Warning: Permanently added '[localhost]:3019' (ECDSA) to the list of known hosts.
2025/09/01 09:42:49 fuzzer started
2025/09/01 09:42:49 dialing manager at localhost:35473
syzkaller login: [ 59.809713] cgroup: Unknown subsys name 'net'
[ 59.877231] cgroup: Unknown subsys name 'cpuset'
[ 59.894213] cgroup: Unknown subsys name 'rlimit'
2025/09/01 09:43:00 syscalls: 2214
2025/09/01 09:43:00 code coverage: enabled
2025/09/01 09:43:00 comparison tracing: enabled
2025/09/01 09:43:00 extra coverage: enabled
2025/09/01 09:43:00 setuid sandbox: enabled
2025/09/01 09:43:00 namespace sandbox: enabled
2025/09/01 09:43:00 Android sandbox: enabled
2025/09/01 09:43:00 fault injection: enabled
2025/09/01 09:43:00 leak checking: enabled
2025/09/01 09:43:00 net packet injection: enabled
2025/09/01 09:43:00 net device setup: enabled
2025/09/01 09:43:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 09:43:00 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 09:43:00 USB emulation: enabled
2025/09/01 09:43:00 hci packet injection: enabled
2025/09/01 09:43:00 wifi device emulation: enabled
2025/09/01 09:43:00 802.15.4 emulation: enabled
2025/09/01 09:43:00 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 09:43:00 fetching corpus: 39, signal 15698/19301 (executing program)
2025/09/01 09:43:01 fetching corpus: 87, signal 33759/38477 (executing program)
2025/09/01 09:43:01 fetching corpus: 137, signal 41500/47366 (executing program)
2025/09/01 09:43:01 fetching corpus: 187, signal 47041/54004 (executing program)
2025/09/01 09:43:01 fetching corpus: 237, signal 54031/61831 (executing program)
2025/09/01 09:43:01 fetching corpus: 287, signal 59916/68518 (executing program)
2025/09/01 09:43:01 fetching corpus: 337, signal 64346/73731 (executing program)
2025/09/01 09:43:01 fetching corpus: 387, signal 69032/79025 (executing program)
2025/09/01 09:43:01 fetching corpus: 437, signal 73049/83592 (executing program)
2025/09/01 09:43:02 fetching corpus: 487, signal 76561/87633 (executing program)
2025/09/01 09:43:02 fetching corpus: 537, signal 78799/90571 (executing program)
2025/09/01 09:43:02 fetching corpus: 587, signal 82098/94284 (executing program)
2025/09/01 09:43:02 fetching corpus: 637, signal 83665/96519 (executing program)
2025/09/01 09:43:02 fetching corpus: 687, signal 86610/99787 (executing program)
2025/09/01 09:43:02 fetching corpus: 737, signal 88514/102188 (executing program)
2025/09/01 09:43:02 fetching corpus: 787, signal 90776/104812 (executing program)
2025/09/01 09:43:02 fetching corpus: 837, signal 92363/106806 (executing program)
2025/09/01 09:43:02 fetching corpus: 887, signal 93646/108580 (executing program)
2025/09/01 09:43:03 fetching corpus: 937, signal 96102/111191 (executing program)
2025/09/01 09:43:03 fetching corpus: 987, signal 97924/113257 (executing program)
2025/09/01 09:43:03 fetching corpus: 1037, signal 99675/115243 (executing program)
2025/09/01 09:43:03 fetching corpus: 1087, signal 101862/117537 (executing program)
2025/09/01 09:43:03 fetching corpus: 1137, signal 103445/119315 (executing program)
2025/09/01 09:43:03 fetching corpus: 1187, signal 104534/120696 (executing program)
2025/09/01 09:43:03 fetching corpus: 1237, signal 106299/122526 (executing program)
2025/09/01 09:43:03 fetching corpus: 1287, signal 107099/123688 (executing program)
2025/09/01 09:43:03 fetching corpus: 1336, signal 108600/125289 (executing program)
2025/09/01 09:43:03 fetching corpus: 1386, signal 109509/126410 (executing program)
2025/09/01 09:43:03 fetching corpus: 1436, signal 111525/128260 (executing program)
2025/09/01 09:43:04 fetching corpus: 1486, signal 112894/129647 (executing program)
2025/09/01 09:43:04 fetching corpus: 1535, signal 113978/130796 (executing program)
2025/09/01 09:43:04 fetching corpus: 1585, signal 114588/131662 (executing program)
2025/09/01 09:43:04 fetching corpus: 1635, signal 115757/132817 (executing program)
2025/09/01 09:43:04 fetching corpus: 1685, signal 116398/133682 (executing program)
2025/09/01 09:43:04 fetching corpus: 1735, signal 117154/134561 (executing program)
2025/09/01 09:43:04 fetching corpus: 1785, signal 118005/135489 (executing program)
2025/09/01 09:43:04 fetching corpus: 1835, signal 118811/136349 (executing program)
2025/09/01 09:43:04 fetching corpus: 1885, signal 119954/137385 (executing program)
2025/09/01 09:43:04 fetching corpus: 1935, signal 120919/138322 (executing program)
2025/09/01 09:43:04 fetching corpus: 1985, signal 121723/139149 (executing program)
2025/09/01 09:43:05 fetching corpus: 2035, signal 122779/140066 (executing program)
2025/09/01 09:43:05 fetching corpus: 2085, signal 123804/140977 (executing program)
2025/09/01 09:43:05 fetching corpus: 2135, signal 124991/141873 (executing program)
2025/09/01 09:43:05 fetching corpus: 2185, signal 125886/142646 (executing program)
2025/09/01 09:43:05 fetching corpus: 2235, signal 126742/143444 (executing program)
2025/09/01 09:43:05 fetching corpus: 2285, signal 127334/144041 (executing program)
2025/09/01 09:43:05 fetching corpus: 2335, signal 128261/144769 (executing program)
2025/09/01 09:43:05 fetching corpus: 2385, signal 128940/145462 (executing program)
2025/09/01 09:43:05 fetching corpus: 2435, signal 130168/146248 (executing program)
2025/09/01 09:43:05 fetching corpus: 2485, signal 130995/146832 (executing program)
2025/09/01 09:43:05 fetching corpus: 2535, signal 131743/147371 (executing program)
2025/09/01 09:43:06 fetching corpus: 2585, signal 132527/147939 (executing program)
2025/09/01 09:43:06 fetching corpus: 2635, signal 133266/148452 (executing program)
2025/09/01 09:43:06 fetching corpus: 2685, signal 134019/148961 (executing program)
2025/09/01 09:43:06 fetching corpus: 2735, signal 135106/149537 (executing program)
2025/09/01 09:43:06 fetching corpus: 2783, signal 135972/150029 (executing program)
2025/09/01 09:43:06 fetching corpus: 2832, signal 136761/150468 (executing program)
2025/09/01 09:43:06 fetching corpus: 2882, signal 137738/150934 (executing program)
2025/09/01 09:43:06 fetching corpus: 2932, signal 138771/151399 (executing program)
2025/09/01 09:43:06 fetching corpus: 2982, signal 139427/151785 (executing program)
2025/09/01 09:43:07 fetching corpus: 3032, signal 140305/152162 (executing program)
