Warning: Permanently added '[localhost]:15740' (ECDSA) to the list of known hosts.
2025/09/01 08:18:52 fuzzer started
2025/09/01 08:18:53 dialing manager at localhost:35473
syzkaller login: [ 51.599723] cgroup: Unknown subsys name 'net'
[ 51.788461] cgroup: Unknown subsys name 'cpuset'
[ 51.824856] cgroup: Unknown subsys name 'rlimit'
2025/09/01 08:19:04 syscalls: 2214
2025/09/01 08:19:04 code coverage: enabled
2025/09/01 08:19:04 comparison tracing: enabled
2025/09/01 08:19:04 extra coverage: enabled
2025/09/01 08:19:04 setuid sandbox: enabled
2025/09/01 08:19:04 namespace sandbox: enabled
2025/09/01 08:19:04 Android sandbox: enabled
2025/09/01 08:19:04 fault injection: enabled
2025/09/01 08:19:04 leak checking: enabled
2025/09/01 08:19:04 net packet injection: enabled
2025/09/01 08:19:04 net device setup: enabled
2025/09/01 08:19:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 08:19:04 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 08:19:04 USB emulation: enabled
2025/09/01 08:19:04 hci packet injection: enabled
2025/09/01 08:19:04 wifi device emulation: enabled
2025/09/01 08:19:04 802.15.4 emulation: enabled
2025/09/01 08:19:04 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 08:19:04 fetching corpus: 50, signal 22152/25078 (executing program)
2025/09/01 08:19:04 fetching corpus: 100, signal 40128/43186 (executing program)
2025/09/01 08:19:04 fetching corpus: 150, signal 47375/50738 (executing program)
2025/09/01 08:19:04 fetching corpus: 200, signal 52739/56208 (executing program)
2025/09/01 08:19:05 fetching corpus: 250, signal 59133/62367 (executing program)
2025/09/01 08:19:05 fetching corpus: 300, signal 63061/66215 (executing program)
2025/09/01 08:19:05 fetching corpus: 350, signal 67726/70473 (executing program)
2025/09/01 08:19:05 fetching corpus: 400, signal 70391/72920 (executing program)
2025/09/01 08:19:05 fetching corpus: 450, signal 74266/76080 (executing program)
2025/09/01 08:19:05 fetching corpus: 500, signal 77056/78298 (executing program)
2025/09/01 08:19:05 fetching corpus: 526, signal 77677/78854 (executing program)
2025/09/01 08:19:05 fetching corpus: 526, signal 77677/78950 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79052 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79135 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79235 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79338 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79449 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79549 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79648 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79756 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79854 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/79942 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80059 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80164 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80256 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80353 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80456 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80569 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80671 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80771 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80867 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/80970 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81066 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81170 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81278 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81383 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81483 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81565 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81657 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81679 (executing program)
2025/09/01 08:19:06 fetching corpus: 526, signal 77677/81679 (executing program)
2025/09/01 08:19:08 starting 8 fuzzer processes
08:19:08 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/keycreate\x00', 0x2, 0x0)
writev(r0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="87", 0x1}], 0x1)
08:19:08 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCFLSH(r0, 0x5605, 0x0)
08:19:08 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
08:19:08 executing program 1:
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x0, 0x0, 0x0)
08:19:08 executing program 2:
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa)
mlock2(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
fork()
[ 66.233542] audit: type=1400 audit(1756714748.660:7): avc: denied { execmem } for pid=272 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:19:08 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg(r0, &(0x7f00000018c0)=[{{&(0x7f0000000100)=@hci={0x1f, 0x0, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000001540)=[{0x10, 0x1, 0x4f}], 0x10}}], 0x1, 0x0)
