Warning: Permanently added '[localhost]:13124' (ECDSA) to the list of known hosts.
2025/09/01 08:20:54 fuzzer started
2025/09/01 08:20:54 dialing manager at localhost:35473
syzkaller login: [ 51.607483] cgroup: Unknown subsys name 'net'
[ 51.729083] cgroup: Unknown subsys name 'cpuset'
[ 51.777457] cgroup: Unknown subsys name 'rlimit'
2025/09/01 08:21:05 syscalls: 2214
2025/09/01 08:21:05 code coverage: enabled
2025/09/01 08:21:05 comparison tracing: enabled
2025/09/01 08:21:05 extra coverage: enabled
2025/09/01 08:21:05 setuid sandbox: enabled
2025/09/01 08:21:05 namespace sandbox: enabled
2025/09/01 08:21:05 Android sandbox: enabled
2025/09/01 08:21:05 fault injection: enabled
2025/09/01 08:21:05 leak checking: enabled
2025/09/01 08:21:05 net packet injection: enabled
2025/09/01 08:21:05 net device setup: enabled
2025/09/01 08:21:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 08:21:05 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 08:21:05 USB emulation: enabled
2025/09/01 08:21:05 hci packet injection: enabled
2025/09/01 08:21:05 wifi device emulation: enabled
2025/09/01 08:21:05 802.15.4 emulation: enabled
2025/09/01 08:21:05 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 08:21:05 fetching corpus: 50, signal 28432/31007 (executing program)
2025/09/01 08:21:06 fetching corpus: 100, signal 36474/39810 (executing program)
2025/09/01 08:21:06 fetching corpus: 150, signal 41370/45327 (executing program)
2025/09/01 08:21:06 fetching corpus: 200, signal 49936/53916 (executing program)
2025/09/01 08:21:06 fetching corpus: 250, signal 55079/59148 (executing program)
2025/09/01 08:21:06 fetching corpus: 300, signal 59392/63429 (executing program)
2025/09/01 08:21:06 fetching corpus: 350, signal 65583/69010 (executing program)
2025/09/01 08:21:06 fetching corpus: 400, signal 68295/71595 (executing program)
2025/09/01 08:21:07 fetching corpus: 450, signal 72160/74880 (executing program)
2025/09/01 08:21:07 fetching corpus: 500, signal 74879/77100 (executing program)
2025/09/01 08:21:07 fetching corpus: 550, signal 76942/78776 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/80415 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/80497 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/80575 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/80692 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/80795 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/80914 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81017 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81115 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81234 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81315 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81399 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81496 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81607 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81712 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81829 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/81928 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82040 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82149 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82256 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82370 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82487 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82587 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82684 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82788 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82883 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/82973 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/83082 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/83175 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/83281 (executing program)
2025/09/01 08:21:07 fetching corpus: 572, signal 79120/83281 (executing program)
2025/09/01 08:21:10 starting 8 fuzzer processes
08:21:10 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x68a})
08:21:10 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:10 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}]}, 0x58)
setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f00000001c0)="148ac46e028f79f116680d1e8d164d4a39e6c304", 0xffe8)
08:21:10 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
08:21:10 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:10 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
08:21:10 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_rm_watch(0xffffffffffffffff, 0x0)
[ 66.442358] audit: type=1400 audit(1756714870.252:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 67.742181] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.744610] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.748962] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.752132] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.753913] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.758219] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.761551] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.763917] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.766172] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.769401] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.770809] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.774298] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.776582] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.804810] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.806095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.809011] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.811273] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.816203] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.820318] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.827213] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.861258] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.867633] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.870970] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.872203] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.877025] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.886092] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.887911] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.888265] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.896718] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.898037] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.899837] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.901409] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.909108] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.910770] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.915496] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 67.919369] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 67.926032] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.928171] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.945053] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 67.946529] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 69.832713] Bluetooth: hci1: command tx timeout
[ 69.833349] Bluetooth: hci0: command tx timeout
[ 69.898259] Bluetooth: hci2: command tx timeout
[ 69.898867] Bluetooth: hci3: command tx timeout
[ 69.958731] Bluetooth: hci5: command tx timeout
[ 69.959343] Bluetooth: hci4: command tx timeout
[ 70.023849] Bluetooth: hci7: command tx timeout
[ 70.024853] Bluetooth: hci6: command tx timeout
[ 71.879728] Bluetooth: hci0: command tx timeout
[ 71.880195] Bluetooth: hci1: command tx timeout
[ 71.943870] Bluetooth: hci3: command tx timeout
[ 71.944310] Bluetooth: hci2: command tx timeout
[ 72.006797] Bluetooth: hci4: command tx timeout
[ 72.007241] Bluetooth: hci5: command tx timeout
[ 72.071687] Bluetooth: hci6: command tx timeout
[ 72.072139] Bluetooth: hci7: command tx timeout
[ 73.929111] Bluetooth: hci0: command tx timeout
[ 73.929628] Bluetooth: hci1: command tx timeout
[ 73.991859] Bluetooth: hci2: command tx timeout
[ 73.992331] Bluetooth: hci3: command tx timeout
[ 74.054761] Bluetooth: hci5: command tx timeout
[ 74.055257] Bluetooth: hci4: command tx timeout
[ 74.119707] Bluetooth: hci7: command tx timeout
[ 74.120161] Bluetooth: hci6: command tx timeout
[ 75.975770] Bluetooth: hci1: command tx timeout
[ 75.976190] Bluetooth: hci0: command tx timeout
[ 76.038715] Bluetooth: hci3: command tx timeout
[ 76.039135] Bluetooth: hci2: command tx timeout