2025/09/01 09:43:07 fetching corpus: 3082, signal 142092/152677 (executing program)
2025/09/01 09:43:07 fetching corpus: 3132, signal 142863/153013 (executing program)
2025/09/01 09:43:07 fetching corpus: 3182, signal 143436/153295 (executing program)
2025/09/01 09:43:07 fetching corpus: 3231, signal 144158/153541 (executing program)
2025/09/01 09:43:07 fetching corpus: 3281, signal 144705/153758 (executing program)
2025/09/01 09:43:07 fetching corpus: 3330, signal 145214/153971 (executing program)
2025/09/01 09:43:07 fetching corpus: 3379, signal 145983/154291 (executing program)
2025/09/01 09:43:07 fetching corpus: 3429, signal 146875/154497 (executing program)
2025/09/01 09:43:08 fetching corpus: 3479, signal 147481/154695 (executing program)
2025/09/01 09:43:08 fetching corpus: 3529, signal 147914/154850 (executing program)
2025/09/01 09:43:08 fetching corpus: 3579, signal 148487/154999 (executing program)
2025/09/01 09:43:08 fetching corpus: 3629, signal 149072/155116 (executing program)
2025/09/01 09:43:08 fetching corpus: 3679, signal 149805/155224 (executing program)
2025/09/01 09:43:08 fetching corpus: 3729, signal 150567/155319 (executing program)
2025/09/01 09:43:08 fetching corpus: 3779, signal 150935/155336 (executing program)
2025/09/01 09:43:08 fetching corpus: 3829, signal 151397/155362 (executing program)
2025/09/01 09:43:08 fetching corpus: 3879, signal 152016/155373 (executing program)
2025/09/01 09:43:09 fetching corpus: 3904, signal 152347/155377 (executing program)
2025/09/01 09:43:09 fetching corpus: 3905, signal 152348/155378 (executing program)
2025/09/01 09:43:09 fetching corpus: 3905, signal 152348/155378 (executing program)
2025/09/01 09:43:10 starting 8 fuzzer processes
09:43:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)
09:43:10 executing program 7:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa00}}, 0x14}}, 0x0)
09:43:10 executing program 1:
pipe2$9p(0x0, 0x44000)
09:43:10 executing program 2:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00')
09:43:10 executing program 3:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000040))
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x3305)
open_by_handle_at(r0, 0x0, 0x185602)
09:43:10 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000700), &(0x7f0000000740)='./file0\x00', &(0x7f0000000780), 0x0, &(0x7f00000007c0))
[ 79.573384] audit: type=1400 audit(1756719790.825:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:43:10 executing program 5:
syz_open_dev$usbmon(&(0x7f0000002780), 0x0, 0x0)
09:43:10 executing program 6:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect(r0, &(0x7f00000001c0)=@in={0x2, 0x0, @remote}, 0x80)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
[ 80.787180] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 80.790529] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 80.795954] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 80.805230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 80.811046] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 80.856499] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 80.858500] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 80.866538] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 80.870399] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 80.873837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 80.876095] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 80.878192] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 80.880393] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 80.883883] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 80.883915] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 80.885861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 80.889458] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 80.890200] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 80.894181] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 80.897742] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 80.898159] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 80.901280] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 80.902530] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 80.903865] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 80.908148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 80.909000] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 80.912364] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 80.916991] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 80.926861] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 80.935847] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 80.938995] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 80.946267] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 80.953038] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 80.957110] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 80.958616] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 80.966218] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 80.991009] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 80.992376] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 81.008634] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 81.029066] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 82.880116] Bluetooth: hci0: command tx timeout
[ 82.943824] Bluetooth: hci3: command tx timeout
[ 83.007733] Bluetooth: hci5: command tx timeout
[ 83.007892] Bluetooth: hci1: command tx timeout
[ 83.008342] Bluetooth: hci2: command tx timeout
[ 83.009796] Bluetooth: hci4: command tx timeout
[ 83.072204] Bluetooth: hci7: command tx timeout
[ 83.073144] Bluetooth: hci6: command tx timeout
[ 84.927914] Bluetooth: hci0: command tx timeout
[ 84.991795] Bluetooth: hci3: command tx timeout
[ 85.055816] Bluetooth: hci4: command tx timeout
[ 85.056331] Bluetooth: hci2: command tx timeout
[ 85.057352] Bluetooth: hci1: command tx timeout
[ 85.057880] Bluetooth: hci5: command tx timeout
[ 85.119732] Bluetooth: hci7: command tx timeout
[ 85.120252] Bluetooth: hci6: command tx timeout
[ 86.976682] Bluetooth: hci0: command tx timeout
[ 87.040868] Bluetooth: hci3: command tx timeout
[ 87.103713] Bluetooth: hci2: command tx timeout
