Warning: Permanently added '[localhost]:33066' (ECDSA) to the list of known hosts.
2025/08/29 10:52:57 fuzzer started
2025/08/29 10:52:57 dialing manager at localhost:43077
syzkaller login: [ 51.597562] cgroup: Unknown subsys name 'net'
[ 51.673834] cgroup: Unknown subsys name 'cpuset'
[ 51.686973] cgroup: Unknown subsys name 'rlimit'
2025/08/29 10:53:08 syscalls: 2214
2025/08/29 10:53:08 code coverage: enabled
2025/08/29 10:53:08 comparison tracing: enabled
2025/08/29 10:53:08 extra coverage: enabled
2025/08/29 10:53:08 setuid sandbox: enabled
2025/08/29 10:53:08 namespace sandbox: enabled
2025/08/29 10:53:08 Android sandbox: enabled
2025/08/29 10:53:08 fault injection: enabled
2025/08/29 10:53:08 leak checking: enabled
2025/08/29 10:53:08 net packet injection: enabled
2025/08/29 10:53:08 net device setup: enabled
2025/08/29 10:53:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 10:53:08 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 10:53:08 USB emulation: enabled
2025/08/29 10:53:08 hci packet injection: enabled
2025/08/29 10:53:08 wifi device emulation: enabled
2025/08/29 10:53:08 802.15.4 emulation: enabled
2025/08/29 10:53:08 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 10:53:08 fetching corpus: 44, signal 21088/24620 (executing program)
2025/08/29 10:53:09 fetching corpus: 94, signal 28998/34008 (executing program)
2025/08/29 10:53:09 fetching corpus: 144, signal 39075/45313 (executing program)
2025/08/29 10:53:09 fetching corpus: 194, signal 47078/54414 (executing program)
2025/08/29 10:53:09 fetching corpus: 244, signal 54557/62814 (executing program)
2025/08/29 10:53:09 fetching corpus: 294, signal 61892/70981 (executing program)
2025/08/29 10:53:09 fetching corpus: 344, signal 64698/74830 (executing program)
2025/08/29 10:53:09 fetching corpus: 394, signal 70288/81144 (executing program)
2025/08/29 10:53:09 fetching corpus: 444, signal 74260/85875 (executing program)
2025/08/29 10:53:09 fetching corpus: 494, signal 76826/89298 (executing program)
2025/08/29 10:53:09 fetching corpus: 544, signal 79335/92627 (executing program)
2025/08/29 10:53:10 fetching corpus: 594, signal 80926/95106 (executing program)
2025/08/29 10:53:10 fetching corpus: 644, signal 83697/98595 (executing program)
2025/08/29 10:53:10 fetching corpus: 694, signal 85711/101351 (executing program)
2025/08/29 10:53:10 fetching corpus: 744, signal 87634/103956 (executing program)
2025/08/29 10:53:10 fetching corpus: 794, signal 89270/106271 (executing program)
2025/08/29 10:53:10 fetching corpus: 844, signal 91099/108768 (executing program)
2025/08/29 10:53:10 fetching corpus: 894, signal 93110/111356 (executing program)
2025/08/29 10:53:10 fetching corpus: 944, signal 94455/113363 (executing program)
2025/08/29 10:53:10 fetching corpus: 994, signal 95879/115345 (executing program)
2025/08/29 10:53:10 fetching corpus: 1044, signal 97286/117356 (executing program)
2025/08/29 10:53:10 fetching corpus: 1094, signal 98799/119446 (executing program)
2025/08/29 10:53:11 fetching corpus: 1144, signal 100327/121496 (executing program)
2025/08/29 10:53:11 fetching corpus: 1194, signal 102625/124022 (executing program)
2025/08/29 10:53:11 fetching corpus: 1244, signal 103872/125791 (executing program)
2025/08/29 10:53:11 fetching corpus: 1294, signal 105666/127935 (executing program)
2025/08/29 10:53:11 fetching corpus: 1344, signal 106801/129550 (executing program)
2025/08/29 10:53:11 fetching corpus: 1394, signal 108583/131548 (executing program)
2025/08/29 10:53:11 fetching corpus: 1444, signal 110580/133666 (executing program)
2025/08/29 10:53:11 fetching corpus: 1494, signal 111991/135392 (executing program)
2025/08/29 10:53:11 fetching corpus: 1544, signal 113488/137147 (executing program)
2025/08/29 10:53:11 fetching corpus: 1594, signal 114728/138657 (executing program)
2025/08/29 10:53:11 fetching corpus: 1644, signal 115430/139811 (executing program)
2025/08/29 10:53:11 fetching corpus: 1694, signal 116813/141338 (executing program)
2025/08/29 10:53:12 fetching corpus: 1744, signal 117897/142755 (executing program)
2025/08/29 10:53:12 fetching corpus: 1794, signal 118933/144075 (executing program)
2025/08/29 10:53:12 fetching corpus: 1844, signal 119739/145283 (executing program)
2025/08/29 10:53:12 fetching corpus: 1894, signal 120497/146389 (executing program)
2025/08/29 10:53:12 fetching corpus: 1944, signal 121556/147627 (executing program)
2025/08/29 10:53:12 fetching corpus: 1994, signal 122651/148900 (executing program)
2025/08/29 10:53:12 fetching corpus: 2044, signal 123459/149977 (executing program)
2025/08/29 10:53:12 fetching corpus: 2094, signal 125140/151433 (executing program)
2025/08/29 10:53:12 fetching corpus: 2144, signal 125816/152388 (executing program)
2025/08/29 10:53:12 fetching corpus: 2194, signal 126765/153468 (executing program)
2025/08/29 10:53:12 fetching corpus: 2244, signal 127680/154482 (executing program)
2025/08/29 10:53:12 fetching corpus: 2294, signal 128202/155300 (executing program)
2025/08/29 10:53:13 fetching corpus: 2344, signal 129310/156378 (executing program)
2025/08/29 10:53:13 fetching corpus: 2394, signal 129858/157210 (executing program)
2025/08/29 10:53:13 fetching corpus: 2444, signal 130617/158153 (executing program)
2025/08/29 10:53:13 fetching corpus: 2494, signal 131593/159093 (executing program)
2025/08/29 10:53:13 fetching corpus: 2544, signal 132419/159973 (executing program)
2025/08/29 10:53:13 fetching corpus: 2594, signal 133088/160786 (executing program)
2025/08/29 10:53:13 fetching corpus: 2644, signal 133821/161684 (executing program)
2025/08/29 10:53:13 fetching corpus: 2694, signal 134758/162565 (executing program)
2025/08/29 10:53:13 fetching corpus: 2744, signal 135611/163373 (executing program)
2025/08/29 10:53:13 fetching corpus: 2794, signal 136292/164112 (executing program)
2025/08/29 10:53:14 fetching corpus: 2844, signal 137034/164827 (executing program)
2025/08/29 10:53:14 fetching corpus: 2894, signal 137624/165539 (executing program)
2025/08/29 10:53:14 fetching corpus: 2944, signal 138360/166307 (executing program)