[ 76.102739] Bluetooth: hci4: command tx timeout
[ 76.103160] Bluetooth: hci5: command tx timeout
[ 76.168698] Bluetooth: hci7: command tx timeout
[ 76.169125] Bluetooth: hci6: command tx timeout
[ 107.725083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.725773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.888028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.889718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
[ 108.776719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.777343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
[ 108.905699] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.906304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:52 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
[ 109.243664] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.244286] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.336020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.336677] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.627700] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 111.012341] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.013220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.088344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.088984] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.150186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.151176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.231705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.232332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.680698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.681304] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.700897] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.701462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.765070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.765842] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.787596] audit: type=1400 audit(1756714915.597:8): avc: denied { open } for pid=3897 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 111.792919] audit: type=1400 audit(1756714915.597:9): avc: denied { kernel } for pid=3897 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 111.835006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.835650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.992869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.993492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.044358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.045005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:21:55 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x68a})
08:21:55 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:55 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_rm_watch(0xffffffffffffffff, 0x0)
08:21:55 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:55 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
08:21:55 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}]}, 0x58)
setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f00000001c0)="148ac46e028f79f116680d1e8d164d4a39e6c304", 0xffe8)
08:21:55 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:55 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
[ 112.230674] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
08:21:56 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_rm_watch(0xffffffffffffffff, 0x0)
08:21:56 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
08:21:56 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:56 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
08:21:56 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x68a})
08:21:56 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:56 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
08:21:56 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:56 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}]}, 0x58)
setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f00000001c0)="148ac46e028f79f116680d1e8d164d4a39e6c304", 0xffe8)
08:21:56 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:56 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
inotify_rm_watch(0xffffffffffffffff, 0x0)
08:21:56 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
[ 112.452567] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 112.453501] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 112.454217] CPU: 1 UID: 0 PID: 3951 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 112.456053] Tainted: [W]=WARN
[ 112.456826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 112.458517] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.459928] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.463570] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 112.464004] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 112.464584] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 112.465163] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 112.465740] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 112.466324] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 112.466882] FS: 00007f51cd53f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 112.467507] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.467959] CR2: 0000000020000000 CR3: 000000004316b000 CR4: 0000000000350ef0
[ 112.468514] Call Trace:
[ 112.468721]
[ 112.468913] ? __pfx_perf_tp_event+0x10/0x10
[ 112.469306] ? perf_trace_run_bpf_submit+0xef/0x180
[ 112.469706] perf_trace_run_bpf_submit+0xef/0x180
[ 112.470099] perf_trace_lock+0x337/0x5d0
[ 112.470438] ? __pfx_perf_trace_lock+0x10/0x10
[ 112.470808] ? lock_acquire+0x15e/0x2f0
[ 112.471130] ? futex_ref_get+0x48/0x300
[ 112.471447] ? futex_ref_get+0x114/0x300
[ 112.471767] ? futex_hash+0x15c/0x390
[ 112.472070] lock_release+0x1ab/0x290
[ 112.472380] ? futex_hash+0x15c/0x390
[ 112.472684] futex_ref_get+0x119/0x300
[ 112.472998] ? futex_hash+0x15c/0x390
[ 112.473300] futex_hash+0x70/0x390
[ 112.473590] futex_wait_setup+0xae/0x550
[ 112.473928] __futex_wait+0x151/0x300
[ 112.474245] ? __pfx___futex_wait+0x10/0x10
[ 112.474596] ? __pfx_futex_wake_mark+0x10/0x10
[ 112.474976] futex_wait+0xde/0x380
[ 112.475267] ? __pfx_futex_wait+0x10/0x10
[ 112.475601] ? perf_trace_lock+0xb5/0x5d0
[ 112.475936] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 112.476351] do_futex+0x2ee/0x370
[ 112.476636] ? __pfx_do_futex+0x10/0x10
[ 112.476957] ? do_raw_spin_lock+0x123/0x260
[ 112.477309] __x64_sys_futex+0x1c9/0x4d0
[ 112.477636] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 112.478051] ? __pfx___x64_sys_futex+0x10/0x10
[ 112.478426] ? kcov_ioctl+0x386/0x6c0
[ 112.478735] ? fput+0x6a/0x100
[ 112.479006] do_syscall_64+0xbf/0x360
[ 112.479315] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.479722] RIP: 0033:0x7f51cffc9b19
[ 112.480019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 112.481500] RSP: 002b:00007f51cd53f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 112.482118] RAX: ffffffffffffffda RBX: 00007f51d00dcf68 RCX: 00007f51cffc9b19
[ 112.482714] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f51d00dcf68
[ 112.483287] RBP: 00007f51d00dcf60 R08: 00007f51cd53f700 R09: 0000000000000000
[ 112.483869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51d00dcf6c
[ 112.484451] R13: 00007ffe579fb73f R14: 00007f51cd53f300 R15: 0000000000022000
[ 112.485033]
[ 112.485227] Modules linked in:
[ 112.485674] ---[ end trace 0000000000000000 ]---
[ 112.486075] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.486478] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.487978] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 112.488422] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 112.489019] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 112.489599] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 112.490221] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 112.490824] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 112.491430] FS: 00007f51cd53f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 112.492130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.492609] CR2: 0000000020000000 CR3: 000000004316b000 CR4: 0000000000350ef0
[ 112.493205] note: syz-executor.3[3951] exited with preempt_count 1
[ 112.493731] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[ 112.494474] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3951, name: syz-executor.3
[ 112.495194] preempt_count: 0, expected: 0
[ 112.495526] RCU nest depth: 2, expected: 0
[ 112.495881] INFO: lockdep is turned off.