08:19:08 executing program 4:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8)
listen(r0, 0xfffffffe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
08:19:08 executing program 5:
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001540)="a8", 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
[ 67.378728] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.382576] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.384695] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.389080] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.393205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.503454] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.513837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.515781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.517683] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.519418] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.521125] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.530112] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.532455] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.539606] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.542709] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.576480] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.587064] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.589770] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.593464] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.602449] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.627330] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.633489] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.640618] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.657985] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.661388] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 67.722830] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.727348] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.729370] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.731450] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.734060] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.737528] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.738704] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.740658] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.746595] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 67.748104] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.750502] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 67.756336] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.784141] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.799249] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.809630] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 69.472728] Bluetooth: hci0: command tx timeout
[ 69.600320] Bluetooth: hci2: command tx timeout
[ 69.600414] Bluetooth: hci1: command tx timeout
[ 69.665915] Bluetooth: hci3: command tx timeout
[ 69.728600] Bluetooth: hci4: command tx timeout
[ 69.792420] Bluetooth: hci6: command tx timeout
[ 69.793335] Bluetooth: hci7: command tx timeout
[ 69.920442] Bluetooth: hci5: command tx timeout
[ 71.520257] Bluetooth: hci0: command tx timeout
[ 71.648512] Bluetooth: hci1: command tx timeout
[ 71.649267] Bluetooth: hci2: command tx timeout
[ 71.712607] Bluetooth: hci3: command tx timeout
[ 71.778035] Bluetooth: hci4: command tx timeout
[ 71.840256] Bluetooth: hci6: command tx timeout
[ 71.840914] Bluetooth: hci7: command tx timeout
[ 71.968238] Bluetooth: hci5: command tx timeout
[ 73.570240] Bluetooth: hci0: command tx timeout
[ 73.696318] Bluetooth: hci1: command tx timeout
[ 73.696357] Bluetooth: hci2: command tx timeout
[ 73.760271] Bluetooth: hci3: command tx timeout
[ 73.826221] Bluetooth: hci4: command tx timeout
[ 73.888281] Bluetooth: hci6: command tx timeout
[ 73.888320] Bluetooth: hci7: command tx timeout
[ 74.017501] Bluetooth: hci5: command tx timeout
[ 75.616361] Bluetooth: hci0: command tx timeout
[ 75.744247] Bluetooth: hci2: command tx timeout
[ 75.745288] Bluetooth: hci1: command tx timeout
[ 75.810221] Bluetooth: hci3: command tx timeout
[ 75.872347] Bluetooth: hci4: command tx timeout
[ 75.936294] Bluetooth: hci6: command tx timeout
[ 75.937307] Bluetooth: hci7: command tx timeout
[ 76.064227] Bluetooth: hci5: command tx timeout
[ 106.484206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.484878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.612556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.613188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.750351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.750968] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.909451] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.910052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.993571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.994218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.106971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.107615] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.230120] audit: type=1400 audit(1756714789.659:8): avc: denied { open } for pid=3838 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.232242] audit: type=1400 audit(1756714789.659:9): avc: denied { kernel } for pid=3838 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