2025/08/29 10:53:14 fetching corpus: 2994, signal 138777/166939 (executing program)
2025/08/29 10:53:14 fetching corpus: 3044, signal 139448/167606 (executing program)
2025/08/29 10:53:14 fetching corpus: 3094, signal 140096/168222 (executing program)
2025/08/29 10:53:14 fetching corpus: 3144, signal 141343/169059 (executing program)
2025/08/29 10:53:14 fetching corpus: 3194, signal 142114/169748 (executing program)
2025/08/29 10:53:14 fetching corpus: 3244, signal 142515/170262 (executing program)
2025/08/29 10:53:14 fetching corpus: 3294, signal 143002/170848 (executing program)
2025/08/29 10:53:15 fetching corpus: 3344, signal 144439/171560 (executing program)
2025/08/29 10:53:15 fetching corpus: 3394, signal 146589/172435 (executing program)
2025/08/29 10:53:15 fetching corpus: 3444, signal 147252/172942 (executing program)
2025/08/29 10:53:15 fetching corpus: 3494, signal 147676/173381 (executing program)
2025/08/29 10:53:15 fetching corpus: 3544, signal 148099/173864 (executing program)
2025/08/29 10:53:15 fetching corpus: 3594, signal 148620/174314 (executing program)
2025/08/29 10:53:15 fetching corpus: 3644, signal 149027/174763 (executing program)
2025/08/29 10:53:15 fetching corpus: 3694, signal 149829/175232 (executing program)
2025/08/29 10:53:15 fetching corpus: 3744, signal 150288/175639 (executing program)
2025/08/29 10:53:15 fetching corpus: 3794, signal 150835/176018 (executing program)
2025/08/29 10:53:15 fetching corpus: 3844, signal 151224/176386 (executing program)
2025/08/29 10:53:16 fetching corpus: 3894, signal 151839/176768 (executing program)
2025/08/29 10:53:16 fetching corpus: 3944, signal 152267/177140 (executing program)
2025/08/29 10:53:16 fetching corpus: 3994, signal 152784/177507 (executing program)
2025/08/29 10:53:16 fetching corpus: 4044, signal 153576/177886 (executing program)
2025/08/29 10:53:16 fetching corpus: 4094, signal 154223/178244 (executing program)
2025/08/29 10:53:16 fetching corpus: 4144, signal 154755/178541 (executing program)
2025/08/29 10:53:16 fetching corpus: 4194, signal 155349/178873 (executing program)
2025/08/29 10:53:16 fetching corpus: 4244, signal 155770/179156 (executing program)
2025/08/29 10:53:16 fetching corpus: 4294, signal 156526/179438 (executing program)
2025/08/29 10:53:16 fetching corpus: 4344, signal 156867/179483 (executing program)
2025/08/29 10:53:17 fetching corpus: 4394, signal 157209/179483 (executing program)
2025/08/29 10:53:17 fetching corpus: 4444, signal 157638/179486 (executing program)
2025/08/29 10:53:17 fetching corpus: 4494, signal 158279/179490 (executing program)
2025/08/29 10:53:17 fetching corpus: 4544, signal 158977/179505 (executing program)
2025/08/29 10:53:17 fetching corpus: 4594, signal 159326/179523 (executing program)
2025/08/29 10:53:17 fetching corpus: 4644, signal 160060/179525 (executing program)
2025/08/29 10:53:17 fetching corpus: 4694, signal 160554/179536 (executing program)
2025/08/29 10:53:17 fetching corpus: 4744, signal 161030/179538 (executing program)
2025/08/29 10:53:17 fetching corpus: 4794, signal 161556/179543 (executing program)
2025/08/29 10:53:17 fetching corpus: 4844, signal 162147/179591 (executing program)
2025/08/29 10:53:17 fetching corpus: 4894, signal 162524/179607 (executing program)
2025/08/29 10:53:18 fetching corpus: 4944, signal 162849/179609 (executing program)
2025/08/29 10:53:18 fetching corpus: 4994, signal 163436/179661 (executing program)
2025/08/29 10:53:18 fetching corpus: 5044, signal 163986/179751 (executing program)
2025/08/29 10:53:18 fetching corpus: 5094, signal 164469/179768 (executing program)
2025/08/29 10:53:18 fetching corpus: 5144, signal 164805/179776 (executing program)
2025/08/29 10:53:18 fetching corpus: 5194, signal 165397/179791 (executing program)
2025/08/29 10:53:18 fetching corpus: 5244, signal 165656/179809 (executing program)
2025/08/29 10:53:18 fetching corpus: 5294, signal 166218/179816 (executing program)
2025/08/29 10:53:18 fetching corpus: 5344, signal 166727/179830 (executing program)
2025/08/29 10:53:18 fetching corpus: 5394, signal 167078/179877 (executing program)
2025/08/29 10:53:18 fetching corpus: 5444, signal 167389/179885 (executing program)
2025/08/29 10:53:19 fetching corpus: 5494, signal 167761/179901 (executing program)
2025/08/29 10:53:19 fetching corpus: 5544, signal 168082/179901 (executing program)
2025/08/29 10:53:19 fetching corpus: 5594, signal 168406/179954 (executing program)
2025/08/29 10:53:19 fetching corpus: 5644, signal 168702/179959 (executing program)
2025/08/29 10:53:19 fetching corpus: 5694, signal 169041/179960 (executing program)
2025/08/29 10:53:19 fetching corpus: 5744, signal 169467/179969 (executing program)
2025/08/29 10:53:19 fetching corpus: 5794, signal 169701/179984 (executing program)
2025/08/29 10:53:19 fetching corpus: 5844, signal 170038/179990 (executing program)
2025/08/29 10:53:19 fetching corpus: 5894, signal 170462/179990 (executing program)
2025/08/29 10:53:19 fetching corpus: 5944, signal 170785/180000 (executing program)
2025/08/29 10:53:19 fetching corpus: 5994, signal 171028/180001 (executing program)
2025/08/29 10:53:20 fetching corpus: 6044, signal 171447/180014 (executing program)
2025/08/29 10:53:20 fetching corpus: 6094, signal 171729/180018 (executing program)
2025/08/29 10:53:20 fetching corpus: 6144, signal 172118/180041 (executing program)
2025/08/29 10:53:20 fetching corpus: 6194, signal 172361/180061 (executing program)
2025/08/29 10:53:20 fetching corpus: 6244, signal 172702/180074 (executing program)
2025/08/29 10:53:20 fetching corpus: 6294, signal 173015/180090 (executing program)
2025/08/29 10:53:20 fetching corpus: 6344, signal 173280/180094 (executing program)
2025/08/29 10:53:20 fetching corpus: 6394, signal 173541/180103 (executing program)
2025/08/29 10:53:20 fetching corpus: 6444, signal 173789/180114 (executing program)
2025/08/29 10:53:20 fetching corpus: 6494, signal 174313/180158 (executing program)
2025/08/29 10:53:20 fetching corpus: 6544, signal 174657/180161 (executing program)
2025/08/29 10:53:20 fetching corpus: 6594, signal 174943/180182 (executing program)
