Warning: Permanently added '[localhost]:8368' (ECDSA) to the list of known hosts.
2025/09/01 09:05:18 fuzzer started
2025/09/01 09:05:19 dialing manager at localhost:35473
syzkaller login: [ 51.357213] cgroup: Unknown subsys name 'net'
[ 51.407738] cgroup: Unknown subsys name 'cpuset'
[ 51.427124] cgroup: Unknown subsys name 'rlimit'
2025/09/01 09:05:30 syscalls: 2214
2025/09/01 09:05:30 code coverage: enabled
2025/09/01 09:05:30 comparison tracing: enabled
2025/09/01 09:05:30 extra coverage: enabled
2025/09/01 09:05:30 setuid sandbox: enabled
2025/09/01 09:05:30 namespace sandbox: enabled
2025/09/01 09:05:30 Android sandbox: enabled
2025/09/01 09:05:30 fault injection: enabled
2025/09/01 09:05:30 leak checking: enabled
2025/09/01 09:05:30 net packet injection: enabled
2025/09/01 09:05:30 net device setup: enabled
2025/09/01 09:05:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 09:05:30 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 09:05:30 USB emulation: enabled
2025/09/01 09:05:30 hci packet injection: enabled
2025/09/01 09:05:30 wifi device emulation: enabled
2025/09/01 09:05:30 802.15.4 emulation: enabled
2025/09/01 09:05:30 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 09:05:30 fetching corpus: 50, signal 22280/25707 (executing program)
2025/09/01 09:05:30 fetching corpus: 100, signal 30780/35579 (executing program)
2025/09/01 09:05:30 fetching corpus: 150, signal 42059/47843 (executing program)
2025/09/01 09:05:31 fetching corpus: 200, signal 49124/55817 (executing program)
2025/09/01 09:05:31 fetching corpus: 250, signal 57345/64631 (executing program)
2025/09/01 09:05:31 fetching corpus: 300, signal 61695/69772 (executing program)
2025/09/01 09:05:31 fetching corpus: 350, signal 67141/75780 (executing program)
2025/09/01 09:05:31 fetching corpus: 400, signal 70896/80118 (executing program)
2025/09/01 09:05:31 fetching corpus: 450, signal 74611/84332 (executing program)
2025/09/01 09:05:31 fetching corpus: 500, signal 77305/87627 (executing program)
2025/09/01 09:05:31 fetching corpus: 550, signal 80100/90903 (executing program)
2025/09/01 09:05:31 fetching corpus: 600, signal 82885/94083 (executing program)
2025/09/01 09:05:32 fetching corpus: 650, signal 84802/96478 (executing program)
2025/09/01 09:05:32 fetching corpus: 700, signal 87149/99178 (executing program)
2025/09/01 09:05:32 fetching corpus: 750, signal 90672/102707 (executing program)
2025/09/01 09:05:32 fetching corpus: 800, signal 93757/105826 (executing program)
2025/09/01 09:05:32 fetching corpus: 850, signal 95144/107533 (executing program)
2025/09/01 09:05:32 fetching corpus: 900, signal 96249/109040 (executing program)
2025/09/01 09:05:32 fetching corpus: 950, signal 97739/110813 (executing program)
2025/09/01 09:05:32 fetching corpus: 1000, signal 99505/112718 (executing program)
2025/09/01 09:05:33 fetching corpus: 1050, signal 100908/114279 (executing program)
2025/09/01 09:05:33 fetching corpus: 1100, signal 102734/116143 (executing program)
2025/09/01 09:05:33 fetching corpus: 1150, signal 105847/118815 (executing program)
2025/09/01 09:05:33 fetching corpus: 1200, signal 107248/120287 (executing program)
2025/09/01 09:05:33 fetching corpus: 1250, signal 108672/121731 (executing program)
2025/09/01 09:05:33 fetching corpus: 1300, signal 110281/123258 (executing program)
2025/09/01 09:05:33 fetching corpus: 1350, signal 111649/124577 (executing program)
2025/09/01 09:05:33 fetching corpus: 1400, signal 112467/125525 (executing program)
2025/09/01 09:05:34 fetching corpus: 1450, signal 114317/127148 (executing program)
2025/09/01 09:05:34 fetching corpus: 1500, signal 115964/128510 (executing program)
2025/09/01 09:05:34 fetching corpus: 1550, signal 117026/129500 (executing program)
2025/09/01 09:05:34 fetching corpus: 1600, signal 118225/130550 (executing program)
2025/09/01 09:05:34 fetching corpus: 1650, signal 118911/131284 (executing program)
2025/09/01 09:05:34 fetching corpus: 1700, signal 119624/132027 (executing program)
2025/09/01 09:05:34 fetching corpus: 1750, signal 121691/133411 (executing program)
2025/09/01 09:05:34 fetching corpus: 1800, signal 122909/134384 (executing program)
2025/09/01 09:05:34 fetching corpus: 1850, signal 123579/135013 (executing program)
2025/09/01 09:05:35 fetching corpus: 1900, signal 124649/135823 (executing program)
2025/09/01 09:05:35 fetching corpus: 1950, signal 125568/136561 (executing program)
2025/09/01 09:05:35 fetching corpus: 2000, signal 126640/137327 (executing program)
2025/09/01 09:05:35 fetching corpus: 2050, signal 127648/138017 (executing program)
2025/09/01 09:05:35 fetching corpus: 2100, signal 128332/138530 (executing program)
2025/09/01 09:05:35 fetching corpus: 2150, signal 129013/139022 (executing program)