[ 112.496207] CPU: 1 UID: 0 PID: 3951 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 112.496226] Tainted: [D]=DIE, [W]=WARN
[ 112.496230] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 112.496237] Call Trace:
[ 112.496241]
[ 112.496245] dump_stack_lvl+0xfa/0x120
[ 112.496265] __might_resched+0x2f3/0x510
[ 112.496279] exit_signals+0x25/0x940
[ 112.496298] do_exit+0x2db/0x2970
[ 112.496312] ? _printk+0xbe/0xf0
[ 112.496326] ? __pfx__printk+0x10/0x10
[ 112.496338] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 112.496350] ? __pfx_do_exit+0x10/0x10
[ 112.496363] ? kcov_ioctl+0x386/0x6c0
[ 112.496378] make_task_dead+0x174/0x3b0
[ 112.496391] ? do_syscall_64+0xbf/0x360
[ 112.496402] rewind_stack_and_make_dead+0x16/0x20
[ 112.496419] RIP: 0033:0x7f51cffc9b19
[ 112.496427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 112.496438] RSP: 002b:00007f51cd53f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 112.496449] RAX: ffffffffffffffda RBX: 00007f51d00dcf68 RCX: 00007f51cffc9b19
[ 112.496457] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f51d00dcf68
[ 112.496464] RBP: 00007f51d00dcf60 R08: 00007f51cd53f700 R09: 0000000000000000
[ 112.496471] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51d00dcf6c
[ 112.496478] R13: 00007ffe579fb73f R14: 00007f51cd53f300 R15: 0000000000022000
[ 112.496489]
[ 112.508296] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
08:21:57 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}]}, 0x58)
setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f00000001c0)="148ac46e028f79f116680d1e8d164d4a39e6c304", 0xffe8)
08:21:57 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:57 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
08:21:57 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:57 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:57 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x68a})
08:21:57 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:57 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
[ 113.374341] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 113.386575] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 113.387489] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 113.388102] CPU: 1 UID: 0 PID: 3961 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 113.389049] Tainted: [D]=DIE, [W]=WARN
[ 113.389362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 113.390017] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.390416] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.391855] RSP: 0018:ffff88804334f800 EFLAGS: 00010212
[ 113.392283] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 113.392854] RDX: ffff8880172d8000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 113.393418] RBP: ffff88804334fa70 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 113.393982] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 113.394554] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 113.395120] FS: 000055558ef81400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 113.395753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.396213] CR2: 000055558ef82c18 CR3: 000000001f976000 CR4: 0000000000350ef0
[ 113.396776] Call Trace:
[ 113.396986]
[ 113.397173] ? arch_scale_cpu_capacity+0x17/0xa0
[ 113.397568] ? __pfx_perf_tp_event+0x10/0x10
[ 113.397929] ? __asan_memset+0x24/0x50
[ 113.398272] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.398644] ? __pfx___mutex_lock+0x10/0x10
[ 113.399005] ? perf_trace_lock+0xb5/0x5d0
[ 113.399346] ? kvm_sched_clock_read+0x16/0x30
[ 113.399714] ? sched_clock+0x37/0x60
[ 113.400025] ? sched_clock_cpu+0x6c/0x4e0
[ 113.400370] ? perf_trace_run_bpf_submit+0xef/0x180
[ 113.400774] perf_trace_run_bpf_submit+0xef/0x180
[ 113.401175] perf_trace_lock+0x337/0x5d0
[ 113.401505] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.401881] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.402261] ? get_futex_key+0x592/0x14a0
[ 113.402597] ? futex_ref_get+0x114/0x300
[ 113.402923] ? futex_hash+0x15c/0x390
[ 113.403234] lock_release+0x1ab/0x290
[ 113.403548] ? futex_hash+0x15c/0x390
[ 113.403858] futex_ref_get+0x119/0x300
[ 113.404172] ? futex_hash+0x15c/0x390
[ 113.404480] futex_hash+0x70/0x390
[ 113.404773] futex_wake+0x143/0x540
[ 113.405075] ? put_pid+0x1f/0x30
[ 113.405352] ? kernel_clone+0x204/0x7f0
[ 113.405676] ? __pfx_futex_wake+0x10/0x10
[ 113.406014] ? __pfx_kernel_clone+0x10/0x10
[ 113.406370] ? perf_trace_lock+0xb5/0x5d0
[ 113.406704] ? __pfx___handle_mm_fault+0x10/0x10
[ 113.407094] do_futex+0x26d/0x370
[ 113.407383] ? __pfx_do_futex+0x10/0x10
[ 113.407709] ? __pfx___do_sys_clone+0x10/0x10
[ 113.408071] ? handle_mm_fault+0x590/0x9b0
[ 113.408418] __x64_sys_futex+0x1c9/0x4d0
[ 113.408754] ? __pfx___x64_sys_futex+0x10/0x10
[ 113.409126] ? xfd_validate_state+0x55/0x180
[ 113.409495] do_syscall_64+0xbf/0x360
[ 113.409806] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.410232] RIP: 0033:0x7fed4008db19
[ 113.410531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 113.411974] RSP: 002b:00007fffb8a422f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 113.412575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fed4008db19
[ 113.413137] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fed401a0f68
[ 113.413706] RBP: 00007fed401a0f60 R08: 00007fed3d603700 R09: 0000000000000000
[ 113.414276] R10: 00007fed3d603700 R11: 0000000000000246 R12: 00007fed401a50b8