2025/08/29 10:53:21 fetching corpus: 6644, signal 175310/180183 (executing program)
2025/08/29 10:53:21 fetching corpus: 6694, signal 175637/180214 (executing program)
2025/08/29 10:53:21 fetching corpus: 6744, signal 176063/180217 (executing program)
2025/08/29 10:53:21 fetching corpus: 6794, signal 176374/180218 (executing program)
2025/08/29 10:53:21 fetching corpus: 6844, signal 176841/180219 (executing program)
2025/08/29 10:53:21 fetching corpus: 6867, signal 176954/180233 (executing program)
2025/08/29 10:53:21 fetching corpus: 6867, signal 176954/180233 (executing program)
2025/08/29 10:53:23 starting 8 fuzzer processes
10:53:23 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='maps\x00')
read(r0, &(0x7f0000000300)=""/4096, 0x1000)
10:53:23 executing program 1:
prctl$PR_SET_MM(0x25, 0xf0ff1f00000000, &(0x7f0000ffc000/0x2000)=nil)
10:53:23 executing program 4:
clock_nanosleep(0xb, 0x0, &(0x7f0000000080), 0x0)
10:53:23 executing program 7:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:53:23 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000080), 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
10:53:23 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x2, &(0x7f0000000080))
[ 77.225612] audit: type=1400 audit(1756464803.752:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:53:23 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0)
10:53:23 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x2201, 0x0)
close(r0)
[ 78.403548] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 78.407481] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 78.409365] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 78.418563] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 78.423148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 78.606781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 78.611948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 78.615882] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 78.617161] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 78.620420] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 78.623752] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 78.625902] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 78.631680] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 78.633380] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 78.635942] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 78.668059] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 78.680923] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 78.685523] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 78.693997] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 78.697136] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 78.701841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 78.706260] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 78.707933] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 78.710250] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 78.720872] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 78.723752] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 78.725151] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 78.727580] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 78.737164] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 78.743907] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 78.745700] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 78.747178] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 78.752069] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 78.758584] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 78.759408] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 78.762211] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 78.764125] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 78.765806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 78.771829] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 78.776687] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 80.499871] Bluetooth: hci0: command tx timeout
[ 80.691434] Bluetooth: hci2: command tx timeout
[ 80.692890] Bluetooth: hci1: command tx timeout
[ 80.818932] Bluetooth: hci6: command tx timeout
[ 80.820001] Bluetooth: hci7: command tx timeout
[ 80.821012] Bluetooth: hci3: command tx timeout
[ 80.822626] Bluetooth: hci5: command tx timeout
[ 80.882608] Bluetooth: hci4: command tx timeout
[ 82.546341] Bluetooth: hci0: command tx timeout
[ 82.738413] Bluetooth: hci2: command tx timeout
[ 82.738876] Bluetooth: hci1: command tx timeout
[ 82.866470] Bluetooth: hci3: command tx timeout
[ 82.866896] Bluetooth: hci7: command tx timeout
[ 82.867270] Bluetooth: hci6: command tx timeout
[ 82.868418] Bluetooth: hci5: command tx timeout
[ 82.930355] Bluetooth: hci4: command tx timeout
[ 84.595332] Bluetooth: hci0: command tx timeout
[ 84.788312] Bluetooth: hci1: command tx timeout
[ 84.788333] Bluetooth: hci2: command tx timeout
[ 84.914902] Bluetooth: hci5: command tx timeout
[ 84.914929] Bluetooth: hci6: command tx timeout
[ 84.915487] Bluetooth: hci7: command tx timeout
[ 84.915517] Bluetooth: hci3: command tx timeout
[ 84.978320] Bluetooth: hci4: command tx timeout
[ 86.643345] Bluetooth: hci0: command tx timeout
[ 86.834397] Bluetooth: hci2: command tx timeout
[ 86.835352] Bluetooth: hci1: command tx timeout
[ 86.962368] Bluetooth: hci6: command tx timeout
[ 86.962395] Bluetooth: hci5: command tx timeout
[ 86.962783] Bluetooth: hci3: command tx timeout
[ 86.963205] Bluetooth: hci7: command tx timeout
[ 87.027933] Bluetooth: hci4: command tx timeout
[ 116.929338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.929994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.064782] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.065469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.511442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.512067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0)
[ 117.619680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.620761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0)