2025/09/01 09:05:35 fetching corpus: 2200, signal 129846/139540 (executing program)
2025/09/01 09:05:35 fetching corpus: 2250, signal 130668/140051 (executing program)
2025/09/01 09:05:35 fetching corpus: 2300, signal 131384/140526 (executing program)
2025/09/01 09:05:36 fetching corpus: 2350, signal 132386/141042 (executing program)
2025/09/01 09:05:36 fetching corpus: 2400, signal 133254/141596 (executing program)
2025/09/01 09:05:36 fetching corpus: 2450, signal 133987/141995 (executing program)
2025/09/01 09:05:36 fetching corpus: 2500, signal 134587/142340 (executing program)
2025/09/01 09:05:36 fetching corpus: 2550, signal 135414/142762 (executing program)
2025/09/01 09:05:36 fetching corpus: 2600, signal 136075/143065 (executing program)
2025/09/01 09:05:36 fetching corpus: 2650, signal 136493/143321 (executing program)
2025/09/01 09:05:36 fetching corpus: 2700, signal 136914/143562 (executing program)
2025/09/01 09:05:36 fetching corpus: 2750, signal 137388/143773 (executing program)
2025/09/01 09:05:36 fetching corpus: 2800, signal 137964/143989 (executing program)
2025/09/01 09:05:36 fetching corpus: 2850, signal 140253/144514 (executing program)
2025/09/01 09:05:37 fetching corpus: 2900, signal 140968/144713 (executing program)
2025/09/01 09:05:37 fetching corpus: 2950, signal 141749/144909 (executing program)
2025/09/01 09:05:37 fetching corpus: 3000, signal 142103/145016 (executing program)
2025/09/01 09:05:37 fetching corpus: 3050, signal 142655/145118 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145227 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145261 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145294 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145331 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145368 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145417 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145462 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145496 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145529 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145552 (executing program)
2025/09/01 09:05:37 fetching corpus: 3076, signal 143029/145552 (executing program)
2025/09/01 09:05:39 starting 8 fuzzer processes
09:05:39 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:hald_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x44}}, 0x0)
09:05:39 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x4b62, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
09:05:39 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4)
09:05:40 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
dup(r0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_print_times', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, 0x0, 0x0)
09:05:40 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x21, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2}}}, 0x88)
[ 72.115390] audit: type=1400 audit(1756717540.047:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:05:40 executing program 2:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x4c, 0x12, 0xf}, 0x4c}}, 0x0)
09:05:40 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000280))
09:05:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)={0x2c, 0x2a, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
[ 73.341604] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 73.343915] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 73.346028] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 73.347894] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 73.350841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 73.353768] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 73.356334] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 73.360068] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 73.364787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 73.367184] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 73.488365] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 73.503278] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 73.506963] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 73.526684] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 73.535956] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 73.537497] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 73.541103] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 73.542358] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 73.544895] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 73.550796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 73.552813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 73.558175] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 73.567322] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 73.580874] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 