[ 87.104111] Bluetooth: hci4: command tx timeout
[ 87.106664] Bluetooth: hci1: command tx timeout
[ 87.107030] Bluetooth: hci5: command tx timeout
[ 87.168723] Bluetooth: hci7: command tx timeout
[ 87.169125] Bluetooth: hci6: command tx timeout
[ 89.023749] Bluetooth: hci0: command tx timeout
[ 89.088710] Bluetooth: hci3: command tx timeout
[ 89.151712] Bluetooth: hci5: command tx timeout
[ 89.152125] Bluetooth: hci1: command tx timeout
[ 89.152501] Bluetooth: hci2: command tx timeout
[ 89.152940] Bluetooth: hci4: command tx timeout
[ 89.217006] Bluetooth: hci6: command tx timeout
[ 89.217442] Bluetooth: hci7: command tx timeout
[ 118.586511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.587848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.776904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.777521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.939288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.940009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.118464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.119115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.271804] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.272422] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:43:50 executing program 5:
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
[ 119.456545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.457933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.639280] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.640991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.759990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.760624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.822730] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.823348] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.915361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.916027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.020568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.021334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.024628] audit: type=1400 audit(1756719831.272:8): avc: denied { open } for pid=3875 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 120.032303] audit: type=1400 audit(1756719831.274:9): avc: denied { kernel } for pid=3875 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 120.058379] 9pnet_fd: p9_fd_create_tcp (3876): problem connecting socket to 127.0.0.1
[ 120.085951] 9pnet_fd: p9_fd_create_tcp (3879): problem connecting socket to 127.0.0.1
[ 120.109728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.110316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.224779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.225832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.235464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.236133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.417418] random: crng reseeded on system resumption
[ 120.423880] Restarting kernel threads ...
[ 120.426884] Done restarting kernel threads.
[ 120.432916] random: crng reseeded on system resumption
[ 120.567701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.568323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.588704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.589300] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:43:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000700), &(0x7f0000000740)='./file0\x00', &(0x7f0000000780), 0x0, &(0x7f00000007c0))
09:43:52 executing program 5:
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
09:43:52 executing program 1:
pipe2$9p(0x0, 0x44000)
09:43:52 executing program 3:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000040))
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x3305)
open_by_handle_at(r0, 0x0, 0x185602)
09:43:52 executing program 7:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa00}}, 0x14}}, 0x0)
09:43:52 executing program 6:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect(r0, &(0x7f00000001c0)=@in={0x2, 0x0, @remote}, 0x80)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
09:43:52 executing program 2:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00')
09:43:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)
[ 120.892249] random: crng reseeded on system resumption
[ 120.900736] 9pnet_fd: p9_fd_create_tcp (3919): problem connecting socket to 127.0.0.1
[ 120.901731] Restarting kernel threads ...
[ 120.902294] Done restarting kernel threads.
09:43:52 executing program 6:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect(r0, &(0x7f00000001c0)=@in={0x2, 0x0, @remote}, 0x80)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
[ 120.951627] kmemleak: Found object by alias at 0x607f1a63e56c
[ 120.951656] CPU: 0 UID: 0 PID: 3923 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 120.951686] Tainted: [W]=WARN
[ 120.951693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 120.951704] Call Trace:
[ 120.951711]
[ 120.951718] dump_stack_lvl+0xca/0x120
[ 120.951756] __lookup_object+0x94/0xb0
[ 120.951784] delete_object_full+0x27/0x70
[ 120.951812] free_percpu+0x30/0x1160
[ 120.951839] ? arch_uprobe_clear_state+0x16/0x140
[ 120.951873] futex_hash_free+0x38/0xc0
[ 120.951896] mmput+0x2d3/0x390
[ 120.951927] do_exit+0x79d/0x2970
[ 120.951957] ? __pfx_do_exit+0x10/0x10
[ 120.951980] ? find_held_lock+0x2b/0x80
[ 120.952010] ? get_signal+0x835/0x2340
[ 120.952043] do_group_exit+0xd3/0x2a0
[ 120.952069] get_signal+0x2315/0x2340
[ 120.952098] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 120.952126] ? __pfx_get_signal+0x10/0x10
[ 120.952154] ? __schedule+0xe91/0x3590
[ 120.952188] arch_do_signal_or_restart+0x80/0x790
[ 120.952217] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 120.952246] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 120.952268] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 120.952289] ? __pfx___x64_sys_futex+0x10/0x10
[ 120.952311] ? selinux_file_fcntl+0x92/0x170
[ 120.952331] ? xfd_validate_state+0x55/0x180
[ 120.952365] exit_to_user_mode_loop+0x8b/0x110
[ 120.952387] do_syscall_64+0x2f7/0x360
[ 120.952408] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.952428] RIP: 0033:0x7f7a6364db19
[ 120.952443] Code: Unable to access opcode bytes at 0x7f7a6364daef.