10:54:04 executing program 6:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0)
[ 117.755431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.756056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'})
[ 117.881513] audit: type=1400 audit(1756464844.405:8): avc: denied { open } for pid=3839 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 117.887172] audit: type=1400 audit(1756464844.406:9): avc: denied { kernel } for pid=3839 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 117.900003] syz-executor.6 uses obsolete (PF_INET,SOCK_PACKET)
[ 117.912160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.912856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.947462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.948056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'})
[ 118.061042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.061682] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'})
[ 118.131490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.132097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'})
[ 118.295036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.295703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:04 executing program 1:
prctl$PR_SET_MM(0x25, 0xf0ff1f00000000, &(0x7f0000ffc000/0x2000)=nil)
[ 118.424956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.425637] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.466604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.467187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.634669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.635308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.713669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.714622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.775348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.775970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.848174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.848834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:54:05 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='maps\x00')
read(r0, &(0x7f0000000300)=""/4096, 0x1000)
10:54:05 executing program 1:
prctl$PR_SET_MM(0x25, 0xf0ff1f00000000, &(0x7f0000ffc000/0x2000)=nil)
10:54:05 executing program 4:
clock_nanosleep(0xb, 0x0, &(0x7f0000000080), 0x0)
10:54:05 executing program 7:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:54:05 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x2201, 0x0)
close(r0)
10:54:05 executing program 2:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:54:05 executing program 6:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x43901, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0xfdef)
ioctl$TCXONC(r0, 0x540a, 0x2)
10:54:05 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000080), 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
10:54:05 executing program 1:
prctl$PR_SET_MM(0x25, 0xf0ff1f00000000, &(0x7f0000ffc000/0x2000)=nil)
10:54:05 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='maps\x00')
read(r0, &(0x7f0000000300)=""/4096, 0x1000)
10:54:05 executing program 2:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:54:05 executing program 4:
clock_nanosleep(0xb, 0x0, &(0x7f0000000080), 0x0)
10:54:05 executing program 7:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:54:05 executing program 6:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x43901, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0xfdef)
ioctl$TCXONC(r0, 0x540a, 0x2)
10:54:05 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x2201, 0x0)
close(r0)
10:54:05 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000080), 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
10:54:05 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x43901, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0xfdef)
ioctl$TCXONC(r0, 0x540a, 0x2)
10:54:05 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='maps\x00')
read(r0, &(0x7f0000000300)=""/4096, 0x1000)
10:54:05 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000080), 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
10:54:06 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x43901, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0xfdef)
ioctl$TCXONC(r0, 0x540a, 0x2)
10:54:06 executing program 4:
clock_nanosleep(0xb, 0x0, &(0x7f0000000080), 0x0)
10:54:06 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x2201, 0x0)
close(r0)
10:54:06 executing program 6:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x43901, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0xfdef)
ioctl$TCXONC(r0, 0x540a, 0x2)
10:54:06 executing program 2:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:54:06 executing program 7:
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40104593, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, "62f8b25709e8bcd565ce55b43f1b32ca1a92ee3e601215918b489efb7cafc715"})
close_range(r0, 0xffffffffffffffff, 0x0)
10:54:06 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f00000000c0)={0x5, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}}}, 0x88)
10:54:06 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ifreq(r0, 0x8947, &(0x7f00000000c0)={'gretap0\x00', @ifru_hwaddr})
[ 119.617882] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 119.619250] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 119.620127] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.622822] Tainted: [W]=WARN
[ 119.623672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.625520] RIP: 0010:perf_tp_event+0x175/0xe70
[ 119.626794] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 119.631717] RSP: 0018:ffff888045c37800 EFLAGS: 00010212
[ 119.632341] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 119.633157] RDX: ffff8880158a1b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 119.633988] RBP: ffff888045c37a70 R08: ffff88806ce31340 R09: ffffe8ffffc15328
[ 119.634814] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 119.635619] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 119.636441] FS: 0000555574f61400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 119.637378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.638056] CR2: 0000001b2d523000 CR3: 000000000d26e000 CR4: 0000000000350ef0
