x10
[ 114.540796] ? perf_trace_lock+0xb5/0x5d0
[ 114.541130] do_futex+0x26d/0x370
[ 114.541412] ? __pfx_do_futex+0x10/0x10
[ 114.541738] ? __pfx___do_sys_clone+0x10/0x10
[ 114.542099] ? find_held_lock+0x2b/0x80
[ 114.542424] __x64_sys_futex+0x1c9/0x4d0
[ 114.542750] ? __pfx___x64_sys_futex+0x10/0x10
[ 114.543113] ? xfd_validate_state+0x55/0x180
[ 114.543475] do_syscall_64+0xbf/0x360
[ 114.543777] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.544182] RIP: 0033:0x7faf59157b19
[ 114.544477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 114.545888] RSP: 002b:00007ffe9bdaeeb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 114.546480] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faf59157b19
[ 114.547035] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faf5926af68
[ 114.547587] RBP: 00007faf5926af60 R08: 00007faf566cd700 R09: 0000000000000000
[ 114.548138] R10: 00007faf566cd700 R11: 0000000000000246 R12: 00007faf5926f060
[ 114.548692] R13: 00007ffe9bdaefc0 R14: 00007faf5926af60 R15: 000000000001bef1
[ 114.549250]
[ 114.549443] Modules linked in:
[ 114.549704] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 114.551438] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 114.552586] CPU: 0 UID: 0 PID: 3970 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.554424] Tainted: [D]=DIE, [W]=WARN
[ 114.555010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.556247] RIP: 0010:perf_tp_event+0x175/0xe70
[ 114.556981] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 114.559723] RSP: 0018:ffff888045867800 EFLAGS: 00010212
[ 114.560529] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 114.561610] RDX: ffff88801bc60000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 114.562681] RBP: ffff888045867a70 R08: ffff88806ce31340 R09: ffffe8ffffc16c38
[ 114.563754] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 114.564844] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 114.565931] FS: 00005555841ad400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 114.567148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.568049] CR2: 00005555841aec18 CR3: 000000000d61a000 CR4: 0000000000350ef0
[ 114.569133] Call Trace:
[ 114.569539]
[ 114.569909] ? arch_scale_cpu_capacity+0x17/0xa0
[ 114.570654] ? __pfx_perf_tp_event+0x10/0x10
[ 114.571340] ? __asan_memset+0x24/0x50
[ 114.571967] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.572668] ? __pfx___mutex_lock+0x10/0x10
[ 114.573338] ? perf_trace_lock+0xb5/0x5d0
[ 114.573996] ? kvm_sched_clock_read+0x16/0x30
[ 114.574698] ? sched_clock+0x37/0x60
[ 114.575289] ? sched_clock_cpu+0x6c/0x4e0
[ 114.575940] ? perf_trace_run_bpf_submit+0xef/0x180
[ 114.576711] perf_trace_run_bpf_submit+0xef/0x180
[ 114.577483] perf_trace_lock+0x337/0x5d0
[ 114.578111] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.578819] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.579528] ? get_futex_key+0x592/0x14a0
[ 114.580172] ? futex_ref_get+0x114/0x300
[ 114.580797] ? futex_hash+0x15c/0x390
[ 114.581382] lock_release+0x1ab/0x290
[ 114.581984] ? futex_hash+0x15c/0x390
[ 114.582566] futex_ref_get+0x119/0x300
[ 114.583162] ? futex_hash+0x15c/0x390
[ 114.583754] futex_hash+0x70/0x390
[ 114.584316] futex_wake+0x143/0x540
[ 114.584886] ? put_pid+0x1f/0x30
[ 114.585420] ? kernel_clone+0x204/0x7f0
[ 114.586042] ? __pfx_futex_wake+0x10/0x10
[ 114.586691] ? __pfx_kernel_clone+0x10/0x10
[ 114.587357] ? perf_trace_lock+0xb5/0x5d0
[ 114.588002] ? __pfx___handle_mm_fault+0x10/0x10
[ 114.588743] do_futex+0x26d/0x370
[ 114.589290] ? __pfx_do_futex+0x10/0x10
[ 114.589921] ? __pfx___do_sys_clone+0x10/0x10
[ 114.590618] ? handle_mm_fault+0x590/0x9b0
[ 114.591276] __x64_sys_futex+0x1c9/0x4d0
[ 114.591905] ? __pfx___x64_sys_futex+0x10/0x10
[ 114.592612] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 114.593411] do_syscall_64+0xbf/0x360
[ 114.594016] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.594808] RIP: 0033:0x7fafc1b96b19
[ 114.595380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 114.598114] RSP: 002b:00007fffda194178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 114.599253] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fafc1b96b19
[ 114.600334] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fafc1ca9f68
[ 114.601403] RBP: 00007fafc1ca9f60 R08: 00007fafbf10c700 R09: 0000000000000000
[ 114.602483] R10: 00007fafbf10c700 R11: 0000000000000246 R12: 00007fafc1cae060