[ 120.952451] RSP: 002b:00007f7a60bc3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 120.952470] RAX: 0000000000000001 RBX: 00007f7a63760f68 RCX: 00007f7a6364db19
[ 120.952483] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7a63760f6c
[ 120.952495] RBP: 00007f7a63760f60 R08: 000000000000003d R09: 0000000000000000
[ 120.952507] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f7a63760f6c
[ 120.952519] R13: 00007ffdcf7ef52f R14: 00007f7a60bc3300 R15: 0000000000022000
[ 120.952545]
[ 120.952552] kmemleak: Object (percpu) 0x607f1a63e568 (size 8):
[ 120.952563] kmemleak: comm "syz-executor.6", pid 288, jiffies 4294787426
[ 120.952575] kmemleak: min_count = 1
[ 120.952581] kmemleak: count = 0
[ 120.952587] kmemleak: flags = 0x21
[ 120.952593] kmemleak: checksum = 0
[ 120.952600] kmemleak: backtrace:
[ 120.952605] pcpu_alloc_noprof+0x87a/0x1170
[ 120.952631] __alloc_workqueue+0x74b/0x1820
[ 120.952660] alloc_workqueue_noprof+0xc7/0x200
[ 120.952676] ieee80211_register_hw+0x1ec5/0x3e00
[ 120.952696] mac80211_hwsim_new_radio+0x2758/0x4ef0
[ 120.952718] hwsim_new_radio_nl+0xb0d/0x1250
[ 120.952737] genl_family_rcv_msg_doit+0x1fe/0x2f0
[ 120.952757] genl_rcv_msg+0x532/0x7e0
[ 120.952773] netlink_rcv_skb+0x147/0x430
[ 120.952804] genl_rcv+0x28/0x40
[ 120.952820] netlink_unicast+0x5a7/0x870
[ 120.952848] netlink_sendmsg+0x8ac/0xd80
[ 120.952875] __sys_sendto+0x506/0x570
[ 120.952899] __x64_sys_sendto+0xe1/0x1c0
[ 120.952923] do_syscall_64+0xbf/0x360
[ 120.952939] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:43:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)
09:43:52 executing program 7:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa00}}, 0x14}}, 0x0)
09:43:52 executing program 5:
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
09:43:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000700), &(0x7f0000000740)='./file0\x00', &(0x7f0000000780), 0x0, &(0x7f00000007c0))
09:43:52 executing program 1:
pipe2$9p(0x0, 0x44000)
09:43:52 executing program 3:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000040))
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x3305)
open_by_handle_at(r0, 0x0, 0x185602)
09:43:52 executing program 6:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect(r0, &(0x7f00000001c0)=@in={0x2, 0x0, @remote}, 0x80)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
09:43:52 executing program 2:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00')
[ 121.119520] random: crng reseeded on system resumption
[ 121.135752] Restarting kernel threads ...
[ 121.136388] Done restarting kernel threads.
[ 121.154159] kmemleak: Found object by alias at 0x607f1a63e56c
[ 121.154182] CPU: 0 UID: 0 PID: 3929 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.154212] Tainted: [W]=WARN
[ 121.154217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.154227] Call Trace:
[ 121.154233]
[ 121.154239] dump_stack_lvl+0xca/0x120
[ 121.154273] __lookup_object+0x94/0xb0
[ 121.154298] delete_object_full+0x27/0x70
[ 121.154322] free_percpu+0x30/0x1160
[ 121.154346] ? arch_uprobe_clear_state+0x16/0x140
[ 121.154376] futex_hash_free+0x38/0xc0
[ 121.154396] mmput+0x2d3/0x390
[ 121.154424] do_exit+0x79d/0x2970
[ 121.154444] ? signal_wake_up_state+0x85/0x120
[ 121.154467] ? zap_other_threads+0x2b9/0x3a0
[ 121.154491] ? __pfx_do_exit+0x10/0x10
[ 121.154510] ? do_group_exit+0x1c3/0x2a0
[ 121.154530] ? lock_release+0xc8/0x290
[ 121.154555] do_group_exit+0xd3/0x2a0
[ 121.154577] __x64_sys_exit_group+0x3e/0x50
[ 121.154598] x64_sys_call+0x18c5/0x18d0
[ 121.154621] do_syscall_64+0xbf/0x360
[ 121.154647] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.154664] RIP: 0033:0x7f7a6364db19
[ 121.154676] Code: Unable to access opcode bytes at 0x7f7a6364daef.
[ 121.154684] RSP: 002b:00007ffdcf7ef758 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 121.154701] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f7a6364db19
[ 121.154712] RDX: 00007f7a6360072b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 121.154723] RBP: 0000000000000000 R08: 0000001b2cf24664 R09: 0000000000000000
[ 121.154733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 121.154743] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffdcf7ef840
[ 121.154765]
[ 121.154770] kmemleak: Object (percpu) 0x607f1a63e560 (size 16):
[ 121.154781] kmemleak: comm "syz-executor.7", pid 284, jiffies 4294787939
[ 121.154791] kmemleak: min_count = 1
[ 121.154797] kmemleak: count = 0
[ 121.154815] kmemleak: flags = 0x21
[ 121.154820] kmemleak: checksum = 0
[ 121.154826] kmemleak: backtrace:
[ 121.154831] pcpu_alloc_noprof+0x87a/0x1170
[ 121.154854] mm_init+0x99b/0x1170
[ 121.154866] copy_process+0x3ab7/0x73c0
[ 121.154881] kernel_clone+0xea/0x7f0
09:43:52 executing program 7:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa00}}, 0x14}}, 0x0)
[ 121.154895] __do_sys_clone+0xce/0x120
[ 121.154911] do_syscall_64+0xbf/0x360
[ 121.154924] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.163269] kmemleak: Found object by alias at 0x607f1a63e564
[ 121.163288] CPU: 1 UID: 0 PID: 3938 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.163308] Tainted: [W]=WARN
[ 121.163312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.163320] Call Trace:
[ 121.163324]
[ 121.163329] dump_stack_lvl+0xca/0x120
[ 121.163364] __lookup_object+0x94/0xb0
[ 121.163384] delete_object_full+0x27/0x70
[ 121.163401] free_percpu+0x30/0x1160
[ 121.163419] ? arch_uprobe_clear_state+0x16/0x140
[ 121.163440] futex_hash_free+0x38/0xc0
[ 121.163457] mmput+0x2d3/0x390
[ 121.163477] do_exit+0x79d/0x2970
[ 121.163491] ? lock_release+0xc8/0x290
[ 121.163509] ? __pfx_do_exit+0x10/0x10
[ 121.163524] ? find_held_lock+0x2b/0x80
[ 121.163546] ? get_signal+0x835/0x2340
[ 121.163567] do_group_exit+0xd3/0x2a0
[ 121.163582] get_signal+0x2315/0x2340
[ 121.163601] ? __fget_files+0x203/0x3b0
[ 121.163617] ? __pfx_get_signal+0x10/0x10
[ 121.163634] ? do_futex+0x135/0x370
[ 121.163648] ? __pfx_do_futex+0x10/0x10
[ 121.163664] arch_do_signal_or_restart+0x80/0x790
[ 121.163682] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 121.163699] ? __x64_sys_futex+0x1c9/0x4d0
[ 121.163712] ? __x64_sys_futex+0x1d2/0x4d0
[ 121.163727] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.163741] ? __pfx___x64_sys_futex+0x10/0x10
[ 121.163755] ? xfd_validate_state+0x55/0x180
[ 121.163777] exit_to_user_mode_loop+0x8b/0x110
[ 121.163791] do_syscall_64+0x2f7/0x360
[ 121.163805] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.163818] RIP: 0033:0x7f927f520b19
[ 121.163827] Code: Unable to access opcode bytes at 0x7f927f520aef.