[ 113.414840] R13: 00007fffb8a42400 R14: 00007fed401a0f60 R15: 000000000001ba74
[ 113.415417]
[ 113.415608] Modules linked in:
[ 113.415979] ---[ end trace 0000000000000000 ]---
[ 113.416362] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.416759] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.418228] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 113.418669] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 113.419236] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 113.419814] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 113.420382] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 113.420963] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 113.421544] FS: 000055558ef81400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 113.422205] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.422683] CR2: 000055558ef82c18 CR3: 000000001f976000 CR4: 0000000000350ef0
[ 113.423259] note: syz-executor.4[3961] exited with preempt_count 1
[ 113.439676] kmemleak: Found object by alias at 0x607f1a63e5e4
[ 113.439692] CPU: 1 UID: 0 PID: 3966 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 113.439714] Tainted: [D]=DIE, [W]=WARN
[ 113.439718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 113.439725] Call Trace:
[ 113.439729]
[ 113.439733] dump_stack_lvl+0xca/0x120
[ 113.439757] __lookup_object+0x94/0xb0
[ 113.439773] delete_object_full+0x27/0x70
[ 113.439789] free_percpu+0x30/0x1160
[ 113.439806] ? arch_uprobe_clear_state+0x16/0x140
[ 113.439824] futex_hash_free+0x38/0xc0
[ 113.439837] mmput+0x2d3/0x390
[ 113.439855] do_exit+0x79d/0x2970
[ 113.439868] ? signal_wake_up_state+0x85/0x120
[ 113.439883] ? zap_other_threads+0x2b9/0x3a0
[ 113.439898] ? __pfx_do_exit+0x10/0x10
[ 113.439910] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 113.439927] ? lock_release+0x1c7/0x290
[ 113.439941] do_group_exit+0xd3/0x2a0
[ 113.439955] __x64_sys_exit_group+0x3e/0x50
[ 113.439969] x64_sys_call+0x18c5/0x18d0
[ 113.439984] do_syscall_64+0xbf/0x360
[ 113.439996] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.440007] RIP: 0033:0x7f51cffc9b19
[ 113.440016] Code: Unable to access opcode bytes at 0x7f51cffc9aef.
[ 113.440021] RSP: 002b:00007ffe579fb968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 113.440032] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f51cffc9b19
[ 113.440039] RDX: 00007f51cff7c72b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 113.440047] RBP: 0000000000000000 R08: 0000001b2d421914 R09: 0000000000000000
[ 113.440053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 113.440060] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe579fba50
[ 113.440071]
[ 113.440074] kmemleak: Object (percpu) 0x607f1a63e5e0 (size 8):
[ 113.440081] kmemleak: comm "syz-executor.2", pid 3963, jiffies 4294780190
[ 113.440088] kmemleak: min_count = 1
[ 113.440092] kmemleak: count = 0
[ 113.440096] kmemleak: flags = 0x21
[ 113.440099] kmemleak: checksum = 0
[ 113.440103] kmemleak: backtrace:
[ 113.440107] pcpu_alloc_noprof+0x87a/0x1170
[ 113.440122] perf_trace_event_init+0x366/0xa10
[ 113.440137] perf_trace_init+0x1a4/0x2f0
[ 113.440149] perf_tp_event_init+0xa6/0x120
[ 113.440165] perf_try_init_event+0x140/0x9f0
[ 113.440179] perf_event_alloc.part.0+0x118e/0x45f0
[ 113.440196] __do_sys_perf_event_open+0x719/0x2c20
[ 113.440209] do_syscall_64+0xbf/0x360
[ 113.440219] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:21:57 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:21:57 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
08:21:57 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:57 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:57 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0xf0ff1f00000000)
08:21:57 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:21:57 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:22:00 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0xf0ff1f00000000)
08:22:00 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:22:00 executing program 3:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="aa28cb31c92cfa632cf6a0bef0eec1692a62c9cf98562d993eeb6891d2556428caa8ef711486ac77fe6257ee4f953e0a150dee87a5f44dbabf5b880cbf7786f9c1d06e0b4288fbcb6782e1c7f18b1f74190cae37992d50508c4077b13cab9cb759ac4640ea1cc5607d1d647f612b", 0x6e, r0)
keyctl$read(0xb, r1, &(0x7f0000000540)=""/109, 0x6d)
08:22:00 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
08:22:00 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:22:00 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:22:00 executing program 7:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:00 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
[ 116.463442] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 116.465450] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 116.466961] CPU: 0 UID: 0 PID: 4002 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 116.468664] Tainted: [D]=DIE, [W]=WARN
[ 116.469224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 116.470402] RIP: 0010:perf_tp_event+0x175/0xe70
[ 116.471096] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 116.473673] RSP: 0018:ffff888043257780 EFLAGS: 00010012
[ 116.474444] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 116.475464] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 116.476500] RBP: ffff8880432579f0 R08: ffff88806ce31340 R09: ffffe8ffffc165e0