08:19:49 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg(r0, &(0x7f00000018c0)=[{{&(0x7f0000000100)=@hci={0x1f, 0x0, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000001540)=[{0x10, 0x1, 0x4f}], 0x10}}], 0x1, 0x0)
[ 107.306431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.307034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.329936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.330694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:19:49 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
08:19:49 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg(r0, &(0x7f00000018c0)=[{{&(0x7f0000000100)=@hci={0x1f, 0x0, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000001540)=[{0x10, 0x1, 0x4f}], 0x10}}], 0x1, 0x0)
08:19:49 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg(r0, &(0x7f00000018c0)=[{{&(0x7f0000000100)=@hci={0x1f, 0x0, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000001540)=[{0x10, 0x1, 0x4f}], 0x10}}], 0x1, 0x0)
[ 107.431002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.431644] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:19:49 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
08:19:49 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
[ 107.555655] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.556497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:19:50 executing program 4:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8)
listen(r0, 0xfffffffe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
08:19:50 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
[ 107.682196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.682805] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.788227] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.788836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.795401] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.796030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.857311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.857932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.083153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.083871] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.104730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.105350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:19:50 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/keycreate\x00', 0x2, 0x0)
writev(r0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="87", 0x1}], 0x1)
08:19:50 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCFLSH(r0, 0x5605, 0x0)
08:19:50 executing program 2:
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa)
mlock2(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
fork()
08:19:50 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
08:19:50 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000))
08:19:50 executing program 4:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8)
listen(r0, 0xfffffffe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
08:19:50 executing program 5:
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001540)="a8", 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
08:19:50 executing program 1:
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x0, 0x0, 0x0)
08:19:50 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/keycreate\x00', 0x2, 0x0)
writev(r0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="87", 0x1}], 0x1)
08:19:50 executing program 1:
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x0, 0x0, 0x0)
08:19:50 executing program 4:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8)
listen(r0, 0xfffffffe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
08:19:50 executing program 5:
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001540)="a8", 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
08:19:50 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCFLSH(r0, 0x5605, 0x0)
08:19:50 executing program 2:
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa)
mlock2(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
fork()
[ 108.440920] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 108.441845] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 108.442682] CPU: 0 UID: 0 PID: 3931 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 108.447151] Tainted: [W]=WARN
[ 108.447408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.448065] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.448456] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.449904] RSP: 0018:ffff88804532f600 EFLAGS: 00010212