[ 121.163833] RSP: 002b:00007f927ca96218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 121.163845] RAX: fffffffffffffe00 RBX: 00007f927f633f68 RCX: 00007f927f520b19
[ 121.163853] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f927f633f68
[ 121.163861] RBP: 00007f927f633f60 R08: 0000000000000000 R09: 0000000000000000
[ 121.163868] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f927f633f6c
[ 121.163876] R13: 00007ffcfaedb62f R14: 00007f927ca96300 R15: 0000000000022000
[ 121.163892]
[ 121.163896] kmemleak: Object (percpu) 0x607f1a63e560 (size 16):
[ 121.163903] kmemleak: comm "syz-executor.7", pid 284, jiffies 4294787939
[ 121.163910] kmemleak: min_count = 1
[ 121.163915] kmemleak: count = 0
[ 121.163918] kmemleak: flags = 0x21
[ 121.163922] kmemleak: checksum = 0
[ 121.163926] kmemleak: backtrace:
[ 121.163930] pcpu_alloc_noprof+0x87a/0x1170
[ 121.163946] mm_init+0x99b/0x1170
[ 121.163954] copy_process+0x3ab7/0x73c0
[ 121.163964] kernel_clone+0xea/0x7f0
[ 121.163975] __do_sys_clone+0xce/0x120
[ 121.163985] do_syscall_64+0xbf/0x360
[ 121.163995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.213330] 9pnet_fd: p9_fd_create_tcp (3943): problem connecting socket to 127.0.0.1
[ 121.232511] kmemleak: Found object by alias at 0x607f1a63e568
[ 121.232529] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.232554] Tainted: [W]=WARN
[ 121.232559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.232568] Call Trace:
[ 121.232573]
[ 121.232579] dump_stack_lvl+0xca/0x120
[ 121.232609] __lookup_object+0x94/0xb0
[ 121.232637] delete_object_full+0x27/0x70
[ 121.232660] free_percpu+0x30/0x1160
[ 121.232681] ? arch_uprobe_clear_state+0x16/0x140
[ 121.232708] futex_hash_free+0x38/0xc0
[ 121.232727] mmput+0x2d3/0x390
[ 121.232753] do_exit+0x79d/0x2970
[ 121.232772] ? lock_release+0xc8/0x290
[ 121.232794] ? __pfx_do_exit+0x10/0x10
[ 121.232814] ? find_held_lock+0x2b/0x80
[ 121.232838] ? get_signal+0x835/0x2340
[ 121.232864] do_group_exit+0xd3/0x2a0
[ 121.232885] get_signal+0x2315/0x2340
[ 121.232917] ? __pfx_get_signal+0x10/0x10
[ 121.232940] ? do_futex+0x135/0x370
[ 121.232959] ? __pfx_do_futex+0x10/0x10
[ 121.232976] ? __asan_memset+0x24/0x50
[ 121.232997] arch_do_signal_or_restart+0x80/0x790
[ 121.233021] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 121.233044] ? __x64_sys_futex+0x1c9/0x4d0
[ 121.233061] ? __x64_sys_futex+0x1d2/0x4d0
[ 121.233081] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.233099] ? __pfx___x64_sys_futex+0x10/0x10
[ 121.233117] ? selinux_file_ioctl+0xb9/0x280
[ 121.233138] ? xfd_validate_state+0x55/0x180
[ 121.233166] exit_to_user_mode_loop+0x8b/0x110
[ 121.233184] do_syscall_64+0x2f7/0x360
[ 121.233201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.233218] RIP: 0033:0x7f440402fb19
[ 121.233230] Code: Unable to access opcode bytes at 0x7f440402faef.