[ 116.477518] R10: 0000000000000000 R11: ffff88801570fc98 R12: dffffc0000000000
[ 116.478535] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 116.479564] FS: 00007f51cd53f700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 116.480712] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 116.481544] CR2: 00007f51d00dd018 CR3: 000000002026f000 CR4: 0000000000350ef0
[ 116.482575] Call Trace:
[ 116.482951]
[ 116.483283] ? lock_acquire+0x18c/0x2f0
[ 116.483874] ? __pfx_perf_tp_event+0x10/0x10
[ 116.484534] ? kernel_text_address+0x5b/0xc0
[ 116.485175] ? __kernel_text_address+0xd/0x40
[ 116.485858] ? unwind_get_return_address+0x59/0xa0
[ 116.486590] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 116.487373] ? arch_stack_walk+0x9c/0xf0
[ 116.487976] ? lock_acquire+0x18c/0x2f0
[ 116.488563] ? lock_acquire+0x18c/0x2f0
[ 116.489160] ? lock_release+0x1c7/0x290
[ 116.489741] ? lock_acquire+0x18c/0x2f0
[ 116.490338] ? lock_acquire+0x18c/0x2f0
[ 116.490921] ? perf_trace_run_bpf_submit+0xef/0x180
[ 116.491649] ? __is_insn_slot_addr+0x140/0x290
[ 116.492328] perf_trace_run_bpf_submit+0xef/0x180
[ 116.493038] perf_trace_preemptirq_template+0x259/0x430
[ 116.493800] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 116.494608] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 116.495450] ? __pfx___resched_curr+0x10/0x10
[ 116.496117] ? check_preempt_wakeup_fair+0x406/0x950
[ 116.496847] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 116.497592] trace_irq_enable.constprop.0+0xa6/0x100
[ 116.498342] trace_hardirqs_on+0x26/0x40
[ 116.498936] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 116.499660] try_to_wake_up+0x8ae/0x11d0
[ 116.500260] ? __pfx_try_to_wake_up+0x10/0x10
[ 116.500927] ? plist_del+0x122/0x270
[ 116.501479] ? __futex_unqueue+0xda/0x1c0
[ 116.502084] wake_up_q+0xa1/0x130
[ 116.502617] futex_wake+0x47e/0x540
[ 116.503163] ? __pfx_futex_wake+0x10/0x10
[ 116.503773] ? __pfx___key_create_or_update+0x10/0x10
[ 116.504535] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 116.505382] ? lock_release+0x1c7/0x290
[ 116.505967] do_futex+0x26d/0x370
[ 116.506502] ? __pfx_do_futex+0x10/0x10
[ 116.507100] ? kasan_quarantine_put+0x84/0x1e0
[ 116.507773] ? kfree+0x281/0x550
[ 116.508312] __x64_sys_futex+0x1c9/0x4d0
[ 116.508911] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 116.509750] ? __pfx___x64_sys_futex+0x10/0x10
[ 116.510471] do_syscall_64+0xbf/0x360
[ 116.511030] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.511776] RIP: 0033:0x7f51cffc9b19
[ 116.512343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 116.514944] RSP: 002b:00007f51cd53f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 116.516048] RAX: ffffffffffffffda RBX: 00007f51d00dcf68 RCX: 00007f51cffc9b19
[ 116.517091] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f51d00dcf6c
[ 116.518123] RBP: 00007f51d00dcf60 R08: 000000000000000e R09: 0000000000000000
[ 116.519155] R10: 00000000241fce27 R11: 0000000000000246 R12: 00007f51d00dcf6c
[ 116.520193] R13: 00007ffe579fb73f R14: 00007f51cd53f300 R15: 0000000000022000
[ 116.521216]
[ 116.521565] Modules linked in:
[ 116.522045] ---[ end trace 0000000000000000 ]---
[ 116.522730] RIP: 0010:perf_tp_event+0x175/0xe70
[ 116.523420] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 116.526010] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 116.526788] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 116.527817] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 116.528838] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 116.529876] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 116.530906] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 116.531927] FS: 00007f51cd53f700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 116.533074] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 116.533924] CR2: 00007f51d00dd018 CR3: 000000002026f000 CR4: 0000000000350ef0
[ 116.534970] note: syz-executor.3[4002] exited with irqs disabled
[ 116.536848] note: syz-executor.3[4002] exited with preempt_count 3
08:22:00 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0xf0ff1f00000000)
08:22:00 executing program 7:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:00 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)
08:22:00 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
08:22:00 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
inotify_init()
syz_open_procfs(0x0, &(0x7f00000004c0)='mountinfo\x00')
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
select(0x40, &(0x7f0000000280), &(0x7f00000002c0)={0x3f}, 0x0, 0x0)
08:22:00 executing program 0:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
08:22:00 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0xf0ff1f00000000)
08:22:00 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:00 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0xf0ff1f00000000)
08:22:00 executing program 7:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:01 executing program 0:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
08:22:01 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
08:22:01 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:01 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
08:22:01 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0xf0ff1f00000000)
08:22:01 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
08:22:01 executing program 7:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:01 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