[ 108.450338] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000bff000
[ 108.450904] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 108.451476] RBP: ffff88804532f870 R08: ffff88806ce31340 R09: ffffe8ffffc16040
[ 108.452043] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.452604] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 108.453191] FS: 00007f62603c0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 108.453823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.454289] CR2: 00007f1d2c45b018 CR3: 0000000042dbb000 CR4: 0000000000350ef0
[ 108.454859] Call Trace:
[ 108.455071]
[ 108.455272] ? __pfx_perf_tp_event+0x10/0x10
[ 108.455663] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.456071] perf_trace_run_bpf_submit+0xef/0x180
[ 108.456468] perf_trace_lock+0x337/0x5d0
[ 108.456811] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.457197] ? lock_acquire+0x15e/0x2f0
[ 108.457524] ? futex_ref_get+0x48/0x300
[ 108.457853] ? futex_ref_get+0x114/0x300
[ 108.458183] ? futex_hash+0x15c/0x390
[ 108.458497] lock_release+0x1ab/0x290
[ 108.458817] ? futex_hash+0x15c/0x390
[ 108.459130] futex_ref_get+0x119/0x300
[ 108.459452] ? futex_hash+0x15c/0x390
[ 108.459765] futex_hash+0x70/0x390
[ 108.460061] futex_wait_setup+0xae/0x550
[ 108.460404] __futex_wait+0x151/0x300
[ 108.460722] ? __pfx___futex_wait+0x10/0x10
[ 108.461085] ? __pfx_futex_wake_mark+0x10/0x10
[ 108.461478] futex_wait+0xde/0x380
[ 108.461775] ? __pfx_futex_wait+0x10/0x10
[ 108.462119] ? perf_trace_lock+0xb5/0x5d0
[ 108.462461] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 108.462889] do_futex+0x2ee/0x370
[ 108.463181] ? __pfx_do_futex+0x10/0x10
[ 108.463505] ? do_raw_spin_lock+0x123/0x260
[ 108.463864] __x64_sys_futex+0x1c9/0x4d0
[ 108.464200] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 108.464623] ? __pfx___x64_sys_futex+0x10/0x10
[ 108.464996] ? kcov_ioctl+0x386/0x6c0
[ 108.465321] ? fput+0x6a/0x100
[ 108.465600] do_syscall_64+0xbf/0x360
[ 108.465920] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.466335] RIP: 0033:0x7f6262e4ab19
[ 108.466640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 108.468066] RSP: 002b:00007f62603c0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 108.468751] RAX: ffffffffffffffda RBX: 00007f6262f5df68 RCX: 00007f6262e4ab19
[ 108.469408] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6262f5df68
[ 108.470053] RBP: 00007f6262f5df60 R08: 00007f62603c0700 R09: 0000000000000000
[ 108.470695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6262f5df6c
[ 108.471334] R13: 00007ffc43bd0e8f R14: 00007f62603c0300 R15: 0000000000022000
[ 108.471986]
[ 108.472202] Modules linked in:
[ 108.472513] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 108.473445] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 108.474054] CPU: 1 UID: 0 PID: 3928 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 108.475009] Tainted: [D]=DIE, [W]=WARN
[ 108.475317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.475968] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.476357] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.477813] RSP: 0018:ffff8880453df800 EFLAGS: 00010212
[ 108.478238] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 108.478805] RDX: ffff888016943700 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 108.479371] RBP: ffff8880453dfa70 R08: ffff88806cf31340 R09: ffffe8ffffd16040
[ 108.479940] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 108.480511] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.481087] FS: 0000555563dc2400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 108.481737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.482206] CR2: 00007f209dffc018 CR3: 0000000043f31000 CR4: 0000000000350ef0
[ 108.482776] Call Trace:
[ 108.482985]
[ 108.483175] ? arch_scale_cpu_capacity+0x17/0xa0
[ 108.483571] ? __pfx_perf_tp_event+0x10/0x10
[ 108.483934] ? __asan_memset+0x24/0x50
[ 108.484264] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.484635] ? __pfx___mutex_lock+0x10/0x10
[ 108.484995] ? perf_trace_lock+0xb5/0x5d0
[ 108.485348] ? kvm_sched_clock_read+0x16/0x30
[ 108.485721] ? sched_clock+0x37/0x60
[ 108.486034] ? sched_clock_cpu+0x6c/0x4e0
[ 108.486375] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.486786] perf_trace_run_bpf_submit+0xef/0x180
[ 108.487183] perf_trace_lock+0x337/0x5d0
[ 108.487512] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.487884] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.488264] ? get_futex_key+0x592/0x14a0
[ 108.488607] ? futex_ref_get+0x114/0x300
[ 108.488939] ? futex_hash+0x15c/0x390
[ 108.489256] lock_release+0x1ab/0x290
[ 108.489569] ? futex_hash+0x15c/0x390
[ 108.489881] futex_ref_get+0x119/0x300
[ 108.490194] ? futex_hash+0x15c/0x390
[ 108.490501] futex_hash+0x70/0x390
[ 108.490796] futex_wake+0x143/0x540
[ 108.491094] ? put_pid+0x1f/0x30