[ 121.233237] RSP: 002b:00007f44015a5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 121.233252] RAX: fffffffffffffe00 RBX: 00007f4404142f68 RCX: 00007f440402fb19
[ 121.233263] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4404142f68
[ 121.233272] RBP: 00007f4404142f60 R08: 0000000000000000 R09: 0000000000000000
[ 121.233282] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4404142f6c
[ 121.233291] R13: 00007ffee5697f7f R14: 00007f44015a5300 R15: 0000000000022000
[ 121.233313]
[ 121.233318] kmemleak: Object (percpu) 0x607f1a63e560 (size 16):
[ 121.233327] kmemleak: comm "syz-executor.7", pid 284, jiffies 4294788076
[ 121.233337] kmemleak: min_count = 1
[ 121.233342] kmemleak: count = 0
[ 121.233347] kmemleak: flags = 0x21
[ 121.233352] kmemleak: checksum = 0
[ 121.233357] kmemleak: backtrace:
[ 121.233361] pcpu_alloc_noprof+0x87a/0x1170
[ 121.233383] mm_init+0x99b/0x1170
[ 121.233394] copy_process+0x3ab7/0x73c0
[ 121.233408] kernel_clone+0xea/0x7f0
[ 121.233422] __do_sys_clone+0xce/0x120
[ 121.233436] do_syscall_64+0xbf/0x360
[ 121.233449] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:43:52 executing program 5:
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
syz_open_procfs(0x0, &(0x7f0000000480)='net/sockstat6\x00')
09:43:52 executing program 1:
pipe2$9p(0x0, 0x44000)
09:43:52 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)
09:43:52 executing program 3:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000040))
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x3305)
open_by_handle_at(r0, 0x0, 0x185602)
09:43:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_tcp(&(0x7f0000000700), &(0x7f0000000740)='./file0\x00', &(0x7f0000000780), 0x0, &(0x7f00000007c0))
09:43:52 executing program 2:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00')
09:43:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)
[ 121.357852] random: crng reseeded on system resumption
[ 121.366945] Restarting kernel threads ...
[ 121.367403] Done restarting kernel threads.
[ 121.394131] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 121.395243] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 121.396081] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.398167] Tainted: [W]=WARN
09:43:52 executing program 1:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00')
[ 121.399024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.400881] RIP: 0010:perf_tp_event+0x175/0xe70
[ 121.402505] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 121.405370] kmemleak: Found object by alias at 0x607f1a63e564
[ 121.405394] CPU: 1 UID: 0 PID: 3947 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.405414] Tainted: [W]=WARN
[ 121.405418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.405426] Call Trace:
[ 121.405430]
[ 121.405434] dump_stack_lvl+0xca/0x120
[ 121.405468] __lookup_object+0x94/0xb0
[ 121.405487] delete_object_full+0x27/0x70
[ 121.405503] free_percpu+0x30/0x1160
09:43:52 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)
[ 121.405521] ? arch_uprobe_clear_state+0x16/0x140
[ 121.405540] futex_hash_free+0x38/0xc0
[ 121.405555] mmput+0x2d3/0x390
[ 121.405574] do_exit+0x79d/0x2970
[ 121.405587] ? lock_release+0xc8/0x290
[ 121.405603] ? __pfx_do_exit+0x10/0x10
[ 121.405617] ? find_held_lock+0x2b/0x80
[ 121.405638] ? get_signal+0x835/0x2340
[ 121.405657] do_group_exit+0xd3/0x2a0
[ 121.405671] get_signal+0x2315/0x2340
[ 121.405689] ? __fget_files+0x203/0x3b0
[ 121.405702] ? __pfx_get_signal+0x10/0x10
[ 121.405832] ? do_futex+0x135/0x370
[ 121.405892] ? __pfx_do_futex+0x10/0x10
[ 121.405906] arch_do_signal_or_restart+0x80/0x790
[ 121.405924] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 121.405940] ? __x64_sys_futex+0x1c9/0x4d0
[ 121.405953] ? __x64_sys_futex+0x1d2/0x4d0
[ 121.405967] ? __pfx___x64_sys_futex+0x10/0x10
[ 121.405980] ? xfd_validate_state+0x55/0x180
[ 121.405999] exit_to_user_mode_loop+0x8b/0x110
[ 121.406012] do_syscall_64+0x2f7/0x360
[ 121.406024] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.406037] RIP: 0033:0x7f927f520b19
[ 121.406046] Code: Unable to access opcode bytes at 0x7f927f520aef.
[ 121.406051] RSP: 002b:00007f927ca96218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 121.406064] RAX: fffffffffffffe00 RBX: 00007f927f633f68 RCX: 00007f927f520b19
[ 121.406072] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f927f633f68
[ 121.406079] RBP: 00007f927f633f60 R08: 0000000000000000 R09: 0000000000000000
[ 121.406087] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f927f633f6c
[ 121.406094] R13: 00007ffcfaedb62f R14: 00007f927ca96300 R15: 0000000000022000
[ 121.406105]
[ 121.406109] kmemleak: Object (percpu) 0x607f1a63e560 (size 8):
[ 121.406117] kmemleak: comm "syz-executor.6", pid 3954, jiffies 4294788209
[ 121.406125] kmemleak: min_count = 1
[ 121.406129] kmemleak: count = 0
[ 121.406132] kmemleak: flags = 0x21
[ 121.406137] kmemleak: checksum = 0
[ 121.406140] kmemleak: backtrace:
[ 121.406144] pcpu_alloc_noprof+0x87a/0x1170
[ 121.406160] percpu_ref_init+0x37/0x400
[ 121.406171] blkg_alloc+0xe9/0x7d0
[ 121.406185] blkg_create+0xe08/0x1420
[ 121.406197] bio_associate_blkg_from_css+0xe06/0x1380
[ 121.406212] bio_associate_blkg+0x10e/0x2a0
[ 121.406225] bio_init+0x2dd/0x570
[ 121.406239] bio_alloc_bioset+0x2cf/0x8c0
[ 121.406254] submit_bh_wbc+0x286/0x720
[ 121.406271] ext4_read_bh_nowait+0x156/0x240
[ 121.406285] ext4_read_bh_lock+0xa7/0xd0
[ 121.406296] ext4_block_write_begin+0x9ca/0xcd0
[ 121.406310] ext4_da_write_begin+0x4d5/0xb40
[ 121.406323] generic_perform_write+0x392/0x810
[ 121.406340] ext4_buffered_write_iter+0x11a/0x430
[ 121.406351] ext4_file_write_iter+0xff6/0x1990
[ 121.434449] RSP: 0018:ffff8880165a7780 EFLAGS: 00010012