73.587126] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 73.636766] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 73.641995] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 73.646051] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 73.657149] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 73.667426] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 73.668586] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 73.676811] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 73.681939] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 73.703431] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 73.713896] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 73.715794] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 73.720045] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 73.749950] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 73.749973] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 73.753226] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 75.433014] Bluetooth: hci0: command tx timeout
[ 75.433756] Bluetooth: hci1: command tx timeout
[ 75.624625] Bluetooth: hci2: command tx timeout
[ 75.625168] Bluetooth: hci4: command tx timeout
[ 75.688713] Bluetooth: hci3: command tx timeout
[ 75.816685] Bluetooth: hci5: command tx timeout
[ 75.880791] Bluetooth: hci6: command tx timeout
[ 75.881433] Bluetooth: hci7: command tx timeout
[ 77.480612] Bluetooth: hci1: command tx timeout
[ 77.481067] Bluetooth: hci0: command tx timeout
[ 77.673009] Bluetooth: hci4: command tx timeout
[ 77.673447] Bluetooth: hci2: command tx timeout
[ 77.736680] Bluetooth: hci3: command tx timeout
[ 77.864635] Bluetooth: hci5: command tx timeout
[ 77.928763] Bluetooth: hci7: command tx timeout
[ 77.929178] Bluetooth: hci6: command tx timeout
[ 79.528825] Bluetooth: hci0: command tx timeout
[ 79.529743] Bluetooth: hci1: command tx timeout
[ 79.721588] Bluetooth: hci2: command tx timeout
[ 79.722296] Bluetooth: hci4: command tx timeout
[ 79.784711] Bluetooth: hci3: command tx timeout
[ 79.912632] Bluetooth: hci5: command tx timeout
[ 79.976642] Bluetooth: hci7: command tx timeout
[ 79.977336] Bluetooth: hci6: command tx timeout
[ 81.576922] Bluetooth: hci0: command tx timeout
[ 81.577386] Bluetooth: hci1: command tx timeout
[ 81.768653] Bluetooth: hci4: command tx timeout
[ 81.769073] Bluetooth: hci2: command tx timeout
[ 81.833680] Bluetooth: hci3: command tx timeout
[ 81.960596] Bluetooth: hci5: command tx timeout
[ 82.024668] Bluetooth: hci7: command tx timeout
[ 82.025058] Bluetooth: hci6: command tx timeout
[ 109.380158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.380836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.607896] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.608566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.976639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.977959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.279254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.280867] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.642071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.642689] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.734162] audit: type=1400 audit(1756717578.663:8): avc: denied { open } for pid=3733 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 110.739611] audit: type=1400 audit(1756717578.663:9): avc: denied { kernel } for pid=3733 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 110.786522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.787339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.556100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.556763] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.646737] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.647354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.763617] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.764237] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.813919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.814883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.225894] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.226517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.271192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.271859] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.591099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.591873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.622353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.622961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.707654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.708285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.743338] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.744676] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:06:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)={0x2c, 0x2a, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