[ 119.638890] Call Trace:
[ 119.639195]
[ 119.639473] ? __pfx_perf_tp_event+0x10/0x10
[ 119.639997] ? __virt_addr_valid+0x2e8/0x5d0
[ 119.640533] ? perf_trace_lock+0xb5/0x5d0
[ 119.641028] ? perf_trace_lock+0xb5/0x5d0
[ 119.641520] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.642067] ? __lock_acquire+0xc65/0x1b70
[ 119.642563] ? perf_trace_run_bpf_submit+0xef/0x180
[ 119.643139] perf_trace_run_bpf_submit+0xef/0x180
[ 119.643712] perf_trace_lock+0x337/0x5d0
[ 119.644188] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.644734] ? lock_acquire+0x15e/0x2f0
[ 119.645195] ? futex_ref_get+0x48/0x300
[ 119.645667] ? futex_ref_get+0x114/0x300
[ 119.646136] ? futex_hash+0x15c/0x390
[ 119.646578] lock_release+0x1ab/0x290
[ 119.647027] ? futex_hash+0x15c/0x390
[ 119.647470] futex_ref_get+0x119/0x300
[ 119.647918] ? futex_hash+0x15c/0x390
[ 119.648358] futex_hash+0x70/0x390
[ 119.648774] futex_wake+0x143/0x540
[ 119.649208] ? fput+0x6a/0x100
[ 119.649606] ? fault_dirty_shared_page+0x17c/0x640
[ 119.650176] ? __pfx_futex_wake+0x10/0x10
[ 119.650660] ? __handle_mm_fault+0x753/0x3260
[ 119.651195] ? perf_trace_lock+0xb5/0x5d0
[ 119.651682] do_futex+0x26d/0x370
[ 119.652091] ? __pfx_do_futex+0x10/0x10
[ 119.652556] ? find_held_lock+0x2b/0x80
[ 119.653031] __x64_sys_futex+0x1c9/0x4d0
[ 119.653513] ? handle_mm_fault+0x302/0x9b0
[ 119.654010] ? __pfx___x64_sys_futex+0x10/0x10
[ 119.654546] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.655150] do_syscall_64+0xbf/0x360
[ 119.655595] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.656191] RIP: 0033:0x7f7867c10b19
[ 119.656621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 119.658697] RSP: 002b:00007ffd8ee773d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 119.659542] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7867c10b19
[ 119.660349] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7867d23f68
[ 119.661149] RBP: 00007f7867d23f60 R08: 00007f7867d200a0 R09: 0000000000000000
[ 119.661954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7867d28120
[ 119.662755] R13: 00007ffd8ee774e0 R14: 00007f7867d23f60 R15: 000000000001d2be
[ 119.663566]
[ 119.663835] Modules linked in:
[ 119.664337] ---[ end trace 0000000000000000 ]---
[ 119.664879] RIP: 0010:perf_tp_event+0x175/0xe70
[ 119.665451] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 119.667507] RSP: 0018:ffff888045c37800 EFLAGS: 00010212
[ 119.668116] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 119.668940] RDX: ffff8880158a1b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 119.669772] RBP: ffff888045c37a70 R08: ffff88806ce31340 R09: ffffe8ffffc15328
[ 119.670596] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 119.671418] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 119.672219] FS: 0000555574f61400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 119.673127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.673801] CR2: 0000001b2d523000 CR3: 000000000d26e000 CR4: 0000000000350ef0
[ 119.674614] note: syz-executor.6[3955] exited with preempt_count 1
[ 119.675325] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[ 119.676330] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3955, name: syz-executor.6
[ 119.677288] preempt_count: 0, expected: 0
[ 119.677755] RCU nest depth: 2, expected: 0
[ 119.678228] INFO: lockdep is turned off.
[ 119.678703] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.678728] Tainted: [D]=DIE, [W]=WARN
[ 119.678734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.678742] Call Trace:
10:54:06 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x43901, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[], 0xfdef)
ioctl$TCXONC(r0, 0x540a, 0x2)
[ 119.678748]
[ 119.678753] dump_stack_lvl+0xfa/0x120
[ 119.678778] __might_resched+0x2f3/0x510
[ 119.678796] exit_signals+0x25/0x940
[ 119.678821] do_exit+0x2db/0x2970
[ 119.678839] ? _printk+0xbe/0xf0
[ 119.678855] ? __pfx__printk+0x10/0x10
[ 119.678873] ? __pfx_do_exit+0x10/0x10
[ 119.678893] make_task_dead+0x174/0x3b0
[ 119.678911] ? do_syscall_64+0xbf/0x360
[ 119.678925] rewind_stack_and_make_dead+0x16/0x20
[ 119.678946] RIP: 0033:0x7f7867c10b19
[ 119.678957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 119.678972] RSP: 002b:00007ffd8ee773d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 119.678987] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7867c10b19
[ 119.678997] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7867d23f68
[ 119.679006] RBP: 00007f7867d23f60 R08: 00007f7867d200a0 R09: 0000000000000000
[ 119.679016] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7867d28120
[ 119.679026] R13: 00007ffd8ee774e0 R14: 00007f7867d23f60 R15: 000000000001d2be
[ 119.679040]
10:54:06 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7)
ftruncate(r0, 0x8800000)
[ 119.728373] kmemleak: Found object by alias at 0x607f1a63832c
[ 119.728394] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.728418] Tainted: [D]=DIE, [W]=WARN
[ 119.728424] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.728432] Call Trace:
[ 119.728437]
[ 119.728443] dump_stack_lvl+0xca/0x120
[ 119.728474] __lookup_object+0x94/0xb0
[ 119.728494] delete_object_full+0x27/0x70
[ 119.728514] free_percpu+0x30/0x1160
[ 119.728535] ? arch_uprobe_clear_state+0x16/0x140
[ 119.728558] futex_hash_free+0x38/0xc0
[ 119.728574] mmput+0x2d3/0x390
[ 119.728597] do_exit+0x79d/0x2970
[ 119.728614] ? signal_wake_up_state+0x85/0x120
[ 119.728633] ? zap_other_threads+0x2b9/0x3a0
[ 119.728652] ? __pfx_do_exit+0x10/0x10
[ 119.728669] ? do_group_exit+0x1c3/0x2a0
[ 119.728686] ? lock_release+0xc8/0x290
[ 119.728704] do_group_exit+0xd3/0x2a0
[ 119.728722] __x64_sys_exit_group+0x3e/0x50
[ 119.728740] x64_sys_call+0x18c5/0x18d0
[ 119.728760] do_syscall_64+0xbf/0x360
[ 119.728773] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.728788] RIP: 0033:0x7f0cb3d3cb19
[ 119.728799] Code: Unable to access opcode bytes at 0x7f0cb3d3caef.