[ 117.375541] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[ 117.377196] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 117.378320] CPU: 1 UID: 0 PID: 4039 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 117.380052] Tainted: [D]=DIE, [W]=WARN
[ 117.380614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.381807] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.382511] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.385132] RSP: 0018:ffff88804051f780 EFLAGS: 00010012
[ 117.385912] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000ae38000
[ 117.386962] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 117.387993] RBP: ffff88804051f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 117.389018] R10: 0000000000000000 R11: ffff888020245c98 R12: dffffc0000000000
[ 117.390037] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.391074] FS: 00007fed3d603700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 117.392228] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.393062] CR2: 00007fed3d602d58 CR3: 000000001d992000 CR4: 0000000000350ef0
[ 117.394089] Call Trace:
[ 117.394477]
[ 117.394813] ? __mutex_unlock_slowpath+0x157/0x750
[ 117.395545] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 117.396316] ? __pfx_perf_tp_event+0x10/0x10
[ 117.396966] ? lock_acquire+0x18c/0x2f0
[ 117.397547] ? lock_release+0x1c7/0x290
[ 117.398137] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 117.398903] ? lock_acquire+0x18c/0x2f0
[ 117.399488] ? lock_release+0x1c7/0x290
[ 117.400071] ? lock_acquire+0x18c/0x2f0
[ 117.400650] ? lock_acquire+0x18c/0x2f0
[ 117.401243] ? lock_release+0x1c7/0x290
[ 117.401841] ? __is_insn_slot_addr+0x140/0x290
[ 117.402543] ? kernel_text_address+0x5b/0xc0
[ 117.403195] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 117.403981] ? __kernel_text_address+0xd/0x40
[ 117.404641] ? unwind_get_return_address+0x59/0xa0
[ 117.405363] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 117.406142] ? arch_stack_walk+0x9c/0xf0
[ 117.406756] ? perf_trace_run_bpf_submit+0xef/0x180
[ 117.407489] perf_trace_run_bpf_submit+0xef/0x180
[ 117.408197] perf_trace_preemptirq_template+0x259/0x430
[ 117.408960] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 117.409767] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.410610] ? __pfx___resched_curr+0x10/0x10
[ 117.411280] ? check_preempt_wakeup_fair+0x406/0x950
[ 117.412014] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 117.412757] trace_irq_enable.constprop.0+0xa6/0x100
[ 117.413494] trace_hardirqs_on+0x26/0x40
[ 117.414088] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 117.414832] try_to_wake_up+0x8ae/0x11d0
[ 117.415444] ? __pfx_try_to_wake_up+0x10/0x10
[ 117.416119] ? plist_del+0x122/0x270
[ 117.416670] ? __futex_unqueue+0xda/0x1c0
[ 117.417272] wake_up_q+0xa1/0x130
[ 117.417810] futex_wake+0x47e/0x540
[ 117.418374] ? __pfx_futex_wake+0x10/0x10
[ 117.418991] ? kmem_cache_free+0x2a1/0x540
[ 117.419612] ? putname.part.0+0x11b/0x160
[ 117.420222] do_futex+0x26d/0x370
[ 117.420744] ? __pfx_do_futex+0x10/0x10
[ 117.421335] ? count_memcg_events+0x32b/0x420
[ 117.422009] __x64_sys_futex+0x1c9/0x4d0
[ 117.422627] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.423474] ? __x64_sys_openat+0x142/0x200
[ 117.424115] ? __pfx___x64_sys_futex+0x10/0x10
[ 117.424784] do_syscall_64+0xbf/0x360
[ 117.425342] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.426086] RIP: 0033:0x7fed4008db19
[ 117.426646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 117.429191] RSP: 002b:00007fed3d603218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 117.430275] RAX: ffffffffffffffda RBX: 00007fed401a0f68 RCX: 00007fed4008db19
[ 117.431305] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fed401a0f6c
[ 117.432317] RBP: 00007fed401a0f60 R08: 000000000000000e R09: 0000000000000000
[ 117.433328] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fed401a0f6c
[ 117.434349] R13: 00007fffb8a4227f R14: 00007fed3d603300 R15: 0000000000022000
[ 117.435364]
[ 117.435712] Modules linked in:
[ 117.436182] ---[ end trace 0000000000000000 ]---
[ 117.436857] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.437546] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.440151] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 117.440914] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 117.441949] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 117.442973] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 117.443991] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.445018] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.446049] FS: 00007fed3d603700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 117.447202] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.448038] CR2: 00007fed3d602d58 CR3: 000000001d992000 CR4: 0000000000350ef0
[ 117.449059] note: syz-executor.4[4039] exited with irqs disabled
[ 117.450111] note: syz-executor.4[4039] exited with preempt_count 3
08:22:01 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect(r0, &(0x7f0000000600)=@qipcrtr, 0x80)
08:22:01 executing program 0:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
08:22:01 executing program 7:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@mpol={'mpol', 0x3d, {'local'}}}]})
08:22:01 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syncfs(r0)
[ 117.572090] tmpfs: Bad value for 'mpol'