09:06:20 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x4b62, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
09:06:20 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4)
09:06:20 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
dup(r0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_print_times', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, 0x0, 0x0)
09:06:20 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:hald_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x44}}, 0x0)
09:06:20 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000280))
09:06:20 executing program 2:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x4c, 0x12, 0xf}, 0x4c}}, 0x0)
09:06:20 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x21, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2}}}, 0x88)
09:06:20 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x21, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2}}}, 0x88)
09:06:20 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4)
09:06:20 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:hald_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x44}}, 0x0)
09:06:20 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x4b62, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
09:06:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)={0x2c, 0x2a, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
09:06:20 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
dup(r0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_print_times', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, 0x0, 0x0)
09:06:20 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000280))
09:06:20 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4)
09:06:21 executing program 7:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x21, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2}}}, 0x88)
09:06:21 executing program 2:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x4c, 0x12, 0xf}, 0x4c}}, 0x0)
09:06:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)={0x2c, 0x2a, 0xffffffffffffffff, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
09:06:21 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
dup(r0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_print_times', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, 0x0, 0x0)
09:06:21 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:hald_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x44}}, 0x0)
09:06:21 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000280))
09:06:21 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x4b62, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
09:06:21 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:hald_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x44}}, 0x0)
[ 113.188641] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 113.189570] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 113.190170] CPU: 0 UID: 0 PID: 3936 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 113.191920] Tainted: [W]=WARN
[ 113.192731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 113.194572] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.196039] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.199569] RSP: 0018:ffff888044b57600 EFLAGS: 00010212
[ 113.199996] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004608000
[ 113.200564] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 113.201139] RBP: ffff888044b57870 R08: ffff88806ce31340 R09: ffffe8ffffc09488
[ 113.201713] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 113.202281] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 113.202851] FS: 00007f9e03dcb700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 113.203491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.203959] CR2: 0000001b2d322000 CR3: 0000000009de5000 CR4: 0000000000350ef0
[ 113.204537] Call Trace:
[ 113.204754]
[ 113.204944] ? __pfx_perf_tp_event+0x10/0x10
[ 113.205329] ? perf_trace_run_bpf_submit+0xef/0x180
[ 113.205735] perf_trace_run_bpf_submit+0xef/0x180
[ 113.206130] perf_trace_lock+0x337/0x5d0
[ 113.206471] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.206845] ? lock_acquire+0x15e/0x2f0
[ 113.207169] ? futex_ref_get+0x48/0x300
[ 113.207492] ? futex_ref_get+0x114/0x300
[ 113.207819] ? futex_hash+0x15c/0x390
[ 113.208127] lock_release+0x1ab/0x290
[ 113.208438] ? futex_hash+0x15c/0x390
[ 113.208753] futex_ref_get+0x119/0x300
[ 113.209070] ? futex_hash+0x15c/0x390
[ 113.209381] futex_hash+0x70/0x390
[ 113.209678] futex_wait_setup+0xae/0x550
[ 113.210012] __futex_wait+0x151/0x300