[ 119.728806] RSP: 002b:00007ffc28d44cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 119.728820] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0cb3d3cb19
[ 119.728830] RDX: 00007f0cb3cef72b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 119.728840] RBP: 0000000000000000 R08: 0000001b2cf21318 R09: 0000000000000000
[ 119.728849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 119.728858] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc28d44de0
[ 119.728872]
[ 119.728877] kmemleak: Object (percpu) 0x607f1a638328 (size 8):
[ 119.728886] kmemleak: comm "syz-executor.0", pid 3956, jiffies 4294786442
[ 119.728895] kmemleak: min_count = 1
[ 119.728900] kmemleak: count = 0
[ 119.728905] kmemleak: flags = 0x21
[ 119.728910] kmemleak: checksum = 0
[ 119.728915] kmemleak: backtrace:
[ 119.728919] pcpu_alloc_noprof+0x87a/0x1170
[ 119.728939] perf_trace_event_init+0x366/0xa10
[ 119.728957] perf_trace_init+0x1a4/0x2f0
[ 119.728973] perf_tp_event_init+0xa6/0x120
[ 119.728993] perf_try_init_event+0x140/0x9f0
[ 119.729010] perf_event_alloc.part.0+0x118e/0x45f0
[ 119.729032] __do_sys_perf_event_open+0x719/0x2c20
[ 119.729048] do_syscall_64+0xbf/0x360
[ 119.729059] entry_SYSCALL_64_after_hwframe+0x77/0x7f
10:54:06 executing program 3:
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x11)
10:54:06 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)=0xd)
10:54:06 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ifreq(r0, 0x8947, &(0x7f00000000c0)={'gretap0\x00', @ifru_hwaddr})
10:54:06 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
ppoll(&(0x7f00000005c0)=[{r0}, {r2}, {r1}], 0x3, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x4000)
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x17)
[ 119.827697] kmemleak: Found object by alias at 0x607f1a63832c
[ 119.827716] CPU: 1 UID: 0 PID: 3976 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.827735] Tainted: [D]=DIE, [W]=WARN
[ 119.827739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.827746] Call Trace:
[ 119.827750]
[ 119.827754] dump_stack_lvl+0xca/0x120
[ 119.827778] __lookup_object+0x94/0xb0
[ 119.827794] delete_object_full+0x27/0x70
[ 119.827809] free_percpu+0x30/0x1160
[ 119.827826] ? arch_uprobe_clear_state+0x16/0x140
[ 119.827843] futex_hash_free+0x38/0xc0
[ 119.827857] mmput+0x2d3/0x390
[ 119.827875] do_exit+0x79d/0x2970
[ 119.827888] ? lock_release+0x1c7/0x290
[ 119.827902] ? __pfx_do_exit+0x10/0x10
[ 119.827914] ? do_raw_spin_lock+0x123/0x260
[ 119.827929] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 119.827945] do_group_exit+0xd3/0x2a0
[ 119.827958] get_signal+0x2315/0x2340
[ 119.827976] ? lock_release+0x1c7/0x290
[ 119.827989] ? __pfx_get_signal+0x10/0x10
[ 119.828005] ? do_futex+0x135/0x370
[ 119.828017] ? __pfx_do_futex+0x10/0x10
[ 119.828030] arch_do_signal_or_restart+0x80/0x790
[ 119.828049] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 119.828064] ? __x64_sys_futex+0x1c9/0x4d0
[ 119.828076] ? __x64_sys_futex+0x1d2/0x4d0
[ 119.828089] ? __pfx___x64_sys_futex+0x10/0x10
[ 119.828101] ? ksys_mmap_pgoff+0x85/0x520
[ 119.828117] exit_to_user_mode_loop+0x8b/0x110
[ 119.828129] do_syscall_64+0x2f7/0x360
[ 119.828140] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.828152] RIP: 0033:0x7f0cb3d3cb19
[ 119.828161] Code: Unable to access opcode bytes at 0x7f0cb3d3caef.