[ 121.434956] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 121.435618] RDX: ffff88801bf83700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 121.436283] RBP: ffff8880165a79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16568
[ 121.436941] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 121.437603] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 121.438264] FS: 000055556eeb8400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 121.439015] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 121.439564] CR2: 0000001b2cf24000 CR3: 0000000044253000 CR4: 0000000000350ef0
[ 121.440227] Call Trace:
[ 121.440476]
[ 121.440689] ? __ext4_journal_stop+0xe2/0x1f0
[ 121.441117] ? ext4_dirty_inode+0xf1/0x130
[ 121.441519] ? __mark_inode_dirty+0x1b7/0xd00
[ 121.441948] ? do_user_addr_fault+0x4fa/0xeb0
[ 121.442380] ? __pfx_perf_tp_event+0x10/0x10
[ 121.442839] ? lock_acquire+0x15e/0x2f0
[ 121.443230] ? __virt_addr_valid+0x1c6/0x5d0
[ 121.443665] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.444218] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.444769] ? __lock_acquire+0x694/0x1b70
[ 121.445180] ? __lock_acquire+0xc65/0x1b70
[ 121.445587] ? page_ref_add_unless.constprop.0+0x25/0x390
[ 121.446126] ? perf_trace_run_bpf_submit+0xef/0x180
[ 121.446615] ? __lock_acquire+0xc65/0x1b70
[ 121.447017] perf_trace_run_bpf_submit+0xef/0x180
[ 121.447474] perf_trace_preemptirq_template+0x259/0x430
[ 121.447974] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.448515] ? _raw_spin_lock_irqsave+0x53/0x60
[ 121.448958] trace_irq_disable.constprop.0+0xa6/0x100
[ 121.449435] _raw_spin_lock_irqsave+0x53/0x60
[ 121.449865] try_to_wake_up+0xa0/0x11d0
[ 121.450247] ? __pfx_try_to_wake_up+0x10/0x10
[ 121.450671] ? plist_del+0x122/0x270
[ 121.451029] ? find_held_lock+0x2b/0x80
[ 121.451406] ? futex_wake+0x474/0x540
[ 121.451779] wake_up_q+0xa1/0x130
[ 121.452112] futex_wake+0x47e/0x540
[ 121.452464] ? __pfx_futex_wake+0x10/0x10
[ 121.452855] ? __handle_mm_fault+0x753/0x3260
[ 121.453285] ? __lock_acquire+0x694/0x1b70
[ 121.453684] do_futex+0x26d/0x370
[ 121.454015] ? __pfx_do_futex+0x10/0x10
[ 121.454387] ? find_held_lock+0x2b/0x80
[ 121.454766] __x64_sys_futex+0x1c9/0x4d0
[ 121.455152] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.455691] ? __pfx___x64_sys_futex+0x10/0x10
[ 121.456120] do_syscall_64+0xbf/0x360
[ 121.456474] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.456949] RIP: 0033:0x7f7a6364db19
[ 121.457292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 121.458949] RSP: 002b:00007ffdcf7ef5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 121.459643] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7a6364db19
[ 121.460296] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7a63760f68
[ 121.460947] RBP: 00007f7a63760f60 R08: 00007f7a6375d0a0 R09: 0000000000000000
[ 121.461606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a637650e8
[ 121.462265] R13: 00007ffdcf7ef6b0 R14: 00007f7a63760f60 R15: 000000000001d9c0
[ 121.462928]
[ 121.463149] Modules linked in:
[ 121.463451] ---[ end trace 0000000000000000 ]---
[ 121.463885] RIP: 0010:perf_tp_event+0x175/0xe70
[ 121.464323] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 121.465984] RSP: 0018:ffff8880165a7780 EFLAGS: 00010012
[ 121.466470] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 121.467119] RDX: ffff88801bf83700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 121.467762] RBP: ffff8880165a79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16568
[ 121.468406] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 121.469048] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 121.469692] FS: 000055556eeb8400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 121.470421] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 121.470957] CR2: 0000001b2cf24000 CR3: 0000000044253000 CR4: 0000000000350ef0
[ 121.471608] note: syz-executor.2[3958] exited with irqs disabled
[ 121.472214] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 121.473231] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 121.474023] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.475122] Tainted: [D]=DIE, [W]=WARN
[ 121.475476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.476227] RIP: 0010:perf_tp_event+0x175/0xe70
[ 121.476667] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 121.478320] RSP: 0018:ffff88806ce08ac0 EFLAGS: 00010012
[ 121.478804] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 121.479454] RDX: ffff88801bf83700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 121.480100] RBP: ffff88806ce08d30 R08: ffff88806ce313e8 R09: ffffe8ffffc16568
[ 121.480743] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 121.481388] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 121.482031] FS: 000055556eeb8400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 121.482750] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 121.483286] CR2: 0000001b2cf24000 CR3: 0000000044253000 CR4: 0000000000350ef0
[ 121.483932] Call Trace:
[ 121.484171]
[ 121.484376] ? __pfx_perf_tp_event+0x10/0x10
[ 121.484793] ? trace_pelt_se_tp+0xdf/0x130
[ 121.485181] ? __update_load_avg_se+0x428/0xa40
[ 121.485614] ? __cgroup_account_cputime+0x30/0xc0
[ 121.486069] ? trace_pelt_se_tp+0xdf/0x130
[ 121.486459] ? __update_load_avg_se+0x428/0xa40
[ 121.486903] ? asym_cpu_capacity_scan+0x731/0x7b0
[ 121.487350] ? update_load_avg+0x17d/0x1ef0
[ 121.487748] ? place_entity+0x1c/0x410
[ 121.488109] ? check_preempt_wakeup_fair+0x6e/0x950
[ 121.488570] ? lock_release+0x1c7/0x290
[ 121.488939] ? lock_release+0x1c7/0x290
[ 121.489312] ? perf_trace_run_bpf_submit+0xef/0x180
[ 121.489777] perf_trace_run_bpf_submit+0xef/0x180
[ 121.490226] perf_trace_preemptirq_template+0x259/0x430