[ 114.603572] R13: 00007fffda194280 R14: 00007fafc1ca9f60 R15: 000000000001bf0c
[ 114.604663]
[ 114.605026] Modules linked in:
[ 114.605540] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 114.606397] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 114.607065] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.607984] Tainted: [D]=DIE, [W]=WARN
[ 114.608282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.608915] RIP: 0010:perf_tp_event+0x175/0xe70
[ 114.609286] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 114.610681] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[ 114.611092] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 114.611639] RDX: ffff888016ee0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 114.612188] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16c38
[ 114.612739] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 114.613285] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000
[ 114.613840] FS: 000055559228b400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 114.614460] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.614911] CR2: 00007f0304f70018 CR3: 00000000437fa000 CR4: 0000000000350ef0
[ 114.615464] Call Trace:
[ 114.615669]
[ 114.615847] ? __pfx_perf_tp_event+0x10/0x10
[ 114.616201] ? lock_is_held_type+0x9e/0x120
[ 114.616543] ? lock_is_held_type+0x9e/0x120
[ 114.616885] ? perf_trace_lock+0xb5/0x5d0
[ 114.617212] ? perf_trace_lock+0xb5/0x5d0
[ 114.617543] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.617903] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.618261] ? check_preempt_wakeup_fair+0x406/0x950
[ 114.618664] ? perf_trace_run_bpf_submit+0xef/0x180
[ 114.619057] perf_trace_run_bpf_submit+0xef/0x180
[ 114.619441] perf_trace_lock+0x337/0x5d0
[ 114.619765] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.620136] ? find_held_lock+0x2b/0x80
[ 114.620459] ? hrtimer_interrupt+0x114/0x830
[ 114.620822] lock_release+0x1ab/0x290
[ 114.621146] ktime_get_update_offsets_now+0xab/0x3c0
[ 114.621585] ? hrtimer_interrupt+0x114/0x830
[ 114.621950] ? __pfx_lapic_next_deadline+0x10/0x10
[ 114.622363] hrtimer_interrupt+0x114/0x830
[ 114.622712] __sysvec_apic_timer_interrupt+0xbb/0x330
[ 114.623143] sysvec_apic_timer_interrupt+0x6b/0x80
[ 114.623545]
[ 114.623736]
[ 114.623924] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 114.624354] RIP: 0010:oops_exit+0x0/0x50
[ 114.624701] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[ 114.626195] RSP: 0018:ffff888045927690 EFLAGS: 00000202
[ 114.626629] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f
[ 114.627213] RDX: ffff888016ee0000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 114.627795] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[ 114.628380] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888045927758
[ 114.628962] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 114.629555] ? add_taint+0x5f/0xd0
[ 114.629863] ? oops_end+0x4a/0xe0
[ 114.630163] oops_end+0x65/0xe0
[ 114.630451] exc_general_protection+0x1a2/0x330
[ 114.630846] asm_exc_general_protection+0x26/0x30
[ 114.631253] RIP: 0010:perf_tp_event+0x175/0xe70
[ 114.631647] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 114.633122] RSP: 0018:ffff888045927800 EFLAGS: 00010212
[ 114.633573] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 114.634153] RDX: ffff888016ee0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 114.634730] RBP: ffff888045927a70 R08: ffff88806cf31340 R09: ffffe8ffffd16c38
[ 114.635312] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 114.635880] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 114.636463] ? perf_tp_event+0x167/0xe70
[ 114.636807] ? arch_scale_cpu_capacity+0x17/0xa0
[ 114.637214] ? __pfx_perf_tp_event+0x10/0x10
[ 114.637588] ? __asan_memset+0x24/0x50
[ 114.637934] ? perf_trace_lock+0xb5/0x5d0
[ 114.638284] ? kvm_sched_clock_read+0x16/0x30
[ 114.638667] ? sched_clock+0x37/0x60
[ 114.638990] ? sched_clock_cpu+0x6c/0x4e0
[ 114.639335] ? lock_is_held_type+0x9e/0x120
[ 114.639695] ? perf_trace_run_bpf_submit+0xef/0x180
[ 114.640121] perf_trace_run_bpf_submit+0xef/0x180
[ 114.640528] perf_trace_lock+0x337/0x5d0
[ 114.640883] ? __pfx_perf_trace_lock+0x10/0x10
[ 114.641260] ? lock_acquire+0x15e/0x2f0
[ 114.641604] ? futex_ref_get+0x48/0x300
[ 114.641937] ? futex_ref_get+0x114/0x300
[ 114.642271] ? futex_hash+0x15c/0x390