[ 119.828166] RSP: 002b:00007f0cb12b2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 119.828177] RAX: 0000000000000000 RBX: 00007f0cb3e4ff68 RCX: 00007f0cb3d3cb19
[ 119.828185] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0cb3e4ff68
[ 119.828192] RBP: 00007f0cb3e4ff60 R08: 0000000000000000 R09: 0000000000000000
[ 119.828199] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0cb3e4ff6c
[ 119.828206] R13: 00007ffc28d44acf R14: 00007f0cb12b2300 R15: 0000000000022000
[ 119.828216]
[ 119.828220] kmemleak: Object (percpu) 0x607f1a638328 (size 8):
[ 119.828227] kmemleak: comm "syz-executor.0", pid 3956, jiffies 4294786442
[ 119.828234] kmemleak: min_count = 1
[ 119.828241] kmemleak: count = 0
[ 119.828245] kmemleak: flags = 0x21
[ 119.828249] kmemleak: checksum = 0
[ 119.828252] kmemleak: backtrace:
[ 119.828256] pcpu_alloc_noprof+0x87a/0x1170
[ 119.828271] perf_trace_event_init+0x366/0xa10
[ 119.828284] perf_trace_init+0x1a4/0x2f0
[ 119.828295] perf_tp_event_init+0xa6/0x120
[ 119.828311] perf_try_init_event+0x140/0x9f0
[ 119.828323] perf_event_alloc.part.0+0x118e/0x45f0
[ 119.828339] __do_sys_perf_event_open+0x719/0x2c20
[ 119.828352] do_syscall_64+0xbf/0x360
[ 119.828361] entry_SYSCALL_64_after_hwframe+0x77/0x7f
10:54:06 executing program 3:
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x11)
[ 119.897618] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 119.898750] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 119.899595] CPU: 0 UID: 0 PID: 3986 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.900745] Tainted: [D]=DIE, [W]=WARN
[ 119.901115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.901910] RIP: 0010:perf_tp_event+0x175/0xe70
[ 119.902379] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 119.904117] RSP: 0018:ffff888045e57600 EFLAGS: 00010212
[ 119.904635] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000340f000
[ 119.905318] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 119.906009] RBP: ffff888045e57870 R08: ffff88806ce31340 R09: ffffe8ffffc15328
[ 119.906690] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 119.907376] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 119.908062] FS: 00007f0cb12b2700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 119.908833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.909393] CR2: 0000555575c13c18 CR3: 000000001e480000 CR4: 0000000000350ef0
[ 119.910089] Call Trace:
[ 119.910346]
[ 119.910580] ? __pfx_perf_tp_event+0x10/0x10
[ 119.911044] ? perf_trace_run_bpf_submit+0xef/0x180
[ 119.911537] perf_trace_run_bpf_submit+0xef/0x180
[ 119.912016] perf_trace_lock+0x337/0x5d0
[ 119.912420] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.912870] ? get_futex_key+0x592/0x14a0
[ 119.913270] ? futex_ref_get+0x114/0x300
[ 119.913671] ? futex_hash+0x15c/0x390
[ 119.914043] lock_release+0x1ab/0x290
[ 119.914419] ? futex_hash+0x15c/0x390
[ 119.914790] futex_ref_get+0x119/0x300
[ 119.915167] ? futex_hash+0x15c/0x390
[ 119.915533] futex_hash+0x70/0x390
[ 119.915884] futex_wait_setup+0xae/0x550
[ 119.916283] __futex_wait+0x151/0x300
[ 119.916660] ? __pfx___futex_wait+0x10/0x10
[ 119.917085] ? __pfx_futex_wake_mark+0x10/0x10
[ 119.917552] futex_wait+0xde/0x380
[ 119.917905] ? __pfx_futex_wait+0x10/0x10
[ 119.918307] ? perf_trace_lock+0xb5/0x5d0
[ 119.918711] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 119.919209] ? do_vfs_ioctl+0x125/0x1470
[ 119.919610] do_futex+0x2ee/0x370
[ 119.919955] ? __pfx_do_futex+0x10/0x10
[ 119.920336] ? build_sched_domains+0x2744/0x53d0
[ 119.920800] ? do_raw_spin_lock+0x123/0x260
[ 119.921221] __x64_sys_futex+0x1c9/0x4d0
[ 119.921631] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.922131] ? __pfx___x64_sys_futex+0x10/0x10
[ 119.922573] ? kcov_ioctl+0x386/0x6c0
[ 119.922945] ? fput+0x6a/0x100
[ 119.923268] do_syscall_64+0xbf/0x360
[ 119.923640] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.924134] RIP: 0033:0x7f0cb3d3cb19
[ 119.924494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 119.926204] RSP: 002b:00007f0cb12b2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 119.926917] RAX: ffffffffffffffda RBX: 00007f0cb3e4ff68 RCX: 00007f0cb3d3cb19
[ 119.927588] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0cb3e4ff68
[ 119.928258] RBP: 00007f0cb3e4ff60 R08: 00007f0cb12b2700 R09: 0000000000000000
[ 119.928938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0cb3e4ff6c
[ 119.929614] R13: 00007ffc28d44acf R14: 00007f0cb12b2300 R15: 0000000000022000
[ 119.930292]
[ 119.930518] Modules linked in:
[ 119.930859] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 119.931907] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 119.932714] CPU: 0 UID: 0 PID: 3986 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 119.933830] Tainted: [D]=DIE, [W]=WARN
[ 119.934193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 119.934961] RIP: 0010:perf_tp_event+0x175/0xe70
[ 119.935411] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 119.937104] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[ 119.937607] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 119.938269] RDX: ffff888017741b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 119.938939] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15328
[ 119.939610] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[ 119.940274] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[ 119.940934] FS: 00007f0cb12b2700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 119.941686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.942227] CR2: 0000555575c13c18 CR3: 000000001e480000 CR4: 0000000000350ef0
[ 119.942891] Call Trace:
[ 119.943136]
[ 119.943350] ? __pfx_perf_tp_event+0x10/0x10
[ 119.943771] ? perf_trace_lock+0xb5/0x5d0
[ 119.944162] ? perf_trace_lock+0xb5/0x5d0
[ 119.944557] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.944991] ? trace_softirq_raise+0xbe/0x100
[ 119.945430] ? trace_rcu_utilization+0x26/0x190
[ 119.945878] ? rcu_sched_clock_irq+0x7a0/0x2b40
[ 119.946323] ? css_rstat_updated+0x1b8/0x4d0
[ 119.946750] ? select_task_rq_fair+0x48c/0x38b0
[ 119.947190] ? perf_trace_lock+0xb5/0x5d0
[ 119.947589] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.948021] ? __smp_call_single_queue+0x15b/0x2f0
[ 119.948490] ? __pfx___smp_call_single_queue+0x10/0x10