[ 121.490707] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 121.491235] ? lock_acquire+0x18c/0x2f0
[ 121.491606] ? irqentry_enter+0x2a/0x60
[ 121.491978] trace_irq_disable.constprop.0+0xa6/0x100
[ 121.492441] irqentry_enter+0x2a/0x60
[ 121.492796] common_interrupt+0x1d/0xd0
[ 121.493162] asm_common_interrupt+0x26/0x40
[ 121.493555] RIP: 0010:handle_softirqs+0x174/0x770
[ 121.493998] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f d4 48 06 00 00 e8 72 8f 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d
[ 121.495609] RSP: 0018:ffff88806ce08f78 EFLAGS: 00000246
[ 121.496092] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c3ab6
[ 121.496730] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e
[ 121.497367] RBP: ffff8880165a7e78 R08: 0000000000000000 R09: 0000000000000000
[ 121.498011] R10: ffffffff8643b457 R11: ffff88800cb01898 R12: 0000000000000000
[ 121.498659] R13: 0000000000000000 R14: 0000000000000382 R15: 0000000000000000
[ 121.499306] ? trace_irq_enable.constprop.0+0x26/0x100
[ 121.499778] ? handle_softirqs+0x16e/0x770
[ 121.500173] ? handle_softirqs+0x16e/0x770
[ 121.500568] __irq_exit_rcu+0xc4/0x100
[ 121.500933] irq_exit_rcu+0x9/0x20
[ 121.501258] sysvec_apic_timer_interrupt+0x70/0x80
[ 121.501703]
[ 121.501909]
[ 121.502116] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 121.502584] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 121.503017] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[ 121.504625] RSP: 0018:ffff8880165a7f28 EFLAGS: 00000246
[ 121.505101] RAX: 0000000000000001 RBX: ffff88801bf83700 RCX: ffffffff817c3ab6
[ 121.505734] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 121.506365] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 121.507001] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801bf83700
[ 121.507634] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 121.508273] ? trace_irq_enable.constprop.0+0x26/0x100
[ 121.508746] ? make_task_dead+0x214/0x3b0
[ 121.509130] ? make_task_dead+0x214/0x3b0
[ 121.509511] ? do_syscall_64+0xbf/0x360
[ 121.509868] rewind_stack_and_make_dead+0x16/0x20
[ 121.510312] RIP: 0033:0x7f7a6364db19
[ 121.510644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 121.512226] RSP: 002b:00007ffdcf7ef5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 121.512906] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7a6364db19
[ 121.513527] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7a63760f68
[ 121.514147] RBP: 00007f7a63760f60 R08: 00007f7a6375d0a0 R09: 0000000000000000
[ 121.514766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a637650e8
[ 121.515404] R13: 00007ffdcf7ef6b0 R14: 00007f7a63760f60 R15: 000000000001d9c0
[ 121.516038]
[ 121.516252] Modules linked in:
[ 121.516544] ---[ end trace 0000000000000000 ]---
[ 121.516547] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000031: 0000 [#3] SMP KASAN NOPTI
[ 121.516961] RIP: 0010:perf_tp_event+0x175/0xe70
[ 121.517882] KASAN: null-ptr-deref in range [0x0000000000000188-0x000000000000018f]
[ 121.518285] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 121.518885] CPU: 1 UID: 0 PID: 281 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 121.520466] RSP: 0018:ffff8880165a7780 EFLAGS: 00010012
[ 121.521386] Tainted: [D]=DIE, [W]=WARN
[ 121.521846] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 121.522149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 121.522774] RDX: ffff88801bf83700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 121.523426] RIP: 0010:perf_tp_event+0x175/0xe70
[ 121.524046] RBP: ffff8880165a79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16568
[ 121.524409] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 121.525024] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 121.526439] RSP: 0018:ffff888017fb7600 EFLAGS: 00010013
[ 121.527061] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 121.527478] RAX: 0000000000000031 RBX: ffffffffffffff9f RCX: 0000000000000002
[ 121.528098] FS: 000055556eeb8400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 121.528651] RDX: ffff8880164b9b80 RSI: ffffffff8189a4e7 RDI: 000000000000018f
[ 121.529345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 121.529893] RBP: ffff888017fb7870 R08: ffff88806cf31340 R09: ffffe8ffffd16568
[ 121.530394] CR2: 0000001b2cf24000 CR3: 0000000044253000 CR4: 0000000000350ef0
[ 121.530950] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 121.531568] Kernel panic - not syncing: Fatal exception in interrupt
[ 121.532948] Kernel Offset: disabled
[ 121.533267] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:43:52 Registers:
info registers vcpu 0
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880165a70d8
R8 =0000000000000000 R9 =ffffed10013e4046 R10=0000000000000037 R11=30376578302f4952
R12=0000000000000037 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055556eeb8400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cf24000 CR3=0000000044253000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00ff0000000000000000000000000000 XMM01=0001ff00000000000000000000000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f7a637347c800007f7a637347c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=000000000000004e RCX=ffffffff8168d792 RDX=ffff888016753700
RSI=ffffffff8168d79c RDI=0000000000000006 RBP=ffffffff85357e8a RSP=ffff888045c26f88
R8 =ffff888045c27040 R9 =ffff888045c27160 R10=000000000000005f R11=0000000000000001
R12=000000000000004e R13=000000000000005f R14=dffffc0000000000 R15=ffff888045c27060
RIP=ffffffff8173f6b8 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe6300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc1709b73a4 CR3=000000003de01000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000