[ 108.491377] ? kernel_clone+0x204/0x7f0
[ 108.491703] ? __pfx_futex_wake+0x10/0x10
[ 108.492044] ? __pfx_kernel_clone+0x10/0x10
[ 108.492398] ? perf_trace_lock+0xb5/0x5d0
[ 108.492732] ? __pfx___handle_mm_fault+0x10/0x10
[ 108.493134] do_futex+0x26d/0x370
[ 108.493426] ? __pfx_do_futex+0x10/0x10
[ 108.493750] ? __pfx___do_sys_clone+0x10/0x10
[ 108.494116] ? handle_mm_fault+0x590/0x9b0
[ 108.494465] __x64_sys_futex+0x1c9/0x4d0
[ 108.494797] ? __pfx___x64_sys_futex+0x10/0x10
[ 108.495171] ? xfd_validate_state+0x55/0x180
[ 108.495543] do_syscall_64+0xbf/0x360
[ 108.495860] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.496278] RIP: 0033:0x7f7ff6457b19
[ 108.496576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 108.498023] RSP: 002b:00007ffd7e661248 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 108.498631] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7ff6457b19
[ 108.499199] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7ff656af68
[ 108.499767] RBP: 00007f7ff656af60 R08: 00007f7ff39cd700 R09: 0000000000000000
[ 108.500332] R10: 00007f7ff39cd700 R11: 0000000000000246 R12: 00007f7ff656f0a8
[ 108.500902] R13: 00007ffd7e661350 R14: 00007f7ff656af60 R15: 000000000001a733
[ 108.501479]
[ 108.501671] Modules linked in:
[ 108.501937] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 108.502931] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 108.503706] CPU: 0 UID: 0 PID: 3931 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 108.504765] Tainted: [D]=DIE, [W]=WARN
[ 108.505121] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.505849] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.506278] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.507879] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 108.508354] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 108.508982] RDX: ffff888042bfd280 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 108.509624] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16040
[ 108.510251] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 108.510890] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[ 108.511523] FS: 00007f62603c0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 108.512233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.512749] CR2: 00007f1d2c45b018 CR3: 0000000042dbb000 CR4: 0000000000350ef0
[ 108.513390] Call Trace:
[ 108.513624]
[ 108.513828] ? __pfx_perf_tp_event+0x10/0x10
[ 108.514232] ? __lock_acquire+0xc65/0x1b70
[ 108.514621] ? __lock_acquire+0x694/0x1b70
[ 108.515006] ? lock_acquire+0x15e/0x2f0
[ 108.515374] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.515823] perf_trace_run_bpf_submit+0xef/0x180
[ 108.516268] perf_trace_lock+0x337/0x5d0
[ 108.516636] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.517056] ? find_held_lock+0x2b/0x80
[ 108.517430] ? hrtimer_interrupt+0x114/0x830
[ 108.517834] lock_release+0x1ab/0x290
[ 108.518179] ktime_get_update_offsets_now+0xab/0x3c0
[ 108.518640] ? hrtimer_interrupt+0x114/0x830
[ 108.519036] ? __pfx_lapic_next_deadline+0x10/0x10
[ 108.519486] hrtimer_interrupt+0x114/0x830
[ 108.519869] __sysvec_apic_timer_interrupt+0xbb/0x330
[ 108.520343] sysvec_apic_timer_interrupt+0x6b/0x80
[ 108.520789]
[ 108.520995]
[ 108.521214] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 108.521686] RIP: 0010:oops_exit+0x0/0x50
[ 108.522053] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57
[ 108.523659] RSP: 0018:ffff88804532f490 EFLAGS: 00000202
[ 108.524129] RAX: 0000000000026175 RBX: 0000000000000212 RCX: ffffc90000bff000
[ 108.524762] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 108.525400] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690
[ 108.526030] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804532f558
[ 108.526664] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 108.527299] ? oops_end+0x4a/0xe0
[ 108.527622] oops_end+0x65/0xe0
[ 108.527937] exc_general_protection+0x1a2/0x330
[ 108.528342] asm_exc_general_protection+0x26/0x30
[ 108.528729] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.529118] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.530543] RSP: 0018:ffff88804532f600 EFLAGS: 00010212
[ 108.530966] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000bff000
[ 108.531559] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 108.532120] RBP: ffff88804532f870 R08: ffff88806ce31340 R09: ffffe8ffffc16040
[ 108.532686] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.533260] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 108.533826] ? perf_tp_event+0x167/0xe70
[ 108.534159] ? __pfx_perf_tp_event+0x10/0x10
[ 108.534531] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.534928] perf_trace_run_bpf_submit+0xef/0x180
[ 108.535381] perf_trace_lock+0x337/0x5d0
[ 108.535752] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.536173] ? lock_acquire+0x15e/0x2f0
[ 108.536533] ? futex_ref_get+0x48/0x300
[ 108.536891] ? futex_ref_get+0x114/0x300