[ 119.948990] ? perf_trace_run_bpf_submit+0xef/0x180
[ 119.949467] perf_trace_run_bpf_submit+0xef/0x180
[ 119.949931] perf_trace_lock+0x337/0x5d0
[ 119.950320] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.950750] ? rcu_core+0x140a/0x1800
[ 119.951113] ? lock_release+0x1c7/0x290
[ 119.951486] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.951979] ? hrtimer_interrupt+0x114/0x830
[ 119.952396] lock_release+0x1ab/0x290
[ 119.952759] ktime_get_update_offsets_now+0xab/0x3c0
[ 119.953235] ? hrtimer_interrupt+0x114/0x830
[ 119.953654] ? __pfx_rcu_core+0x10/0x10
[ 119.954034] hrtimer_interrupt+0x114/0x830
[ 119.954433] ? __pfx_do_sync_core+0x10/0x10
[ 119.954841] ? trace_csd_function_exit+0x134/0x190
[ 119.955306] ? __flush_smp_call_function_queue+0x28c/0x740
[ 119.955832] __sysvec_apic_timer_interrupt+0xbb/0x330
[ 119.956318] sysvec_apic_timer_interrupt+0x6b/0x80
[ 119.956781]
[ 119.956995]
[ 119.957211] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 119.957706] RIP: 0010:oops_exit+0x0/0x50
[ 119.958096] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[ 119.959769] RSP: 0018:ffff888045e57490 EFLAGS: 00000202
[ 119.960263] RAX: 0000000000026f2a RBX: 0000000000000212 RCX: ffffc9000340f000
[ 119.960917] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 119.961577] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[ 119.962229] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888045e57558
[ 119.962884] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 119.963545] ? oops_end+0x4a/0xe0
[ 119.963882] oops_end+0x65/0xe0
[ 119.964200] exc_general_protection+0x1a2/0x330
[ 119.964643] asm_exc_general_protection+0x26/0x30
[ 119.965091] RIP: 0010:perf_tp_event+0x175/0xe70
[ 119.965534] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 119.967197] RSP: 0018:ffff888045e57600 EFLAGS: 00010212
[ 119.967687] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000340f000
[ 119.968340] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 119.968995] RBP: ffff888045e57870 R08: ffff88806ce31340 R09: ffffe8ffffc15328
[ 119.969651] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 119.970303] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 119.970963] ? perf_tp_event+0x167/0xe70
[ 119.971350] ? __pfx_perf_tp_event+0x10/0x10
[ 119.971794] ? perf_trace_run_bpf_submit+0xef/0x180
[ 119.972257] perf_trace_run_bpf_submit+0xef/0x180
[ 119.972711] perf_trace_lock+0x337/0x5d0
[ 119.973089] ? __pfx_perf_trace_lock+0x10/0x10
[ 119.973523] ? get_futex_key+0x592/0x14a0
[ 119.973904] ? futex_ref_get+0x114/0x300
[ 119.974277] ? futex_hash+0x15c/0x390
[ 119.974631] lock_release+0x1ab/0x290
[ 119.974989] ? futex_hash+0x15c/0x390
[ 119.975345] futex_ref_get+0x119/0x300
[ 119.975706] ? futex_hash+0x15c/0x390
[ 119.976059] futex_hash+0x70/0x390
[ 119.976394] futex_wait_setup+0xae/0x550
[ 119.976781] __futex_wait+0x151/0x300
[ 119.977142] ? __pfx___futex_wait+0x10/0x10
[ 119.977552] ? __pfx_futex_wake_mark+0x10/0x10
[ 119.977989] futex_wait+0xde/0x380
[ 119.978328] ? __pfx_futex_wait+0x10/0x10
[ 119.978716] ? perf_trace_lock+0xb5/0x5d0
[ 119.979103] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 119.979580] ? do_vfs_ioctl+0x125/0x1470
[ 119.979962] do_futex+0x2ee/0x370
[ 119.980289] ? __pfx_do_futex+0x10/0x10
[ 119.980657] ? build_sched_domains+0x2744/0x53d0
[ 119.981095] ? do_raw_spin_lock+0x123/0x260
[ 119.981508] __x64_sys_futex+0x1c9/0x4d0
[ 119.981887] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 119.982372] ? __pfx___x64_sys_futex+0x10/0x10
[ 119.982800] ? kcov_ioctl+0x386/0x6c0
[ 119.983155] ? fput+0x6a/0x100
[ 119.983466] do_syscall_64+0xbf/0x360
[ 119.983821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.984283] RIP: 0033:0x7f0cb3d3cb19
[ 119.984620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 119.986239] RSP: 002b:00007f0cb12b2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 119.986912] RAX: ffffffffffffffda RBX: 00007f0cb3e4ff68 RCX: 00007f0cb3d3cb19
[ 119.987549] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0cb3e4ff68
[ 119.988180] RBP: 00007f0cb3e4ff60 R08: 00007f0cb12b2700 R09: 0000000000000000
[ 119.988818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0cb3e4ff6c
[ 119.989457] R13: 00007ffc28d44acf R14: 00007f0cb12b2300 R15: 0000000000022000
[ 119.990105]
[ 119.990323] Modules linked in:
[ 119.990616] ---[ end trace 0000000000000000 ]---
[ 119.991035] RIP: 0010:perf_tp_event+0x175/0xe70
[ 119.991465] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 119.993080] RSP: 0018:ffff888045c37800 EFLAGS: 00010212
[ 119.993562] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 119.994198] RDX: ffff8880158a1b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 119.994833] RBP: ffff888045c37a70 R08: ffff88806ce31340 R09: ffffe8ffffc15328
[ 119.995467] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 119.996100] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 119.996726] FS: 00007f0cb12b2700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 119.997443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.997961] CR2: 0000555575c13c18 CR3: 000000001e480000 CR4: 0000000000350ef0
[ 119.998593] Kernel panic - not syncing: Fatal exception in interrupt
[ 119.999255] Kernel Offset: disabled
[ 119.999581] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
10:54:06 Registers:
info registers vcpu 0
RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888045c37158
R8 =0000000000000000 R9 =ffffed1001650046 R10=0000000000000000 R11=30376578302f4952
R12=0000000000000005 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555574f61400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d523000 CR3=000000000d26e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00ff0000000000000000000000000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f7867cf77c800007f7867cf77c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff88800f38b700
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804795f988
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055557bb4b400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000004 CR3=000000001e321000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=0000ff000000000000000000000000ff
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f86d776e7c800007f86d776e7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000