[ 113.210328] ? __pfx___futex_wait+0x10/0x10
[ 113.210684] ? __pfx_futex_wake_mark+0x10/0x10
[ 113.211065] futex_wait+0xde/0x380
[ 113.211363] ? __pfx_futex_wait+0x10/0x10
[ 113.211703] ? perf_trace_lock+0xb5/0x5d0
[ 113.212040] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 113.212466] do_futex+0x2ee/0x370
[ 113.212760] ? __pfx_do_futex+0x10/0x10
[ 113.213085] ? do_raw_spin_lock+0x123/0x260
[ 113.213440] __x64_sys_futex+0x1c9/0x4d0
[ 113.213771] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 113.214192] ? __pfx___x64_sys_futex+0x10/0x10
[ 113.214566] ? kcov_ioctl+0x386/0x6c0
[ 113.214879] ? fput+0x6a/0x100
[ 113.215151] do_syscall_64+0xbf/0x360
[ 113.215461] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.215872] RIP: 0033:0x7f9e06855b19
[ 113.216171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 113.217617] RSP: 002b:00007f9e03dcb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 113.218220] RAX: ffffffffffffffda RBX: 00007f9e06968f68 RCX: 00007f9e06855b19
[ 113.218789] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9e06968f68
[ 113.219356] RBP: 00007f9e06968f60 R08: 00007f9e03dcb700 R09: 0000000000000000
[ 113.219929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e06968f6c
[ 113.220495] R13: 00007ffd1d635d1f R14: 00007f9e03dcb300 R15: 0000000000022000
[ 113.221074]
[ 113.221265] Modules linked in:
[ 113.221532] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 113.222453] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 113.223130] CPU: 1 UID: 0 PID: 3933 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 113.224059] Tainted: [D]=DIE, [W]=WARN
[ 113.224362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 113.225015] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.225398] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.226808] RSP: 0018:ffff88801955f800 EFLAGS: 00010212
[ 113.227225] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 113.227781] RDX: ffff8880175d1b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 113.228336] RBP: ffff88801955fa70 R08: ffff88806cf31340 R09: ffffe8ffffd09488
[ 113.228900] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 113.229455] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[ 113.230014] FS: 000055555c0d7400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 113.230641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.231092] CR2: 000055555c0d8c18 CR3: 00000000442ee000 CR4: 0000000000350ef0
[ 113.231651] Call Trace:
[ 113.231859]
[ 113.232044] ? arch_scale_cpu_capacity+0x17/0xa0
[ 113.232432] ? __pfx_perf_tp_event+0x10/0x10
[ 113.232797] ? __asan_memset+0x24/0x50
[ 113.233122] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.233491] ? __pfx___mutex_lock+0x10/0x10
[ 113.233843] ? perf_trace_lock+0xb5/0x5d0
[ 113.234178] ? kvm_sched_clock_read+0x16/0x30
[ 113.234541] ? sched_clock+0x37/0x60
[ 113.234845] ? sched_clock_cpu+0x6c/0x4e0
[ 113.235181] ? perf_trace_run_bpf_submit+0xef/0x180
[ 113.235578] perf_trace_run_bpf_submit+0xef/0x180
[ 113.235967] perf_trace_lock+0x337/0x5d0
[ 113.236292] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.236668] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.237038] ? get_futex_key+0x592/0x14a0
[ 113.237369] ? futex_ref_get+0x114/0x300
[ 113.237692] ? futex_hash+0x15c/0x390
[ 113.237994] lock_release+0x1ab/0x290
[ 113.238304] ? futex_hash+0x15c/0x390
[ 113.238607] futex_ref_get+0x119/0x300
[ 113.238916] ? futex_hash+0x15c/0x390
[ 113.239218] futex_hash+0x70/0x390
[ 113.239506] futex_wake+0x143/0x540
[ 113.239806] ? put_pid+0x1f/0x30
[ 113.240082] ? kernel_clone+0x204/0x7f0
[ 113.240400] ? __pfx_futex_wake+0x10/0x10
[ 113.240745] ? __pfx_kernel_clone+0x10/0x10
[ 113.241090] ? perf_trace_lock+0xb5/0x5d0
[ 113.241421] ? __pfx___handle_mm_fault+0x10/0x10
[ 113.241806] do_futex+0x26d/0x370
[ 113.242088] ? __pfx_do_futex+0x10/0x10
[ 113.242406] ? __pfx___do_sys_clone+0x10/0x10
[ 113.242767] ? handle_mm_fault+0x590/0x9b0
[ 113.243111] __x64_sys_futex+0x1c9/0x4d0
[ 113.243438] ? __pfx___x64_sys_futex+0x10/0x10
[ 113.243807] ? xfd_validate_state+0x55/0x180
[ 113.244170] do_syscall_64+0xbf/0x360
[ 113.244477] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.244893] RIP: 0033:0x7fb94328ab19
[ 113.245189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 113.246599] RSP: 002b:00007ffc03df6bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 113.247192] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb94328ab19
[ 113.247748] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb94339df68
[ 113.248303] RBP: 00007fb94339df60 R08: 00007fb940800700 R09: 0000000000000000
[ 113.248864] R10: 00007fb940800700 R11: 0000000000000246 R12: 00007fb9433a2060
[ 113.249421] R13: 00007ffc03df6d00 R14: 00007fb94339df60 R15: 000000000001b9bd
[ 113.249982]