[ 117.575757] tmpfs: Bad value for 'mpol'
08:22:01 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
08:22:01 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
08:22:01 executing program 7:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@mpol={'mpol', 0x3d, {'local'}}}]})
08:22:01 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffe000/0x2000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xa3)
[ 117.669341] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#5] SMP KASAN NOPTI
[ 117.671022] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 117.672294] CPU: 1 UID: 0 PID: 4058 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 117.674026] Tainted: [D]=DIE, [W]=WARN
[ 117.674599] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.675793] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.676505] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.679155] RSP: 0018:ffff888043c07780 EFLAGS: 00010012
[ 117.679939] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 117.680981] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 117.682031] RBP: ffff888043c079f0 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 117.683079] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 117.684113] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.685159] FS: 00007f51cd53f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 117.686334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.687183] CR2: 00007f51d00dd018 CR3: 0000000040a26000 CR4: 0000000000350ef0
[ 117.688207] Call Trace:
[ 117.688587]
[ 117.688923] ? __pfx_perf_tp_event+0x10/0x10
[ 117.689578] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 117.690480] ? lock_release+0x1c7/0x290
[ 117.691064] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 117.691980] ? kvm_sched_clock_read+0x16/0x30
[ 117.692644] ? local_clock_noinstr+0xf/0xc0
[ 117.693281] ? ctx_sched_in+0x134/0x9b0
[ 117.693864] ? __kernel_text_address+0xd/0x40
[ 117.694531] ? css_rstat_updated+0x1b8/0x4d0
[ 117.695184] ? __pfx_css_rstat_updated+0x10/0x10
[ 117.695881] ? perf_trace_run_bpf_submit+0xef/0x180
[ 117.696608] perf_trace_run_bpf_submit+0xef/0x180
[ 117.697315] perf_trace_preemptirq_template+0x259/0x430
[ 117.698080] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.698925] ? check_preempt_wakeup_fair+0x406/0x950
[ 117.699667] ? wakeup_preempt+0x140/0x2a0
[ 117.700271] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 117.701008] trace_irq_enable.constprop.0+0xa6/0x100
[ 117.701738] trace_hardirqs_on+0x26/0x40
[ 117.702336] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 117.703052] try_to_wake_up+0x8ae/0x11d0
[ 117.703655] ? __pfx_try_to_wake_up+0x10/0x10
[ 117.704314] ? plist_del+0x122/0x270
[ 117.704872] ? __futex_unqueue+0xda/0x1c0
[ 117.705480] wake_up_q+0xa1/0x130
[ 117.705999] futex_wake+0x47e/0x540
[ 117.706550] ? __pfx_futex_wake+0x10/0x10
[ 117.707156] ? lock_release+0x1c7/0x290
[ 117.707740] ? lock_release+0x1c7/0x290
[ 117.708321] ? fd_install+0x1f0/0x660
[ 117.708877] do_futex+0x26d/0x370
[ 117.709395] ? __pfx_do_futex+0x10/0x10
[ 117.709976] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 117.710755] ? count_memcg_events+0x32b/0x420
[ 117.711421] __x64_sys_futex+0x1c9/0x4d0
[ 117.712013] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.712855] ? __pfx___x64_sys_futex+0x10/0x10
[ 117.713521] ? xfd_validate_state+0x55/0x180
[ 117.714196] do_syscall_64+0xbf/0x360
[ 117.714771] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.715532] RIP: 0033:0x7f51cffc9b19
[ 117.716084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 117.718735] RSP: 002b:00007f51cd53f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 117.719847] RAX: ffffffffffffffda RBX: 00007f51d00dcf68 RCX: 00007f51cffc9b19
[ 117.720896] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f51d00dcf6c
[ 117.721934] RBP: 00007f51d00dcf60 R08: 000000000000000e R09: 0000000000000000
[ 117.722978] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f51d00dcf6c
[ 117.724019] R13: 00007ffe579fb73f R14: 00007f51cd53f300 R15: 0000000000022000
[ 117.725068]
[ 117.725419] Modules linked in:
[ 117.725899] ---[ end trace 0000000000000000 ]---
[ 117.726606] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.727302] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.729940] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 117.730729] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 117.731769] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 117.732811] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 117.733848] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.734900] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.735940] FS: 00007f51cd53f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 117.737114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.737972] CR2: 00007f51d00dd018 CR3: 0000000040a26000 CR4: 0000000000350ef0
[ 117.739027] note: syz-executor.3[4058] exited with irqs disabled
[ 117.740019] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#6] SMP KASAN NOPTI
[ 117.741649] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 117.742939] CPU: 1 UID: 0 PID: 4058 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 117.744716] Tainted: [D]=DIE, [W]=WARN