[ 108.537265] ? futex_hash+0x15c/0x390
[ 108.537615] lock_release+0x1ab/0x290
[ 108.537968] ? futex_hash+0x15c/0x390
[ 108.538311] futex_ref_get+0x119/0x300
[ 108.538663] ? futex_hash+0x15c/0x390
[ 108.539007] futex_hash+0x70/0x390
[ 108.539334] futex_wait_setup+0xae/0x550
[ 108.539709] __futex_wait+0x151/0x300
[ 108.540065] ? __pfx___futex_wait+0x10/0x10
[ 108.540461] ? __pfx_futex_wake_mark+0x10/0x10
[ 108.540883] futex_wait+0xde/0x380
[ 108.541234] ? __pfx_futex_wait+0x10/0x10
[ 108.541613] ? perf_trace_lock+0xb5/0x5d0
[ 108.541955] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 108.542372] do_futex+0x2ee/0x370
[ 108.542657] ? __pfx_do_futex+0x10/0x10
[ 108.542978] ? do_raw_spin_lock+0x123/0x260
[ 108.543329] __x64_sys_futex+0x1c9/0x4d0
[ 108.543712] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 108.544181] ? __pfx___x64_sys_futex+0x10/0x10
[ 108.544594] ? kcov_ioctl+0x386/0x6c0
[ 108.544941] ? fput+0x6a/0x100
[ 108.545251] do_syscall_64+0xbf/0x360
[ 108.545602] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.546066] RIP: 0033:0x7f6262e4ab19
[ 108.546404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 108.548006] RSP: 002b:00007f62603c0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 108.548681] RAX: ffffffffffffffda RBX: 00007f6262f5df68 RCX: 00007f6262e4ab19
[ 108.549320] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6262f5df68
[ 108.549950] RBP: 00007f6262f5df60 R08: 00007f62603c0700 R09: 0000000000000000
[ 108.550579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6262f5df6c
[ 108.551207] R13: 00007ffc43bd0e8f R14: 00007f62603c0300 R15: 0000000000022000
[ 108.551842]
[ 108.552055] Modules linked in:
[ 108.552329] ---[ end trace 0000000000000000 ]---
[ 108.552330] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[ 108.552710] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.553577] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 108.553942] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.554527] CPU: 1 UID: 0 PID: 3928 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 108.555934] RSP: 0018:ffff88804532f600 EFLAGS: 00010212
[ 108.556859] Tainted: [D]=DIE, [W]=WARN
[ 108.556866] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.557280] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000bff000
[ 108.557580] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.558220] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 108.558771] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.559133] RBP: ffff88804532f870 R08: ffff88806ce31340 R09: ffffe8ffffc16040
[ 108.559687] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[ 108.561097] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.561642]
[ 108.562052] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 108.562606] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 108.562748] FS: 00007f62603c0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 108.563294] RDX: ffff888016943700 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 108.563850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.564466] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16040
[ 108.565021] CR2: 00007f1d2c45b018 CR3: 0000000042dbb000 CR4: 0000000000350ef0
[ 108.565475] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 108.566035] Kernel panic - not syncing: Fatal exception in interrupt
[ 109.610464] Shutting down cpus with NMI
[ 109.612183] Kernel Offset: disabled
[ 109.612490] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:19:51 Registers:
info registers vcpu 0
RAX=0000000000000023 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88804532ef60
R8 =0000000000000000 R9 =ffffed10013f5046 R10=0000000000000023 R11=552030203a555043
R12=0000000000000023 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f62603c0700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2800000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1d2c45b018 CR3=0000000042dbb000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f6262f317c000007f6262f317c8
XMM02=00007f6262f317e000007f6262f317c0 XMM03=00007f6262f317c800007f6262f317c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=fffffbfff0f0f609 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609
RSI=0000000000000004 RDI=ffffffff8787b044 RBP=fffffbfff0f0f608 RSP=ffff8880453df598
R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620
R12=1ffff11008a7beb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff8880453df5e8
RIP=ffffffff81b00907 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555563dc2400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe3d00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f209dffc018 CR3=0000000043f31000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f7ff653e7c000007f7ff653e7c8
XMM02=00007f7ff653e7e000007f7ff653e7c0 XMM03=00007f7ff653e7c800007f7ff653e7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000