[ 113.250170] Modules linked in:
[ 113.250431] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[ 113.251312] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 113.251914] CPU: 0 UID: 0 PID: 3936 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 113.252872] Tainted: [D]=DIE, [W]=WARN
[ 113.253181] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 113.253831] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.254213] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.255657] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 113.256081] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 113.256656] RDX: ffff88800fbcd280 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 113.257225] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc09488
[ 113.257796] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 113.258366] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[ 113.258937] FS: 00007f9e03dcb700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 113.259574] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.260039] CR2: 0000001b2d322000 CR3: 0000000009de5000 CR4: 0000000000350ef0
[ 113.260616] Call Trace:
[ 113.260826]
[ 113.261007] ? __pfx_perf_tp_event+0x10/0x10
[ 113.261370] ? stack_depot_save_flags+0x2c/0xa20
[ 113.261754] ? kasan_save_stack+0x34/0x50
[ 113.262093] ? kasan_save_stack+0x24/0x50
[ 113.262431] ? kasan_save_track+0x14/0x30
[ 113.262765] ? __kasan_save_free_info+0x3a/0x60
[ 113.263140] ? __kasan_slab_free+0x3f/0x50
[ 113.263485] ? kmem_cache_free+0x2a1/0x540
[ 113.263824] ? rcu_core+0x7c8/0x1800
[ 113.264130] ? handle_softirqs+0x1b1/0x770
[ 113.264478] ? __irq_exit_rcu+0xc4/0x100
[ 113.264819] ? irq_exit_rcu+0x9/0x20
[ 113.265119] ? sysvec_apic_timer_interrupt+0x70/0x80
[ 113.265527] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 113.265960] ? unwind_next_frame+0xadb/0x2540
[ 113.266327] ? arch_stack_walk+0x86/0xf0
[ 113.266656] ? stack_trace_save+0x8e/0xc0
[ 113.266990] ? set_track_prepare+0x35/0x70
[ 113.267331] ? __alloc_object+0xf0/0x2c0
[ 113.267665] ? __create_object+0x1d/0x80
[ 113.267992] ? kmem_cache_alloc_noprof+0x414/0x690
[ 113.268383] ? mas_alloc_nodes+0x432/0x8f0
[ 113.268734] ? mas_node_count_gfp+0x106/0x140
[ 113.269100] ? mas_preallocate+0x2af/0x690
[ 113.269439] ? vma_shrink+0x23d/0x740
[ 113.269752] ? relocate_vma_down+0x378/0x4c0
[ 113.270106] ? setup_arg_pages+0x506/0xb90
[ 113.270442] ? load_elf_binary+0xaca/0x4f70
[ 113.270796] ? bprm_execve+0x8d9/0x15a0
[ 113.271112] ? kernel_execve+0x2ff/0x3d0
[ 113.271440] ? lock_is_held_type+0x9e/0x120
[ 113.271792] ? perf_trace_run_bpf_submit+0xef/0x180
[ 113.272194] ? match_held_lock+0xb0/0xd0
[ 113.272521] perf_trace_run_bpf_submit+0xef/0x180
[ 113.272921] perf_trace_lock+0x337/0x5d0
[ 113.273253] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.273626] ? find_held_lock+0x2b/0x80
[ 113.273949] ? hrtimer_interrupt+0x114/0x830
[ 113.274307] lock_release+0x1ab/0x290
[ 113.274619] ktime_get_update_offsets_now+0xab/0x3c0
[ 113.275028] ? hrtimer_interrupt+0x114/0x830
[ 113.275388] hrtimer_interrupt+0x114/0x830
[ 113.275725] ? __local_bh_enable+0x7b/0x90
[ 113.276068] ? handle_softirqs+0x50c/0x770
[ 113.276415] __sysvec_apic_timer_interrupt+0xbb/0x330
[ 113.276839] sysvec_apic_timer_interrupt+0x6b/0x80
[ 113.277239]
[ 113.277425]
[ 113.277613] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 113.278031] RIP: 0010:oops_exit+0x0/0x50
[ 113.278361] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57
[ 113.279798] RSP: 0018:ffff888044b57490 EFLAGS: 00000202
[ 113.280221] RAX: 00000000000261ed RBX: 0000000000000202 RCX: ffffc90004608000
[ 113.280804] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 113.281363] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690
[ 113.281926] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888044b57558
[ 113.282490] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[ 113.283060] ? oops_end+0x4a/0xe0
[ 113.283350] oops_end+0x65/0xe0
[ 113.283625] exc_general_protection+0x1a2/0x330
[ 113.284011] asm_exc_general_protection+0x26/0x30
[ 113.284395] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.284774] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.286208] RSP: 0018:ffff888044b57600 EFLAGS: 00010212
[ 113.286639] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004608000
[ 113.287206] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 113.287760] RBP: ffff888044b57870 R08: ffff88806ce31340 R09: ffffe8ffffc09488
[ 113.288320] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 113.288886] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 113.289452] ? perf_tp_event+0x167/0xe70
[ 113.289781] ? __pfx_perf_tp_event+0x10/0x10
[ 113.290159] ? perf_trace_run_bpf_submit+0xef/0x180
[ 113.290561] perf_trace_run_bpf_submit+0xef/0x180