[ 114.642592] lock_release+0x1ab/0x290
[ 114.642906] ? futex_hash+0x15c/0x390
[ 114.643223] futex_ref_get+0x119/0x300
[ 114.643549] ? futex_hash+0x15c/0x390
[ 114.643874] futex_hash+0x70/0x390
[ 114.644176] futex_wake+0x143/0x540
[ 114.644487] ? put_pid+0x1f/0x30
[ 114.644769] ? kernel_clone+0x204/0x7f0
[ 114.645093] ? __pfx_futex_wake+0x10/0x10
[ 114.645452] ? __pfx_kernel_clone+0x10/0x10
[ 114.645827] ? perf_trace_lock+0xb5/0x5d0
[ 114.646173] do_futex+0x26d/0x370
[ 114.646476] ? __pfx_do_futex+0x10/0x10
[ 114.646794] ? __pfx___do_sys_clone+0x10/0x10
[ 114.647170] ? find_held_lock+0x2b/0x80
[ 114.647507] __x64_sys_futex+0x1c9/0x4d0
[ 114.647833] ? __pfx___x64_sys_futex+0x10/0x10
[ 114.648211] ? xfd_validate_state+0x55/0x180
[ 114.648575] do_syscall_64+0xbf/0x360
[ 114.648891] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.649329] RIP: 0033:0x7faf59157b19
[ 114.649637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 114.651117] RSP: 002b:00007ffe9bdaeeb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 114.651733] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faf59157b19
[ 114.652292] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faf5926af68
[ 114.652849] RBP: 00007faf5926af60 R08: 00007faf566cd700 R09: 0000000000000000
[ 114.653407] R10: 00007faf566cd700 R11: 0000000000000246 R12: 00007faf5926f060
[ 114.653975] R13: 00007ffe9bdaefc0 R14: 00007faf5926af60 R15: 000000000001bef1
[ 114.654538]
[ 114.654728] Modules linked in:
[ 114.654988] ---[ end trace 0000000000000000 ]---
[ 114.654990] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[ 114.655355] RIP: 0010:perf_tp_event+0x175/0xe70
[ 114.657002] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 114.657362] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 114.658512] CPU: 0 UID: 0 PID: 3970 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.659912] RSP: 0018:ffff888045927800 EFLAGS: 00010212
[ 114.661691] Tainted: [D]=DIE, [W]=WARN
[ 114.662095] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 114.662675] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.663229] RDX: ffff888016ee0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 114.664473] RIP: 0010:perf_tp_event+0x175/0xe70
[ 114.665022] RBP: ffff888045927a70 R08: ffff88806cf31340 R09: ffffe8ffffd16c38
[ 114.665723] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 114.666277] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 114.669030] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 114.669585] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 114.669590]
[ 114.669598] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 114.670002] FS: 000055559228b400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 114.671077] RDX: ffff88801bc60000 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 114.671215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.672269] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16c38
[ 114.672889] CR2: 00007f0304f70018 CR3: 00000000437fa000 CR4: 0000000000350ef0
[ 114.673970] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 114.674427] Kernel panic - not syncing: Fatal exception in interrupt
[ 115.715935] Shutting down cpus with NMI
[ 115.718139] Kernel Offset: disabled
[ 115.718438] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:36:57 Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=ffffea0000dfffb0 RCX=ffffffff819e56f3 RDX=fffff940001bfff7
RSI=ffffffff819e5218 RDI=ffffea0000dfffb0 RBP=ffffea0000dfff80 RSP=ffff8880170576b8
R8 =0000000000000001 R9 =fffff940001bfff6 R10=ffffea0000dfffb3 R11=0000000000000000
R12=0000000000000000 R13=ffffea0000dfff80 R14=ffffea0000dfff80 R15=dffffc0000000000
RIP=ffffffff8173e788 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055556ba27400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f87d79d63a4 CR3=000000003e40a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880459270f0
R8 =0000000000000000 R9 =ffffed10016ce046 R10=0000000000000020 R11=0000000065646f43
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055559228b400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4500000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0304f70018 CR3=00000000437fa000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007faf5923e7c000007faf5923e7c8
XMM02=00007faf5923e7e000007faf5923e7c0 XMM03=00007faf5923e7c800007faf5923e7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000