[ 117.745295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.746531] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.747248] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.749952] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[ 117.750759] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 117.751827] RDX: ffff8880412e0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 117.752895] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd165e0
[ 117.753962] R10: 0000000000000000 R11: ffff888018978098 R12: dffffc0000000000
[ 117.755029] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[ 117.756095] FS: 00007f51cd53f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 117.757295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.758172] CR2: 00007f51d00dd018 CR3: 0000000040a26000 CR4: 0000000000350ef0
[ 117.759234] Call Trace:
[ 117.759628]
[ 117.759970] ? __pfx_perf_tp_event+0x10/0x10
[ 117.760652] ? enqueue_task_fair+0xded/0x1e00
[ 117.761342] ? do_raw_spin_lock+0x123/0x260
[ 117.762002] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 117.762721] ? lock_acquire+0x18c/0x2f0
[ 117.763335] ? lock_release+0x1c7/0x290
[ 117.763948] ? do_raw_spin_unlock+0x53/0x220
[ 117.764629] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 117.765404] ? try_to_wake_up+0x128/0x11d0
[ 117.766054] ? do_raw_spin_lock+0x123/0x260
[ 117.766721] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 117.767440] ? perf_trace_run_bpf_submit+0xef/0x180
[ 117.768207] perf_trace_run_bpf_submit+0xef/0x180
[ 117.768946] perf_trace_preemptirq_template+0x259/0x430
[ 117.769747] ? read_tsc+0x9/0x20
[ 117.770285] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.771168] ? clockevents_program_event+0x135/0x360
[ 117.771943] ? tick_program_event+0xac/0x140
[ 117.772615] ? handle_softirqs+0x16e/0x770
[ 117.773273] trace_irq_enable.constprop.0+0xa6/0x100
[ 117.774035] trace_hardirqs_on+0x26/0x40
[ 117.774657] handle_softirqs+0x16e/0x770
[ 117.775293] __irq_exit_rcu+0xc4/0x100
[ 117.775902] irq_exit_rcu+0x9/0x20
[ 117.776447] sysvec_apic_timer_interrupt+0x70/0x80
[ 117.777202]
[ 117.777546]
[ 117.777891] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 117.778695] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 117.779412] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[ 117.782105] RSP: 0018:ffff888043c07f28 EFLAGS: 00000246
[ 117.782911] RAX: 0000000000000001 RBX: ffff8880412e0000 RCX: ffffffff817c3ab6
[ 117.783974] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 117.785035] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 117.786101] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff8880412e0000
[ 117.787175] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 117.788243] ? trace_irq_enable.constprop.0+0x26/0x100
[ 117.789034] ? make_task_dead+0x214/0x3b0
[ 117.789667] ? make_task_dead+0x214/0x3b0
[ 117.790304] ? do_syscall_64+0xbf/0x360
[ 117.790913] rewind_stack_and_make_dead+0x16/0x20
[ 117.791656] RIP: 0033:0x7f51cffc9b19
[ 117.792220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 117.794932] RSP: 002b:00007f51cd53f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 117.796063] RAX: ffffffffffffffda RBX: 00007f51d00dcf68 RCX: 00007f51cffc9b19
[ 117.797130] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f51d00dcf6c
[ 117.798197] RBP: 00007f51d00dcf60 R08: 000000000000000e R09: 0000000000000000
[ 117.799261] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f51d00dcf6c
[ 117.800320] R13: 00007ffe579fb73f R14: 00007f51cd53f300 R15: 0000000000022000
[ 117.801391]
[ 117.801748] Modules linked in:
[ 117.802249] ---[ end trace 0000000000000000 ]---
[ 117.802957] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.803695] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.806409] RSP: 0018:ffff88804323f600 EFLAGS: 00010212
[ 117.807207] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000982d000
[ 117.808279] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 117.809343] RBP: ffff88804323f870 R08: ffff88806cf31340 R09: ffffe8ffffd165e0
[ 117.810417] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.811482] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.812549] FS: 00007f51cd53f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 117.813748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.814590] CR2: 00007f51d00dd018 CR3: 0000000040a26000 CR4: 0000000000350ef0
[ 117.815614] Kernel panic - not syncing: Fatal exception in interrupt
[ 117.816709] Kernel Offset: disabled
[ 117.817256] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:21:56 Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff819d01b2 RDX=ffff88804194d280
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000065 RSP=ffff88800ef3f878
R8 =0000000000000000 R9 =fffff940001bb64e R10=0000000000000001 R11=1ffff1100d9c6f7b
R12=0000000000000065 R13=00007f2b31a5a000 R14=ffff88800ef3fce0 R15=80000000376ca007
RIP=ffffffff8173f056 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cc22000 CR3=000000003f6a9000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88804323eef0
R8 =0000000000000000 R9 =ffffed1001498046 R10=0000000000000038 R11=0000000065646f43
R12=0000000000000038 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f51cd53f700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe1900000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000000 CR3=000000004316b000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f51d00b07c000007f51d00b07c8
XMM02=00007f51d00b07e000007f51d00b07c0 XMM03=00007f51d00b07c800007f51d00b07c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000