[ 113.290952] perf_trace_lock+0x337/0x5d0
[ 113.291283] ? __pfx_perf_trace_lock+0x10/0x10
[ 113.291652] ? lock_acquire+0x15e/0x2f0
[ 113.291969] ? futex_ref_get+0x48/0x300
[ 113.292283] ? futex_ref_get+0x114/0x300
[ 113.292614] ? futex_hash+0x15c/0x390
[ 113.292918] lock_release+0x1ab/0x290
[ 113.293226] ? futex_hash+0x15c/0x390
[ 113.293533] futex_ref_get+0x119/0x300
[ 113.293844] ? futex_hash+0x15c/0x390
[ 113.294148] futex_hash+0x70/0x390
[ 113.294433] futex_wait_setup+0xae/0x550
[ 113.294764] __futex_wait+0x151/0x300
[ 113.295076] ? __pfx___futex_wait+0x10/0x10
[ 113.295426] ? __pfx_futex_wake_mark+0x10/0x10
[ 113.295809] futex_wait+0xde/0x380
[ 113.296097] ? __pfx_futex_wait+0x10/0x10
[ 113.296431] ? perf_trace_lock+0xb5/0x5d0
[ 113.296776] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 113.297206] do_futex+0x2ee/0x370
[ 113.297499] ? __pfx_do_futex+0x10/0x10
[ 113.297821] ? do_raw_spin_lock+0x123/0x260
[ 113.298167] __x64_sys_futex+0x1c9/0x4d0
[ 113.298496] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 113.298909] ? __pfx___x64_sys_futex+0x10/0x10
[ 113.299276] ? kcov_ioctl+0x386/0x6c0
[ 113.299581] ? fput+0x6a/0x100
[ 113.299848] do_syscall_64+0xbf/0x360
[ 113.300153] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.300560] RIP: 0033:0x7f9e06855b19
[ 113.300862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 113.302289] RSP: 002b:00007f9e03dcb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 113.302889] RAX: ffffffffffffffda RBX: 00007f9e06968f68 RCX: 00007f9e06855b19
[ 113.303448] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9e06968f68
[ 113.304021] RBP: 00007f9e06968f60 R08: 00007f9e03dcb700 R09: 0000000000000000
[ 113.304601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e06968f6c
[ 113.305164] R13: 00007ffd1d635d1f R14: 00007f9e03dcb300 R15: 0000000000022000
[ 113.305734]
[ 113.305924] Modules linked in:
[ 113.306187] ---[ end trace 0000000000000000 ]---
[ 113.306188] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[ 113.306560] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.307419] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 113.307781] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.308449] CPU: 1 UID: 0 PID: 3933 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 113.309888] RSP: 0018:ffff888044b57600 EFLAGS: 00010212
[ 113.310802] Tainted: [D]=DIE, [W]=WARN
[ 113.311217] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004608000
[ 113.311517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 113.312071] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 113.312718] RIP: 0010:perf_tp_event+0x175/0xe70
[ 113.313273] RBP: ffff888044b57870 R08: ffff88806ce31340 R09: ffffe8ffffc09488
[ 113.313636] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 113.314199] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 113.315601] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[ 113.316158] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 113.316161]
[ 113.316171] FS: 00007f9e03dcb700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 113.316570] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 113.317141] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.317276] RDX: ffff8880175d1b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 113.317904] CR2: 0000001b2d322000 CR3: 0000000009de5000 CR4: 0000000000350ef0
[ 113.318454] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd09488
[ 113.318914] Kernel panic - not syncing: Fatal exception in interrupt
[ 114.360628] Shutting down cpus with NMI
[ 114.362770] Kernel Offset: disabled
[ 114.363061] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:06:21 Registers:
info registers vcpu 0
RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888044b56f58
R8 =0000000000000000 R9 =ffffed10015e9046 R10=0000000000000066 R11=30376578302f4952
R12=0000000000000066 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f9e03dcb700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d322000 CR3=0000000009de5000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f9e0693c7c000007f9e0693c7c8
XMM02=00007f9e0693c7e000007f9e0693c7c0 XMM03=00007f9e0693c7c800007f9e0693c7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609
RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff88801955f5b0
R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620
R12=1ffff110032abeb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88801955f5e8
RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555c0d7400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055555c0d8c18 CR3=00000000442ee000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fb9433717c000007fb9433717c8
XMM02=00007fb9433717e000007fb9433717c0 XMM03=00007fb9433717c800007fb9433717c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000